thunderbird-78.9.0-3.0.1.AXS4

エラータID: AXSA:2021-1624:05

Release date: 
Wednesday, March 31, 2021 - 04:23
Subject: 
thunderbird-78.9.0-3.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.9.0.

Security Fix(es):

Mozilla: Texture upload into an unbound backing buffer resulted in an
out-of-bound read (CVE-2021-23981)
Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
(CVE-2021-23987)
Mozilla: Internal network hosts could have been probed by a malicious
webpage (CVE-2021-23982)
Mozilla: Malicious extensions could have spoofed popup information
(CVE-2021-23984)

CVE(s):
CVE-2021-23981
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23987
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23982
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23984
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2021-23981
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23982
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23984
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23987
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. thunderbird-78.9.0-3.0.1.AXS4.src.rpm
    MD5: 0ba54b51fd3f441ed94953b16e46fc80
    SHA-256: 52ed8e4cbb1c98f04e527fb13b78c7e2d24e7003e9711b995896c44c1a80ec7e
    Size: 703.36 MB

Asianux Server 4 for x86
  1. thunderbird-78.9.0-3.0.1.AXS4.i686.rpm
    MD5: c72aeda476d93c534fc0a3d65ec871e5
    SHA-256: 56dc89bef980693229fb7bdf9781f979d42b2bcdca8b2c11e98aaf9742265ed5
    Size: 122.15 MB

Asianux Server 4 for x86_64
  1. thunderbird-78.9.0-3.0.1.AXS4.x86_64.rpm
    MD5: 258c7f43d370c03404305efc523b60d4
    SHA-256: e458d77d8ff3751665791bc188ecb8607a419459386efb8f27a6393580575d42
    Size: 118.30 MB