SUSE-SU-2018:3769-1: important: Security update for MozillaThunderbird

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed Nov 14 10:11:53 MST 2018 

   SUSE Security Update: Security update for MozillaThunderbird
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:3769-1
Rating:             important
References:         #1112852 
Cross-References:   CVE-2018-12389 CVE-2018-12390 CVE-2018-12391
                    CVE-2018-12392 CVE-2018-12393
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 15
______________________________________________________________________________

   An update that fixes 5 vulnerabilities is now available.

Description:

   This update for MozillaThunderbird fixes the following issues:

   Thunderbird 63 ESR was updated to version 60.3.0 to fix the following
   issues (bsc#1112852):

   Security issues fixed (MFSA 2018-28):

   - CVE-2018-12389: Fixed memory safety bugs.
   - CVE-2018-12390: Fixed memory safety bugs.
   - CVE-2018-12391: Fixed HTTP Live Stream audio data is accessible
     cross-origin.
   - CVE-2018-12392: Fixed crash with nested event loops.
   - CVE-2018-12393: Fixed integer overflow during Unicode conversion while
     loading JavaScript.

   Non-security issues fixed:

   - various theme fixes
   - Shift+PageUp/PageDown in Write window
   - Gloda attachment filtering
   - Mailing list address auto-complete enter/return handling
   - Thunderbird hung if HTML signature references non-existent image
   - Filters not working for headers that appear more than once
   - Update _constraints for armv6/7
   - Add memory-constraints to avoid OOM errors


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 15:

      zypper in -t patch SUSE-SLE-Product-WE-15-2018-2660=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 15 (x86_64):

      MozillaThunderbird-60.3.0-3.17.2
      MozillaThunderbird-debuginfo-60.3.0-3.17.2
      MozillaThunderbird-debugsource-60.3.0-3.17.2
      MozillaThunderbird-translations-common-60.3.0-3.17.2
      MozillaThunderbird-translations-other-60.3.0-3.17.2


References:

   https://www.suse.com/security/cve/CVE-2018-12389.html
   https://www.suse.com/security/cve/CVE-2018-12390.html
   https://www.suse.com/security/cve/CVE-2018-12391.html
   https://www.suse.com/security/cve/CVE-2018-12392.html
   https://www.suse.com/security/cve/CVE-2018-12393.html
   https://bugzilla.suse.com/1112852

More information about the sle-updates mailing list