Oval Definition:oval:com.redhat.rhsa:def:20191623
Revision Date:2019-06-27Version:637
Title:RHSA-2019:1623: thunderbird security update (Important)
Description:Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 60.7.2.

Security Fix(es):

  • Mozilla: Type confusion in Array.pop (CVE-2019-11707)

  • thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705)

  • Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708)

  • thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703)

  • thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704)

  • thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2019-11703
    CVE-2019-11704
    CVE-2019-11705
    CVE-2019-11706
    CVE-2019-11707
    CVE-2019-11708
    RHSA-2019:1623
    Platform(s):Red Hat Enterprise Linux 8
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • thunderbird is earlier than 0:60.7.2-2.el8_0
  • AND thunderbird is signed with Red Hat redhatrelease2 key
  • AND
  • Red Hat Enterprise Linux 8 is installed
  • OR Red Hat CoreOS 4 is installed
    • BACK