Advisories ยป MGASA-2024-0006

Updated thunderbird thunderbird-l10n packages fix security vulnerabilities

Publication date: 12 Jan 2024
Modification date: 12 Jan 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-6856 , CVE-2023-6857 , CVE-2023-6858 , CVE-2023-6859 , CVE-2023-6860 , CVE-2023-6861 , CVE-2023-6862 , CVE-2023-6863 , CVE-2023-6864 , CVE-2023-50761 , CVE-2023-50762

Description

The updated packages fix security vulnerabilities:
Truncated signed text was shown with a valid OpenPGP signature.
(CVE-2023-50762)
S/MIME signature accepted despite mismatching message date.
(CVE-2023-50761)
Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with
Mesa VM driver. (CVE-2023-6856)
Symlinks may resolve to smaller than expected buffers. (CVE-2023-6857)
Heap buffer overflow in nsTextFragment. (CVE-2023-6858)
Use-after-free in PR_GetIdentitiesLayer. (CVE-2023-6859)
Potential sandbox escape due to VideoBridge lack of texture validation.
(CVE-2023-6860)
Heap buffer overflow affected nsWindow::PickerOpen(void) in headless
mode. (CVE-2023-6861)
Use-after-free in nsDNSService. (CVE-2023-6862)
Undefined behavior in ShutdownObserver(). (CVE-2023-6863)
Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and
Thunderbird 115.6. (CVE-2023-6864)

References

SRPMS

9/core