Oval Definition:oval:com.redhat.rhsa:def:20193237
Revision Date:2019-10-29Version:635
Title:RHSA-2019:3237: thunderbird security update (Important)
Description:Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 68.2.0.

Security Fix(es):

  • Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764)

  • Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757)

  • Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758)

  • Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759)

  • Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760)

  • Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761)

  • Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762)

  • Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763)

  • expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2019-11757
    CVE-2019-11758
    CVE-2019-11759
    CVE-2019-11760
    CVE-2019-11761
    CVE-2019-11762
    CVE-2019-11763
    CVE-2019-11764
    CVE-2019-15903
    RHSA-2019:3237
    Platform(s):Red Hat Enterprise Linux 8
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • thunderbird is earlier than 0:68.2.0-1.el8_0
  • AND thunderbird is signed with Red Hat redhatrelease2 key
  • AND
  • Red Hat Enterprise Linux 8 is installed
  • OR Red Hat CoreOS 4 is installed
  • BACK