thunderbird-102.3.0-4.el9.ML.1

エラータID: AXSA:2022-4150:23

Release date: 
Friday, November 25, 2022 - 08:40
Subject: 
thunderbird-102.3.0-4.el9.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.3.0.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-40674
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

Solution: 

Update packages.

CVEs: 
CVE-2022-40674
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
Additional Info: 

N/A

Download: 

SRPMS
  1. thunderbird-102.3.0-4.el9.ML.1.src.rpm
    MD5: f255ea148e2bafe704e0110d8cc753a0
    SHA-256: 623409cfe6710fcc98d9067b9bc87cab5fc68efc0205520ec36983b36dac793d
    Size: 618.97 MB

Asianux Server 9 for x86_64
  1. thunderbird-102.3.0-4.el9.ML.1.x86_64.rpm
    MD5: 2a0783419434b42c3e4a4f09c566ae9a
    SHA-256: 6662b9475601181bbd4ac79efe066ce14d2ef2e9a6a01c2e27318fc02acb4a27
    Size: 100.64 MB