SUSE-SU-2022:4636-1

Опубликовано: 29 дек. 2022

Источник: suse-cvrf

Описание

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues:

Update to version 102.6.1

fixed: Remote content did not load in user-defined signatures
fixed: Addons that added new action buttons were not shown for addon upgrades, requiring removal and reinstall
fixed: Various stability improvements
CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions (bsc#1206653)

Список пакетов

SUSE Linux Enterprise Module for Package Hub 15 SP4

MozillaThunderbird-102.6.1-150200.8.99.1

MozillaThunderbird-translations-common-102.6.1-150200.8.99.1

MozillaThunderbird-translations-other-102.6.1-150200.8.99.1

SUSE Linux Enterprise Workstation Extension 15 SP4

MozillaThunderbird-102.6.1-150200.8.99.1

MozillaThunderbird-translations-common-102.6.1-150200.8.99.1

MozillaThunderbird-translations-other-102.6.1-150200.8.99.1

openSUSE Leap 15.4

MozillaThunderbird-102.6.1-150200.8.99.1

MozillaThunderbird-translations-common-102.6.1-150200.8.99.1

MozillaThunderbird-translations-other-102.6.1-150200.8.99.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20224636-1/
Link for SUSE-SU-2022:4636-1
https://lists.suse.com/pipermail/sle-security-updates/2022-December/013380.html
E-Mail link for SUSE-SU-2022:4636-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1206653
SUSE Bug 1206653
https://www.suse.com/security/cve/CVE-2022-46874/
SUSE CVE CVE-2022-46874 page

Описание

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6.

Затронутые продукты

SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-102.6.1-150200.8.99.1

SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-common-102.6.1-150200.8.99.1

SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-other-102.6.1-150200.8.99.1

SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-102.6.1-150200.8.99.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-46874.html
CVE-2022-46874
https://bugzilla.suse.com/1206242
SUSE Bug 1206242
https://bugzilla.suse.com/1206653
SUSE Bug 1206653

SUSE-SU-2022:4636-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Package Hub 15 SP4

SUSE Linux Enterprise Workstation Extension 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-46874

Описание

Затронутые продукты

Ссылки