thunderbird-52.5.2-1.AXS4

エラータID: AXSA:2018-2506:01

リリース日: 
2018/01/08 Monday - 16:38
題名: 
thunderbird-52.5.2-1.AXS4
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- 現時点では CVE-2017-7846, CVE-2017-7847, CVE-2017-7848, CVE-2017-7829 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2017-7829
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.
CVE-2017-7846
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2.
CVE-2017-7847
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.
CVE-2017-7848
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. thunderbird-52.5.2-1.AXS4.src.rpm
    MD5: 6b5443e58fbe6614e136122e0086cfda
    SHA-256: f396bb4357d05cdd79232c84411376ea11d9ed86d3bf33b1cd4d08417d5c50ab
    Size: 400.44 MB

Asianux Server 4 for x86
  1. thunderbird-52.5.2-1.AXS4.i686.rpm
    MD5: 6d7ca47f11c2f981cc5fdef85eac62f5
    SHA-256: 72d5d39f965bb144674a647bb9687201dc703b5b463e03479ba90cae66abb8ef
    Size: 72.86 MB

Asianux Server 4 for x86_64
  1. thunderbird-52.5.2-1.AXS4.x86_64.rpm
    MD5: 00c150461964bc60c62d2e8452bc0234
    SHA-256: 89a6ca4bb05c5accf246c5719277dd7501440369c1b8827388fc02c476e25996
    Size: 72.30 MB