| Summary: | Thunderbird 38.6 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | davidwhodgins, doktor5000, lists.jjorge, sysadmin-bugs, tarazed25 |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/673772/ | ||
| Whiteboard: | MGA5-32-OK MGA5-64-OK advisory | ||
| Source RPM: | thunderbird | CVE: | |
| Status comment: | |||
|
Description
David Walser
2016-02-15 21:34:48 CET
David Walser
2016-02-15 21:35:54 CET
Whiteboard:
(none) =>
MGA5TOO
Florian Hubold
2016-02-15 21:46:36 CET
Status:
NEW =>
ASSIGNED Submitted thunderbird-38.6.0-1.mga6 for cauldron and thunderbird-38.6.0-1.mga5 to core/updates_testing. @David: Could you add a short advisory please and assign to QA team? Thanks Florian, but you forgot thunderbird-l10n. I just took care of that one. Advisory details are not available yet, but I'll post it when they are. Updated packages in core/updates_testing: ======================== thunderbird-38.6.0-1.mga5 thunderbird-enigmail-38.6.0-1.mga5 thunderbird-ar-38.6.0-1.mga5 thunderbird-ast-38.6.0-1.mga5 thunderbird-be-38.6.0-1.mga5 thunderbird-bg-38.6.0-1.mga5 thunderbird-bn_BD-38.6.0-1.mga5 thunderbird-br-38.6.0-1.mga5 thunderbird-ca-38.6.0-1.mga5 thunderbird-cs-38.6.0-1.mga5 thunderbird-cy-38.6.0-1.mga5 thunderbird-da-38.6.0-1.mga5 thunderbird-de-38.6.0-1.mga5 thunderbird-el-38.6.0-1.mga5 thunderbird-en_GB-38.6.0-1.mga5 thunderbird-en_US-38.6.0-1.mga5 thunderbird-es_AR-38.6.0-1.mga5 thunderbird-es_ES-38.6.0-1.mga5 thunderbird-et-38.6.0-1.mga5 thunderbird-eu-38.6.0-1.mga5 thunderbird-fi-38.6.0-1.mga5 thunderbird-fr-38.6.0-1.mga5 thunderbird-fy_NL-38.6.0-1.mga5 thunderbird-ga_IE-38.6.0-1.mga5 thunderbird-gd-38.6.0-1.mga5 thunderbird-gl-38.6.0-1.mga5 thunderbird-he-38.6.0-1.mga5 thunderbird-hr-38.6.0-1.mga5 thunderbird-hsb-38.6.0-1.mga5 thunderbird-hu-38.6.0-1.mga5 thunderbird-hy_AM-38.6.0-1.mga5 thunderbird-id-38.6.0-1.mga5 thunderbird-is-38.6.0-1.mga5 thunderbird-it-38.6.0-1.mga5 thunderbird-ja-38.6.0-1.mga5 thunderbird-ko-38.6.0-1.mga5 thunderbird-lt-38.6.0-1.mga5 thunderbird-nb_NO-38.6.0-1.mga5 thunderbird-nl-38.6.0-1.mga5 thunderbird-nn_NO-38.6.0-1.mga5 thunderbird-pa_IN-38.6.0-1.mga5 thunderbird-pl-38.6.0-1.mga5 thunderbird-pt_BR-38.6.0-1.mga5 thunderbird-pt_PT-38.6.0-1.mga5 thunderbird-ro-38.6.0-1.mga5 thunderbird-ru-38.6.0-1.mga5 thunderbird-si-38.6.0-1.mga5 thunderbird-sk-38.6.0-1.mga5 thunderbird-sl-38.6.0-1.mga5 thunderbird-sq-38.6.0-1.mga5 thunderbird-sv_SE-38.6.0-1.mga5 thunderbird-ta_LK-38.6.0-1.mga5 thunderbird-tr-38.6.0-1.mga5 thunderbird-uk-38.6.0-1.mga5 thunderbird-vi-38.6.0-1.mga5 thunderbird-zh_CN-38.6.0-1.mga5 thunderbird-zh_TW-38.6.0-1.mga5 from SRPMS: thunderbird-38.6.0-1.mga5.src.rpm thunderbird-l10n-38.6.0-1.mga5.src.rpm Version:
Cauldron =>
5 Updated i586. All seems Ok, even calendar! CC:
(none) =>
lists.jjorge
José Jorge
2016-02-16 17:00:11 CET
Whiteboard:
(none) =>
MGA5-32-OK Already using this. Updated on x86_64 and it works as always. CC:
(none) =>
tarazed25
Len Lawrence
2016-02-16 18:32:11 CET
Whiteboard:
MGA5-32-OK =>
MGA5-32-OK MGA5-64-OK (In reply to David Walser from comment #2) > Thanks Florian, but you forgot thunderbird-l10n. Sorry, classical case of ENOCOFFEE and early morning. Thanks for helping out \o/ Advisory: ======================== Updated thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2016-1930, CVE-2016-1935). Multiple security flaws were found in the graphite2 font library bundled with Thunderbird. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526). Thunderbird includes a bundled copy of the graphite2 library, which has been updated in Thunderbird 38.6.0. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1523 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935 http://www.talosintel.com/reports/TALOS-2016-0057/ http://www.talosintel.com/reports/TALOS-2016-0058/ http://www.talosintel.com/reports/TALOS-2016-0059/ http://www.talosintel.com/reports/TALOS-2016-0060/ http://www.talosintel.com/reports/TALOS-2016-0061/ http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ https://rhn.redhat.com/errata/RHSA-2016-0071.html https://rhn.redhat.com/errata/RHSA-2016-0197.html OpenSuSE has issued an advisory for this today (February 17): http://lists.opensuse.org/opensuse-updates/2016-02/msg00105.html
Dave Hodgins
2016-02-17 17:34:04 CET
Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0078.html Status:
ASSIGNED =>
RESOLVED RedHat has issued an advisory for this on February 18: https://rhn.redhat.com/errata/RHSA-2016-0258.html URL:
(none) =>
http://lwn.net/Vulnerabilities/673772/ |