Updated thunderbird packages fix security vulnerability
Publication date: 18 Aug 2020Modification date: 18 Aug 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-6463 , CVE-2020-6514 , CVE-2020-15652 , CVE-2020-15659
Description
Potential leak of redirect targets when loading scripts in a worker.
(CVE-2020-15652)
WebRTC data channel leaks internal address to peer. (CVE-2020-6514)
Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture. (CVE-2020-6463)
Memory safety bugs fixed in Thunderbird 68.11. (CVE-2020-15659)
References
- https://bugs.mageia.org/show_bug.cgi?id=27025
- https://www.thunderbird.net/en-US/thunderbird/68.11.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/
- https://access.redhat.com/errata/RHSA-2020:3344
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15652
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15659
SRPMS
7/core
- thunderbird-68.11.0-1.mga7
- thunderbird-l10n-68.11.0-1.mga7