Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:1583-1

Опубликовано: 18 июн. 2019
Источник: suse-cvrf

Описание

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following security issues:

  • CVE-2019-11703: Fixed a heap-based buffer overflow in icalmemorystrdupanddequote() (bsc#1137595).
  • CVE-2019-11704: Fixed a heap-based buffer overflow in parser_get_next_char() (bsc#1137595).
  • CVE-2019-11705: Fixed a stack-based buffer overflow in icalrecur_add_bydayrules() (bsc#1137595).
  • CVE-2019-11706: Fixed a type confusion in icaltimezone_get_vtimezone_properties() (bsc#1137595).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0
MozillaThunderbird-60.7.0-lp151.2.4.1
MozillaThunderbird-buildsymbols-60.7.0-lp151.2.4.1
MozillaThunderbird-translations-common-60.7.0-lp151.2.4.1
MozillaThunderbird-translations-other-60.7.0-lp151.2.4.1
openSUSE Leap 15.1
MozillaThunderbird-60.7.0-lp151.2.4.1
MozillaThunderbird-buildsymbols-60.7.0-lp151.2.4.1
MozillaThunderbird-translations-common-60.7.0-lp151.2.4.1
MozillaThunderbird-translations-other-60.7.0-lp151.2.4.1

Ссылки

Описание

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.

Затронутые продукты
openSUSE Leap 15.0:MozillaThunderbird-60.7.0-lp151.2.4.1
openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.7.0-lp151.2.4.1
openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.7.0-lp151.2.4.1
openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.7.0-lp151.2.4.1
Ссылки

Описание

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.

Затронутые продукты
openSUSE Leap 15.0:MozillaThunderbird-60.7.0-lp151.2.4.1
openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.7.0-lp151.2.4.1
openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.7.0-lp151.2.4.1
openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.7.0-lp151.2.4.1
Ссылки

Описание

A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.

Затронутые продукты
openSUSE Leap 15.0:MozillaThunderbird-60.7.0-lp151.2.4.1
openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.7.0-lp151.2.4.1
openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.7.0-lp151.2.4.1
openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.7.0-lp151.2.4.1
Ссылки

Описание

A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1.

Затронутые продукты
openSUSE Leap 15.0:MozillaThunderbird-60.7.0-lp151.2.4.1
openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.7.0-lp151.2.4.1
openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.7.0-lp151.2.4.1
openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.7.0-lp151.2.4.1
Ссылки
Уязвимость openSUSE-SU-2019:1583-1