Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] openSUSE-SU-2016:0894-1: important: Security update for MozillaThunderbird

Recommended Posts

openSUSE Security Update: Security update for MozillaThunderbird

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2016:0894-1

Rating: important

References: #969894

Cross-References: CVE-2015-4477 CVE-2015-7207 CVE-2016-1952

CVE-2016-1954 CVE-2016-1957 CVE-2016-1958

CVE-2016-1960 CVE-2016-1961 CVE-2016-1962

CVE-2016-1964 CVE-2016-1965 CVE-2016-1966

CVE-2016-1974 CVE-2016-1977 CVE-2016-2790

CVE-2016-2791 CVE-2016-2792 CVE-2016-2793

CVE-2016-2794 CVE-2016-2795 CVE-2016-2796

CVE-2016-2797 CVE-2016-2798 CVE-2016-2799

CVE-2016-2800 CVE-2016-2801 CVE-2016-2802

 

Affected Products:

openSUSE 13.1

______________________________________________________________________________

 

An update that fixes 27 vulnerabilities is now available.

 

Description:

 

 

MozillaThunderbird was updated to 38.7.0 to fix the following issues:

 

* Update to Thunderbird 38.7.0 (boo#969894)

* MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream

playback

* MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation

using performance.getEntries and history navigation

* MFSA 2016-16/CVE-2016-1952 Miscellaneous memory safety hazards

* MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and

potential privilege escalation through CSP reports

* MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright

when deleting an array during MP4 processing

* MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be

overridden

* MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free

in HTML5 string parser

* MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free

in SetBody

* MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using

multiple WebRTC data channels

* MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML

transformations

* MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though

history navigation and Location protocol property

* MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with

malicious NPAPI plugin

* MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML

parser following a failed allocation

* MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/

CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/

CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/

CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the

Graphite 2 library

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE 13.1:

 

zypper in -t patch 2016-402=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE 13.1 (i586 x86_64):

 

MozillaThunderbird-38.7.0-70.80.1

MozillaThunderbird-buildsymbols-38.7.0-70.80.1

MozillaThunderbird-debuginfo-38.7.0-70.80.1

MozillaThunderbird-debugsource-38.7.0-70.80.1

MozillaThunderbird-devel-38.7.0-70.80.1

MozillaThunderbird-translations-common-38.7.0-70.80.1

MozillaThunderbird-translations-other-38.7.0-70.80.1

 

 

References:

 

https://www.suse.com/security/cve/CVE-2015-4477.html

https://www.suse.com/security/cve/CVE-2015-7207.html

https://www.suse.com/security/cve/CVE-2016-1952.html

https://www.suse.com/security/cve/CVE-2016-1954.html

https://www.suse.com/security/cve/CVE-2016-1957.html

https://www.suse.com/security/cve/CVE-2016-1958.html

https://www.suse.com/security/cve/CVE-2016-1960.html

https://www.suse.com/security/cve/CVE-2016-1961.html

https://www.suse.com/security/cve/CVE-2016-1962.html

https://www.suse.com/security/cve/CVE-2016-1964.html

https://www.suse.com/security/cve/CVE-2016-1965.html

https://www.suse.com/security/cve/CVE-2016-1966.html

https://www.suse.com/security/cve/CVE-2016-1974.html

https://www.suse.com/security/cve/CVE-2016-1977.html

https://www.suse.com/security/cve/CVE-2016-2790.html

https://www.suse.com/security/cve/CVE-2016-2791.html

https://www.suse.com/security/cve/CVE-2016-2792.html

https://www.suse.com/security/cve/CVE-2016-2793.html

https://www.suse.com/security/cve/CVE-2016-2794.html

https://www.suse.com/security/cve/CVE-2016-2795.html

https://www.suse.com/security/cve/CVE-2016-2796.html

https://www.suse.com/security/cve/CVE-2016-2797.html

https://www.suse.com/security/cve/CVE-2016-2798.html

https://www.suse.com/security/cve/CVE-2016-2799.html

https://www.suse.com/security/cve/CVE-2016-2800.html

https://www.suse.com/security/cve/CVE-2016-2801.html

https://www.suse.com/security/cve/CVE-2016-2802.html

https://bugzilla.suse.com/969894

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×