SUSE-SU-2018:3769-1: important: Security update for MozillaThunderbird

sle-security-updates at sle-security-updates at
Wed Nov 14 10:11:53 MST 2018

   SUSE Security Update: Security update for MozillaThunderbird

Announcement ID:    SUSE-SU-2018:3769-1
Rating:             important
References:         #1112852 
Cross-References:   CVE-2018-12389 CVE-2018-12390 CVE-2018-12391
                    CVE-2018-12392 CVE-2018-12393
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 15

   An update that fixes 5 vulnerabilities is now available.


   This update for MozillaThunderbird fixes the following issues:

   Thunderbird 63 ESR was updated to version 60.3.0 to fix the following
   issues (bsc#1112852):

   Security issues fixed (MFSA 2018-28):

   - CVE-2018-12389: Fixed memory safety bugs.
   - CVE-2018-12390: Fixed memory safety bugs.
   - CVE-2018-12391: Fixed HTTP Live Stream audio data is accessible
   - CVE-2018-12392: Fixed crash with nested event loops.
   - CVE-2018-12393: Fixed integer overflow during Unicode conversion while
     loading JavaScript.

   Non-security issues fixed:

   - various theme fixes
   - Shift+PageUp/PageDown in Write window
   - Gloda attachment filtering
   - Mailing list address auto-complete enter/return handling
   - Thunderbird hung if HTML signature references non-existent image
   - Filters not working for headers that appear more than once
   - Update _constraints for armv6/7
   - Add memory-constraints to avoid OOM errors

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 15:

      zypper in -t patch SUSE-SLE-Product-WE-15-2018-2660=1

Package List:

   - SUSE Linux Enterprise Workstation Extension 15 (x86_64):



More information about the sle-security-updates mailing list