thunderbird-78.5.1-1.AXS4

エラータID: AXSA:2020-1010:11

Release date: 
Monday, December 21, 2020 - 10:35
Subject: 
thunderbird-78.5.1-1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.5.1.

Security Fix(es):

Mozilla: Stack overflow due to incorrect parsing of SMTP server response
codes (CVE-2020-26970)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):

CVE-2020-26970
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.

Solution: 

Update packages.

CVEs: 
CVE-2020-26970
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.
Additional Info: 

N/A

Download: 

SRPMS
  1. thunderbird-78.5.1-1.AXS4.src.rpm
    MD5: f4b73fd085975359b6084c3db1b71da4
    SHA-256: fe3e88c9090107f4a93308d4c51747e98b2c607451cb8e56ab128a16433f640f
    Size: 703.06 MB

Asianux Server 4 for x86
  1. thunderbird-78.5.1-1.AXS4.i686.rpm
    MD5: d1c9763c1a4dc83f39b0314667967c30
    SHA-256: 36330da5e0aecb670e3c153b504deb9ee405d112753c0f862f8442d93813dcbc
    Size: 121.95 MB

Asianux Server 4 for x86_64
  1. thunderbird-78.5.1-1.AXS4.x86_64.rpm
    MD5: 40ec80527ccb8295b8323000bec7294e
    SHA-256: 0a0db2dc361b6cc254c1f63378131bdca64bc1368d2f2eeccaec606cdfc2acd5
    Size: 118.13 MB