Описание
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird was updated to 78.5.1 (MFSA 2020-53, bsc#1179530)
- CVE-2020-26970: Fixed a stack overflow due to incorrect parsing of SMTP server response codes.
- Various bug fixes
Список пакетов
SUSE Linux Enterprise Workstation Extension 15 SP1
MozillaThunderbird-78.5.1-3.110.2
MozillaThunderbird-translations-common-78.5.1-3.110.2
MozillaThunderbird-translations-other-78.5.1-3.110.2
Ссылки
- Link for SUSE-SU-2020:3642-1
- E-Mail link for SUSE-SU-2020:3642-1
- SUSE Security Ratings
- SUSE Bug 1179530
- SUSE CVE CVE-2020-26970 page
Описание
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.
Затронутые продукты
SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-78.5.1-3.110.2
SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-common-78.5.1-3.110.2
SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-other-78.5.1-3.110.2
Ссылки
- CVE-2020-26970
- SUSE Bug 1179530