Updated thunderbird packages fix security vulnerability and bugs
Publication date: 19 Jun 2017Modification date: 19 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-5472 , CVE-2017-7749 , CVE-2017-7750 , CVE-2017-7751 , CVE-2017-7752 , CVE-2017-7754 , CVE-2017-7756 , CVE-2017-7757 , CVE-2017-7778 , CVE-2017-7758 , CVE-2017-7763 , CVE-2017-7764 , CVE-2017-7765 , CVE-2017-5470
Description
* Use-after-free using destroyed node when regenerating trees (CVE-2017-5472). * Use-after-free during docshell reloading (CVE-2017-7749). * Use-after-free with track elements (CVE-2017-7750). * Use-after-free with content viewer listeners (CVE-2017-7751). * Use-after-free with IME input (CVE-2017-7752). * Out-of-bounds read in WebGL with ImageInfo object (CVE-2017-7754). * Use-after-free and use-after-scope logging XHR header errors (CVE-2017-7756). * Use-after-free in IndexedDB (CVE-2017-7757). * Vulnerabilities in the Graphite 2 library (CVE-2017-7778). * Out-of-bounds read in Opus encoder (CVE-2017-7758). * Mac fonts render some unicode characters as spaces (CVE-2017-7763). * Domain spoofing with combination of Canadian Syllabics and other unicode blocks (CVE-2017-7764). * Mark of the Web bypass when saving executable files (CVE-2017-7765). * Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2, and Thunderbird 52.2 (CVE-2017-5470). * plus various bug fixes.
References
- https://bugs.mageia.org/show_bug.cgi?id=21091
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7763
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7765
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470
SRPMS
5/core
- thunderbird-52.2.0-1.mga5
- thunderbird-l10n-52.2.0-1.mga5