thunderbird-91.7.0-2.el8.ML.1
エラータID: AXSA:2022-3104:04
リリース日:
2022/03/16 Wednesday - 07:41
題名:
thunderbird-91.7.0-2.el8.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libexpat には、UTF-8 の文字が妥当であるかなど、エンコーディングに関する特定の
検証に問題があります。(CVE-2022-25235)
- libexpat には、攻撃者により名前空間 URI に名前空間セパレータ文字を挿入する
ことが可能な脆弱性があります。(CVE-2022-25236)
- libexpat の storeRawNames() には、整数オーバーフローの脆弱性があります。
(CVE-2022-25315)
現時点では CVE-2022-26485, CVE-2022-26486, CVE-2022-26381, CVE-2022-26383,
CVE-2022-26384, CVE-2022-26387, CVE-2022-0566, CVE-2022-26386 の情報が公開されて
おりません。CVE の情報が公開され次第情報をアップデートいたします。
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-0566
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-25235
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVE-2022-25236
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVE-2022-26381
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-26383
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-26384
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-26386
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-26387
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-26485
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-26486
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
追加情報:
N/A
ダウンロード:
SRPMS
- thunderbird-91.7.0-2.el8.ML.1.src.rpm
MD5: c6a9eee9efb1f9bc00a74a648189f0b2
SHA-256: febafd0ec915152760b81d7cc443b43a1570485f7be7bd5d480bdeb3c7c61cd7
Size: 512.22 MB
Asianux Server 8 for x86_64
- thunderbird-91.7.0-2.el8.ML.1.x86_64.rpm
MD5: 85bf19a28fded7acf3fc26507d148653
SHA-256: fbe99ff2e9f1afa2773139ec98981d34cc4c1e1331bc26f7d12a54927cd79e98
Size: 100.31 MB
English