thunderbird-68.11.0-1.AXS4

エラータID: AXSA:2020-258:06

Release date: 
Thursday, August 6, 2020 - 20:46
Subject: 
thunderbird-68.11.0-1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 68.11.0.

Security Fix(es):

* chromium-browser: Use after free in ANGLE (CVE-2020-6463)

* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)

* Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652)

* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-15652
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-15659
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-6463
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6514
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.

Solution: 

Update packages.

CVEs: 
CVE-2020-15652
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-15659
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-6463
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6514
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
Additional Info: 

N/A

Download: 

SRPMS
  1. thunderbird-68.11.0-1.AXS4.src.rpm
    MD5: 2fa14bdb225fa1b9e9ae179280a55925
    SHA-256: 740a5f2e6407ae57c2e293120e1c89a1c22cf05bd897903644a0018db21db84c
    Size: 522.90 MB

Asianux Server 4 for x86
  1. thunderbird-68.11.0-1.AXS4.i686.rpm
    MD5: 2d13a0ae05385b99cdc757813dd2d217
    SHA-256: f7e9c5943de2440b7d63525678f84377b9552f5359cb7dfeb05be62f707fd74a
    Size: 109.62 MB

Asianux Server 4 for x86_64
  1. thunderbird-68.11.0-1.AXS4.x86_64.rpm
    MD5: c213d352d53e2e6e6cd1724e96fe83c3
    SHA-256: 31082e0c9d194f48e8fdb28d1a77bbc84cab4d0a7d7d42f07520f253d43c6805
    Size: 109.34 MB