thunderbird-68.10.0-1.AXS4
エラータID: AXSA:2020-225:05
リリース日:
2020/07/17 Friday - 12:55
題名:
thunderbird-68.10.0-1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- thunderbird には、悪意のある JavaScript が、巧妙に細工された
URLオブジェクトを介して境界外読込を引き起こし、プロセスメモリの
リークを引き起こすことのできる脆弱性があります。(CVE-2020-12418)
- thunderbird には、親プロセスでウィンドウがフラッシュする間に起こる
処理がコールバックするとき、解放後使用が起こり、メモリ破損や潜在的な
クラッシュを引き起こす可能性のある脆弱性があります。(CVE-2020-12419)
- thunderbird には、 STUN サーバへ接続するときに競合状態があると
ポインタの解放後使用が起こり、メモリ破損や潜在的なクラッシュを
引き起こす脆弱性があります。(CVE-2020-12420)
- thunderbird は、アドオン更新の実行時において、ビルトインされた
ルート証明書に終端しない証明書チェーンを(たとえそれを管理者が
正当に追加していたとしても)拒否するため、ユーザーが気づくこと
なくバージョンが古いままになってしまう脆弱性があります。(CVE-2020-12421)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-12418
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
CVE-2020-12419
When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
CVE-2020-12420
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
CVE-2020-12421
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
追加情報:
N/A
ダウンロード:
SRPMS
- thunderbird-68.10.0-1.AXS4.src.rpm
MD5: 6be4703dccc7fd5cf5dcded250508129
SHA-256: e3b8578641c583fa5eac6b215d0d041c0536884e51d1dac23ad916d189240516
Size: 516.66 MB
Asianux Server 4 for x86
- thunderbird-68.10.0-1.AXS4.i686.rpm
MD5: 69e7398fd30455ba58f40fb16bf18227
SHA-256: 76a6b62a491cdee1fd4a7301828748be25e28292be04c67d8a996c4ea2b37582
Size: 109.60 MB
Asianux Server 4 for x86_64
- thunderbird-68.10.0-1.AXS4.x86_64.rpm
MD5: 49e4f74127ae5341ae65d99d5c849c67
SHA-256: 226e4625d888a1c4f61d02ba5ab38a0b09b618551c3b28f6c4e0d7e85f1b2792
Size: 109.32 MB
English