Updated thunderbird packages fix security vulnerabilities
Publication date: 16 Mar 2016Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1952 , CVE-2016-1954 , CVE-2016-1957 , CVE-2016-1960 , CVE-2016-1961 , CVE-2016-1964 , CVE-2016-1966 , CVE-2016-1974 , CVE-2016-1977 , CVE-2016-2790 , CVE-2016-2791 , CVE-2016-2792 , CVE-2016-2793 , CVE-2016-2794 , CVE-2016-2795 , CVE-2016-2796 , CVE-2016-2797 , CVE-2016-2798 , CVE-2016-2799 , CVE-2016-2800 , CVE-2016-2801 , CVE-2016-2802
Description
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1974, CVE-2016-1964, CVE-2016-1966). Multiple security flaws were found in the graphite2 font library shipped with Thunderbird. A web page containing malicious content could cause it to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802).
References
- https://bugs.mageia.org/show_bug.cgi?id=18006
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
- https://rhn.redhat.com/errata/RHSA-2016-0460.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802
SRPMS
5/core
- thunderbird-38.7.0-1.mga5
- thunderbird-l10n-38.7.0-1.mga5