thunderbird-78.11.0-1.el8.ML.1
エラータID: AXSA:2021-2302:13
リリース日:
2021/08/09 Monday - 04:29
題名:
thunderbird-78.11.0-1.el8.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Thunderbird には OpenPGP の秘密鍵をユーザーのローカルディスクに暗号化しないで格納する問題があり、
これらにはマスターパスワード保護が働かない脆弱性があります。(CVE-2021-29956)
- Thunderbird には、MIME エンコードされた電子メールが、OpenPGPによりインライン署名された、
もしくは暗号化されたメッセージパートと、追加で保護されていないパートを含んでいた場合、
メッセージの一部だけが保護されていると示さない脆弱性があります。(CVE-2021-29957)
- Firefox にはメモリー内のデータ破壊の問題があり、任意のコードが実行される脆弱性があります。
(CVE-2021-29967)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-29956
OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2.
OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2.
CVE-2021-29957
If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2.
If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2.
CVE-2021-29967
Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.
Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.
追加情報:
N/A
ダウンロード:
SRPMS
- thunderbird-78.11.0-1.el8.ML.1.src.rpm
MD5: 2c0ee822b33d2dd0dee8eedf59d4dd37
SHA-256: b4e25c0344d880a18639c76f55a8bed612f59fb0d861773c569078e404eb4b80
Size: 686.33 MB
Asianux Server 8 for x86_64
- thunderbird-78.11.0-1.el8.ML.1.x86_64.rpm
MD5: a840a50d950a573139aace4df7f33a2b
SHA-256: 5fc9a29b868b81ac1a331fba5cb7d5793b65660fcb2aaca4566f6f0dee9505b5
Size: 93.22 MB