[security-announce] openSUSE-SU-2012:0917-1: important: MozillaThunderbird: update to Thunderbird 14.0

[news 28]

openSUSE Security Update: MozillaThunderbird: update to Thunderbird 14.0

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2012:0917-1

Rating: important

References: #771583

Affected Products:

openSUSE 12.1

openSUSE 11.4

______________________________________________________________________________

 

An update that contains security fixes can now be installed.

 

Description:

 

Mozilla Thunderbird was updated to version 14.0 (bnc#771583)

* MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous

memory safety hazards

* MFSA

2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1

952 Gecko memory corruption

* MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue

with location

* MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper

filtering of javascript in HTML feed-view

* MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free

in nsGlobalWindow::PageHidden

* MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)

Same-compartment Security Wrappers can be bypassed

* MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds

read in QCMS

* MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options

header ignored when duplicated

* MFSA 2012-52/CVE-2012-1962 (bmo#764296)

JSDependentString::undepend string conversion results

in memory corruption

* MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content

Security Policy 1.0 implementation errors cause data

leakage

* MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution

through javascript: URLs

* relicensed to MPL-2.0

- update Enigmail to 1.4.3

 

- no crashreport on %arm, fixing build

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE 12.1:

 

zypper in -t patch openSUSE-2012-443

 

- openSUSE 11.4:

 

zypper in -t patch openSUSE-2012-443

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE 12.1 (x86_64):

 

MozillaThunderbird-14.0-33.26.1

MozillaThunderbird-buildsymbols-14.0-33.26.1

MozillaThunderbird-debuginfo-14.0-33.26.1

MozillaThunderbird-debugsource-14.0-33.26.1

MozillaThunderbird-devel-14.0-33.26.1

MozillaThunderbird-devel-debuginfo-14.0-33.26.1

MozillaThunderbird-translations-common-14.0-33.26.1

MozillaThunderbird-translations-other-14.0-33.26.1

enigmail-1.4.3+14.0-33.26.1

enigmail-debuginfo-1.4.3+14.0-33.26.1

 

- openSUSE 12.1 (i586):

 

MozillaThunderbird-14.0-33.26.2

MozillaThunderbird-buildsymbols-14.0-33.26.2

MozillaThunderbird-debuginfo-14.0-33.26.2

MozillaThunderbird-debugsource-14.0-33.26.2

MozillaThunderbird-devel-14.0-33.26.2

MozillaThunderbird-devel-debuginfo-14.0-33.26.2

MozillaThunderbird-translations-common-14.0-33.26.2

MozillaThunderbird-translations-other-14.0-33.26.2

enigmail-1.4.3+14.0-33.26.2

enigmail-debuginfo-1.4.3+14.0-33.26.2

 

- openSUSE 11.4 (x86_64):

 

MozillaThunderbird-14.0-24.1

MozillaThunderbird-buildsymbols-14.0-24.1

MozillaThunderbird-debuginfo-14.0-24.1

MozillaThunderbird-debugsource-14.0-24.1

MozillaThunderbird-devel-14.0-24.1

MozillaThunderbird-devel-debuginfo-14.0-24.1

MozillaThunderbird-translations-common-14.0-24.1

MozillaThunderbird-translations-other-14.0-24.1

enigmail-1.4.3+14.0-24.1

enigmail-debuginfo-1.4.3+14.0-24.1

 

- openSUSE 11.4 (i586):

 

MozillaThunderbird-14.0-24.2

MozillaThunderbird-buildsymbols-14.0-24.2

MozillaThunderbird-debuginfo-14.0-24.2

MozillaThunderbird-debugsource-14.0-24.2

MozillaThunderbird-devel-14.0-24.2

MozillaThunderbird-devel-debuginfo-14.0-24.2

MozillaThunderbird-translations-common-14.0-24.2

MozillaThunderbird-translations-other-14.0-24.2

enigmail-1.4.3+14.0-24.2

enigmail-debuginfo-1.4.3+14.0-24.2

 

 

References:

 

https://bugzilla.novell.com/771583

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org