Updated thunderbird packages fix security vulnerabilities
Publication date: 30 May 2018Modification date: 30 May 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-5150 , CVE-2018-5154 , CVE-2018-5155 , CVE-2018-5159 , CVE-2018-5161 , CVE-2018-5162 , CVE-2018-5168 , CVE-2018-5170 , CVE-2018-5178 , CVE-2018-5183 , CVE-2018-5184 , CVE-2018-5185
Description
Updated thunderbird packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (CVE-2018-5150). Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154). Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155). Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159). Mozilla: Hang via malformed headers (CVE-2018-5161). Mozilla: Encrypted mail leaks plaintext through src attribute (CVE-2018-5162). Mozilla: Lightweight themes can be installed without user interaction (CVE-2018-5168). Mozilla: Filename spoofing for external attachments (CVE-2018-5170). Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (CVE-2018-5178). Mozilla: Backport critical security fixes in Skia (CVE-2018-5183). Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack (CVE-2018-5184). Mozilla: Leaking plaintext through HTML forms (CVE-2018-5185).
References
- https://bugs.mageia.org/show_bug.cgi?id=23057
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/
- https://www.thunderbird.net/en-US/thunderbird/52.8.0/releasenotes/
- https://access.redhat.com/errata/RHSA-2018:1725
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5161
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5162
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5170
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5184
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5185
SRPMS
6/core
- thunderbird-52.8.0-4.mga6
- thunderbird-l10n-52.8.0-1.mga6