thunderbird-68.3.0-3.AXS4
エラータID: AXSA:2019-4404:04
リリース日:
2019/12/13 Friday - 08:56
題名:
thunderbird-68.3.0-3.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Thunderbirdには、プレーンテキストのシリアライザが、ol要素の個数長を持つ
固定長配列を処理可能でしたが、静的配列がメモリ破壊や、クラッシュを
引き起こす脆弱性があります。 (CVE-2019-17005)
- Thunderbirdでは、入れ子になっているワーカで、ワーカの破壊を引き起こす
ことができ、クラッシュする脆弱性があります。(CVE-2019-17008)
- Thunderbirdには、フィンガープリンティング対策で優先順位の確認時に、
競合状態にあるとクラッシュする脆弱性があります。(CVE-2019-17010)
- Thunderbirdには、特定状況下で、DoCShellからのドキュメントの取り出し時に
競合状態が発生し、クラッシュする脆弱性があります。(CVE-2019-17011)
- Thunderbirdには、メモリの安全性に関するバグが発見されており、メモリ破壊と
任意コードが実行可能な脆弱性がありました。(CVE-2019-17012)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-17005
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17008
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17010
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17011
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17012
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
追加情報:
N/A
ダウンロード:
SRPMS
- thunderbird-68.3.0-3.AXS4.src.rpm
MD5: 5e83560b9b382ca0fb4ab98b52a3a791
SHA-256: 77617ca8ed85e5a235ff317bab7f4abb58b1543d92254cfc86ee65048af0b012
Size: 516.44 MB
Asianux Server 4 for x86
- thunderbird-68.3.0-3.AXS4.i686.rpm
MD5: db57777c90620461d878e61899c7487e
SHA-256: 0a8a8fdb41743a21329be44230a9e5bc572df60f6f014d62bfafe6cd0b85ae7f
Size: 109.36 MB
Asianux Server 4 for x86_64
- thunderbird-68.3.0-3.AXS4.x86_64.rpm
MD5: 511dc4460bea3b43e9cf7a0903e60e43
SHA-256: 3d20078f4265efffd6e53470811000f16ec6ac8581cd6d754b2cf706309e4294
Size: 109.07 MB
English