thunderbird-78.12.0-2.0.1.AXS4

エラータID: AXSA:2021-2270:11

Release date: 
Monday, August 2, 2021 - 02:52
Subject: 
thunderbird-78.12.0-2.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.12.0.

Security Fix(es):

* Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be
processed (CVE-2021-29969)
* Mozilla: Use-after-free in accessibility features of a document
(CVE-2021-29970)
* Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
(CVE-2021-29976)
* chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2021-29969
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2021-29970
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2021-29976
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2021-30547
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a
remote attacker to potentially perform out of bounds memory access via a crafted
HTML page.

Solution: 

Update packages.

CVEs: 
CVE-2021-29969
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-29970
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-29976
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-30547
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Additional Info: 

N/A

Download: 

SRPMS
  1. thunderbird-78.12.0-2.0.1.AXS4.src.rpm
    MD5: 99c9781753d78eb40d09408a3ecba385
    SHA-256: 2bae95f9227bebfa1b187da51ffe732540f859db5c35e64da40b7a9961f2d031
    Size: 706.11 MB

Asianux Server 4 for x86
  1. thunderbird-78.12.0-2.0.1.AXS4.i686.rpm
    MD5: b5f5b0484025489ae89dc7eb72b304e9
    SHA-256: 41d60030bfa8ad4b9cc383f7a8eff5946f4e223fd907a8bae95f369f9f779bb5
    Size: 122.14 MB

Asianux Server 4 for x86_64
  1. thunderbird-78.12.0-2.0.1.AXS4.x86_64.rpm
    MD5: 59da073677ec288615b673d6f5baec92
    SHA-256: 0294fbfcb0ed302f9183cca9db8063c0b0c939dbf93edf83fad154098077b6b0
    Size: 118.29 MB