Updated thunderbird packages fix security vulnerabilities & bugs
Publication date: 29 Nov 2017Modification date: 29 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-7828 , CVE-2017-7830 , CVE-2017-7826
Description
The updated packages fix several bugs and some security issues:
Use-after-free of PressShell while restyling layout. (CVE-2017-7828)
Cross-origin URL information leak through Resource Timing API.
(CVE-2017-7830)
Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5, and
Thunderbird 52.5. (CVE-2017-7826)
References
- https://bugs.mageia.org/show_bug.cgi?id=22079
- https://www.mozilla.org/en-US/thunderbird/52.5.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826
SRPMS
5/core
- thunderbird-52.5.0-1.mga5
- thunderbird-l10n-52.5.0-1.mga5
6/core
- thunderbird-52.5.0-1.mga6
- thunderbird-l10n-52.5.0-1.mga6