AXSA:2022-3201:07

Release date: 
Thursday, June 2, 2022 - 03:23
Subject: 
thunderbird-91.9.1-1.el8.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.9.1.

Security Fix(es):

* Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution (CVE-2022-1529)
* Mozilla: Prototype pollution in Top-Level Await implementation (CVE-2022-1802)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-1529
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-1802
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. thunderbird-91.9.1-1.el8.ML.1.src.rpm
    MD5: 91249120a18dff53689524487165788c
    SHA-256: 8265c40a1918221abaa43d7fa01c088e4dc62f34dd436eb4dc85de06f2d6f0a0
    Size: 509.26 MB

Asianux Server 8 for x86_64
  1. thunderbird-91.9.1-1.el8.ML.1.x86_64.rpm
    MD5: c072be17402974fb51292f2324e695fc
    SHA-256: e3a85db464fbb817c9492ea8bac483b3814d3bdfa6b92980cca3b32600e1be27
    Size: 100.53 MB
Copyright 2007-2022 Cybertrust Japan Co., Ltd. All rights reserved.