thunderbird-38.5.0-1.AXS4

エラータID: AXSA:2016-004:01

Release date: 
Thursday, January 7, 2016 - 20:31
Subject: 
thunderbird-38.5.0-1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security issues fixed with this release:

CVE-2015-7201
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors.
CVE-2015-7205
Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might
allow remote attackers to obtain sensitive information, cause a denial
of service, or possibly have unspecified other impact by triggering a
crafted WebRTC RTP packet.
CVE-2015-7212
Integer overflow in the
mozilla::layers::BufferTextureClient::AllocateForSurface function in
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows
remote attackers to execute arbitrary code by triggering a graphics
operation that requires a large texture allocation.
CVE-2015-7213
Integer overflow in the MPEG4Extractor::readMetaData function in
MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0
and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote
attackers to execute arbitrary code via a crafted MP4 video file that
triggers a buffer overflow.
CVE-2015-7214
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow
remote attackers to bypass the Same Origin Policy via data: and
view-source: URIs.

Solution: 

Update packages.

CVEs: 
CVE-2015-7201
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2015-7205
Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.
CVE-2015-7212
Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.
CVE-2015-7213
Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.
CVE-2015-7214
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.
Additional Info: 

N/A

Download: 

SRPMS
  1. thunderbird-38.5.0-1.AXS4.src.rpm
    MD5: b6461566c79e244472a5bcf580a7b56a
    SHA-256: c34a952973ca1167ad48eb98d930f9e0481d95164d9310a8979b84ecabdb8c55
    Size: 357.13 MB

Asianux Server 4 for x86
  1. thunderbird-38.5.0-1.AXS4.i686.rpm
    MD5: 1d2318e61d54b34821c9e7f2f8ad64cd
    SHA-256: 6c6f38219e9f519cb893a166819cf88ef32e5eca973d09f8a83d614448e790e7
    Size: 56.93 MB

Asianux Server 4 for x86_64
  1. thunderbird-38.5.0-1.AXS4.x86_64.rpm
    MD5: 027e0accfe826abc4121328f607c7f28
    SHA-256: c408ca22ac4e6d68ca319fded59392f7ad079ae8b90ae67919847f9c61a7bd56
    Size: 56.18 MB