thunderbird-68.8.0-1.AXS4

エラータID: AXSA:2020-057:04

Release date: 
Monday, May 11, 2020 - 19:52
Subject: 
thunderbird-68.8.0-1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 68.8.0.

Security Fix(es):

* Mozilla: Use-after-free during worker shutdown (CVE-2020-12387)

* Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395)

* usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831)

* Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392)

* Mozilla: Sender Email Address Spoofing using encoded Unicode characters (CVE-2020-12397)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-12387
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-12392
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-12395
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-12397
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-6831
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2020-12387
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-12392
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-12395
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-12397
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-6831
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. thunderbird-68.8.0-1.AXS4.src.rpm
    MD5: d3741b982d8c6144589a8764c7b06e79
    SHA-256: 9562e09dc9bba90d7dc245f10f84f7b1ed468cebf6aba6de8ca453cc631e7b84
    Size: 520.29 MB

Asianux Server 4 for x86
  1. thunderbird-68.8.0-1.AXS4.i686.rpm
    MD5: 239ff845d9c87215aedbf5b7ea46db11
    SHA-256: 048cea9b28e1955d8582cdf7b416ca0d710f53748625098b7d5215863d17f3f9
    Size: 109.57 MB

Asianux Server 4 for x86_64
  1. thunderbird-68.8.0-1.AXS4.x86_64.rpm
    MD5: 8cf5e449509efa052811d0b0d73f9247
    SHA-256: 5df9afd14893ce3cbf1577595b145603df3e1aecb683e8b26f8cf8ecb6fb6b65
    Size: 109.28 MB