thunderbird-68.3.0-3.AXS4

エラータID: AXSA:2019-4404:04

Release date: 
Friday, December 13, 2019 - 08:56
Subject: 
thunderbird-68.3.0-3.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 68.3.0.

Security Fix(es):

* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)

* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)

* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)

* Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)

* Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-17005
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17008
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17010
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17011
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17012
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2019-17005
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17008
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17010
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17011
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17012
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. thunderbird-68.3.0-3.AXS4.src.rpm
    MD5: 5e83560b9b382ca0fb4ab98b52a3a791
    SHA-256: 77617ca8ed85e5a235ff317bab7f4abb58b1543d92254cfc86ee65048af0b012
    Size: 516.44 MB

Asianux Server 4 for x86
  1. thunderbird-68.3.0-3.AXS4.i686.rpm
    MD5: db57777c90620461d878e61899c7487e
    SHA-256: 0a8a8fdb41743a21329be44230a9e5bc572df60f6f014d62bfafe6cd0b85ae7f
    Size: 109.36 MB

Asianux Server 4 for x86_64
  1. thunderbird-68.3.0-3.AXS4.x86_64.rpm
    MD5: 511dc4460bea3b43e9cf7a0903e60e43
    SHA-256: 3d20078f4265efffd6e53470811000f16ec6ac8581cd6d754b2cf706309e4294
    Size: 109.07 MB