thunderbird-52.8.0-2.AXS4

エラータID: AXSA:2018-3120:04

Release date: 
Friday, May 25, 2018 - 20:57
Subject: 
thunderbird-52.8.0-2.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 52.8.0.

Security Fix(es):

* Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (CVE-2018-5150)

* Mozilla: Backport critical security fixes in Skia (CVE-2018-5183)

* Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154)

* Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155)

* Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159)

* Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack (CVE-2018-5184)

* Mozilla: Hang via malformed headers (CVE-2018-5161)

* Mozilla: Encrypted mail leaks plaintext through src attribute (CVE-2018-5162)

* Mozilla: Lightweight themes can be installed without user interaction (CVE-2018-5168)

* Mozilla: Filename spoofing for external attachments (CVE-2018-5170)

* Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (CVE-2018-5178)

* Mozilla: Leaking plaintext through HTML forms (CVE-2018-5185)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Asianux would like to thank the Mozilla project for reporting CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178, and CVE-2018-5183. Upstream acknowledges Christoph Diehl, Randell Jesup, Tyson Smith, Alex Gaynor, Ronald Crane, Julian Hector, Kannan Vijayan, Jason Kratzer, Mozilla Developers, Nils, Ivan Fratric, Wladimir Palant, and Root Object as the original reporters.

CVE-2018-5150
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5154
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5155
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5159
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5161
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5162
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5168
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5170
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5178
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5183
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5184
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
CVE-2018-5185
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2018-5150
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
CVE-2018-5154
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
CVE-2018-5155
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
CVE-2018-5159
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
CVE-2018-5161
Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5162
Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5168
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
CVE-2018-5170
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5178
A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.
CVE-2018-5183
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.
CVE-2018-5184
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5185
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
Additional Info: 

N/A

Download: 

SRPMS
  1. thunderbird-52.8.0-2.AXS4.src.rpm
    MD5: 1ee990181cd6742386fb102c6a5dde91
    SHA-256: 577917672f8240adbe3ffe92cc15c580f9969d5d155ae29179307a27a0242acd
    Size: 400.46 MB

Asianux Server 4 for x86
  1. thunderbird-52.8.0-2.AXS4.i686.rpm
    MD5: 4ec561c167e0f02cf82e6f643b95d9e7
    SHA-256: 74a422876c7b2f43ff2a72a66fcb5b404c0a56f7418d0c5b57ffec7c34b2978f
    Size: 72.90 MB

Asianux Server 4 for x86_64
  1. thunderbird-52.8.0-2.AXS4.x86_64.rpm
    MD5: cc450b1d8a8fbc5b24f714a1c04260e9
    SHA-256: 58289ab4c83c0bb76fc6aee5317de83ead79ed109924635e691e41c3b03f7429
    Size: 72.34 MB