thunderbird-78.9.0-3.0.1.el8

エラータID: AXSA:2021-1619:04

Release date: 
Monday, March 29, 2021 - 06:41
Subject: 
thunderbird-78.9.0-3.0.1.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.9.0.

Security Fix(es):

* Mozilla: Texture upload into an unbound backing buffer resulted in an
out-of-bound read (CVE-2021-23981)
* Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
(CVE-2021-23987)
* Mozilla: Internal network hosts could have been probed by a malicious
webpage (CVE-2021-23982)
* Mozilla: Malicious extensions could have spoofed popup information
(CVE-2021-23984)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2021-23981
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2021-23982
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2021-23984
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2021-23987
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2021-23981
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23982
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23984
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23987
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. thunderbird-78.9.0-3.0.1.el8.src.rpm
    MD5: be74905573a501f665d4ddfacef0a79b
    SHA-256: 360de87106d03a4f6d2a1134548bf641f16022d4b7b69ba146a68c37bd293341
    Size: 686.94 MB

Asianux Server 8 for x86_64
  1. thunderbird-78.9.0-3.0.1.el8.x86_64.rpm
    MD5: 3a5f89edd8e972324a95eb56b7e4a7d9
    SHA-256: 6f7d14bd284d5099bcec82d6bab143efdb82a83e71bc884ee7cd71e740c8a786
    Size: 93.24 MB