SuSE Local Security Checks : openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2019:0182-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.852291

Kategorie: SuSE Local Security Checks

Titel: openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2019:0182-1)

Zusammenfassung: The remote host is missing an update for the 'MozillaThunderbird'; package(s) announced via the openSUSE-SU-2019:0182-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'MozillaThunderbird'
package(s) announced via the openSUSE-SU-2019:0182-1 advisory.

Vulnerability Insight:
This update for MozillaThunderbird to version 60.5.0
fixes the following issues:

Security vulnerabilities addressed (MFSA 2019-03 boo#1122983 MFSA 2018-31):

- CVE-2018-18500: Use-after-free parsing HTML5 stream

- CVE-2018-18505: Privilege escalation through IPC channel messages

- CVE-2016-5824: DoS (use-after-free) via a crafted ics file

- CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR
60.5

- CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library
with TextureStorage11

- CVE-2018-18492: Use-after-free with select element

- CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia

- CVE-2018-18494: Same-origin policy violation using location attribute
and performance.getEntries to steal cross-origin URLs

- CVE-2018-18498: Integer overflow when calculating buffer sizes for images

- CVE-2018-12405: Memory safety bugs fixed in Firefox 64, 60.4, and
Thunderbird 60.4

Other bugs fixed and changes made:

- FileLink provider WeTransfer to upload large attachments

- Thunderbird now allows the addition of OpenSearch search engines from a
local XML file using a minimal user interface: [+] button to select a
file an add, [-] to remove.

- More search engines: Google and DuckDuckGo available by default in some
locales

- During account creation, Thunderbird will now detect servers using the
Microsoft Exchange protocol. It will offer the installation of a 3rd
party add-on (Owl) which supports that protocol.

- Thunderbird now compatible with other WebExtension-based FileLink
add-ons like the Dropbox add-on

- New WebExtensions FileLink API to facilitate add-ons

- Fix decoding problems for messages with less common charsets (cp932,
cp936)

- New messages in the drafts folder (and other special or virtual folders)
will no longer be included in the new messages notification

- Thunderbird 60 will migrate security databases (key3.db, cert8.db to
key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a fault
that potentially deleted saved passwords and private certificate keys
for users using a master password. Version 60.3.3 will prevent the loss
of data affected users who have already upgraded to version 60.3.2 or
earlier can restore the deleted key3.db file from backup to complete the
migration.

- Address book search and auto-complete slowness introduced in Thunderbird
60.3.2

- Plain text markup with * for bold, / for italics, _ for underline and
for code did not work when the enclosed text contained non-ASCII
characters

- While composing a messa ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
MozillaThunderbird on openSUSE Leap 42.3.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-5824
BugTraq ID: 91459
http://www.securityfocus.com/bid/91459
https://security.gentoo.org/glsa/201904-02
https://security.gentoo.org/glsa/201904-07
https://github.com/libical/libical/issues/235
http://www.openwall.com/lists/oss-security/2016/06/25/4
http://www.openwall.com/lists/oss-security/2017/01/20/16
RedHat Security Advisories: RHSA-2019:0269
https://access.redhat.com/errata/RHSA-2019:0269
RedHat Security Advisories: RHSA-2019:0270
https://access.redhat.com/errata/RHSA-2019:0270
https://usn.ubuntu.com/3897-1/

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.852291
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2019:0182-1)
Zusammenfassung:	The remote host is missing an update for the 'MozillaThunderbird'; package(s) announced via the openSUSE-SU-2019:0182-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'MozillaThunderbird' package(s) announced via the openSUSE-SU-2019:0182-1 advisory. Vulnerability Insight: This update for MozillaThunderbird to version 60.5.0 fixes the following issues: Security vulnerabilities addressed (MFSA 2019-03 boo#1122983 MFSA 2018-31): - CVE-2018-18500: Use-after-free parsing HTML5 stream - CVE-2018-18505: Privilege escalation through IPC channel messages - CVE-2016-5824: DoS (use-after-free) via a crafted ics file - CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 - CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Use-after-free with select element - CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Integer overflow when calculating buffer sizes for images - CVE-2018-12405: Memory safety bugs fixed in Firefox 64, 60.4, and Thunderbird 60.4 Other bugs fixed and changes made: - FileLink provider WeTransfer to upload large attachments - Thunderbird now allows the addition of OpenSearch search engines from a local XML file using a minimal user interface: [+] button to select a file an add, [-] to remove. - More search engines: Google and DuckDuckGo available by default in some locales - During account creation, Thunderbird will now detect servers using the Microsoft Exchange protocol. It will offer the installation of a 3rd party add-on (Owl) which supports that protocol. - Thunderbird now compatible with other WebExtension-based FileLink add-ons like the Dropbox add-on - New WebExtensions FileLink API to facilitate add-ons - Fix decoding problems for messages with less common charsets (cp932, cp936) - New messages in the drafts folder (and other special or virtual folders) will no longer be included in the new messages notification - Thunderbird 60 will migrate security databases (key3.db, cert8.db to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a fault that potentially deleted saved passwords and private certificate keys for users using a master password. Version 60.3.3 will prevent the loss of data affected users who have already upgraded to version 60.3.2 or earlier can restore the deleted key3.db file from backup to complete the migration. - Address book search and auto-complete slowness introduced in Thunderbird 60.3.2 - Plain text markup with * for bold, / for italics, _ for underline and for code did not work when the enclosed text contained non-ASCII characters - While composing a messa ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: MozillaThunderbird on openSUSE Leap 42.3. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5824 BugTraq ID: 91459 http://www.securityfocus.com/bid/91459 https://security.gentoo.org/glsa/201904-02 https://security.gentoo.org/glsa/201904-07 https://github.com/libical/libical/issues/235 http://www.openwall.com/lists/oss-security/2016/06/25/4 http://www.openwall.com/lists/oss-security/2017/01/20/16 RedHat Security Advisories: RHSA-2019:0269 https://access.redhat.com/errata/RHSA-2019:0269 RedHat Security Advisories: RHSA-2019:0270 https://access.redhat.com/errata/RHSA-2019:0270 https://usn.ubuntu.com/3897-1/
Copyright	Copyright (C) 2019 Greenbone Networks GmbH