ALT-BU-2017-2980-1
Branch p8 update bulletin.
Package thunderbird updated to version 45.8.0-alt0.M80P.1 for branch p8 in task 179278.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2017-5400
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
- http://rhn.redhat.com/errata/RHSA-2017-0459.html
- http://rhn.redhat.com/errata/RHSA-2017-0461.html
- http://rhn.redhat.com/errata/RHSA-2017-0498.html
- http://www.securityfocus.com/bid/96654
- http://www.securitytracker.com/id/1037966
- https://bugzilla.mozilla.org/show_bug.cgi?id=1334933
- https://security.gentoo.org/glsa/201705-06
- https://security.gentoo.org/glsa/201705-07
- https://www.debian.org/security/2017/dsa-3805
- https://www.debian.org/security/2017/dsa-3832
- https://www.mozilla.org/security/advisories/mfsa2017-05/
- https://www.mozilla.org/security/advisories/mfsa2017-06/
- https://www.mozilla.org/security/advisories/mfsa2017-07/
- https://www.mozilla.org/security/advisories/mfsa2017-09/
- http://rhn.redhat.com/errata/RHSA-2017-0459.html
- http://rhn.redhat.com/errata/RHSA-2017-0461.html
- http://rhn.redhat.com/errata/RHSA-2017-0498.html
- http://www.securityfocus.com/bid/96654
- http://www.securitytracker.com/id/1037966
- https://bugzilla.mozilla.org/show_bug.cgi?id=1334933
- https://security.gentoo.org/glsa/201705-06
- https://security.gentoo.org/glsa/201705-07
- https://www.debian.org/security/2017/dsa-3805
- https://www.debian.org/security/2017/dsa-3832
- https://www.mozilla.org/security/advisories/mfsa2017-05/
- https://www.mozilla.org/security/advisories/mfsa2017-06/
- https://www.mozilla.org/security/advisories/mfsa2017-07/
- https://www.mozilla.org/security/advisories/mfsa2017-09/
Modified: 2024-11-21
CVE-2017-5401
A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
- http://rhn.redhat.com/errata/RHSA-2017-0459.html
- http://rhn.redhat.com/errata/RHSA-2017-0461.html
- http://rhn.redhat.com/errata/RHSA-2017-0498.html
- http://www.securityfocus.com/bid/96677
- http://www.securitytracker.com/id/1037966
- https://bugzilla.mozilla.org/show_bug.cgi?id=1328861
- https://security.gentoo.org/glsa/201705-06
- https://security.gentoo.org/glsa/201705-07
- https://www.debian.org/security/2017/dsa-3805
- https://www.debian.org/security/2017/dsa-3832
- https://www.mozilla.org/security/advisories/mfsa2017-05/
- https://www.mozilla.org/security/advisories/mfsa2017-06/
- https://www.mozilla.org/security/advisories/mfsa2017-07/
- https://www.mozilla.org/security/advisories/mfsa2017-09/
- http://rhn.redhat.com/errata/RHSA-2017-0459.html
- http://rhn.redhat.com/errata/RHSA-2017-0461.html
- http://rhn.redhat.com/errata/RHSA-2017-0498.html
- http://www.securityfocus.com/bid/96677
- http://www.securitytracker.com/id/1037966
- https://bugzilla.mozilla.org/show_bug.cgi?id=1328861
- https://security.gentoo.org/glsa/201705-06
- https://security.gentoo.org/glsa/201705-07
- https://www.debian.org/security/2017/dsa-3805
- https://www.debian.org/security/2017/dsa-3832
- https://www.mozilla.org/security/advisories/mfsa2017-05/
- https://www.mozilla.org/security/advisories/mfsa2017-06/
- https://www.mozilla.org/security/advisories/mfsa2017-07/
- https://www.mozilla.org/security/advisories/mfsa2017-09/
Modified: 2024-11-21
CVE-2017-5402
A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
- http://rhn.redhat.com/errata/RHSA-2017-0459.html
- http://rhn.redhat.com/errata/RHSA-2017-0461.html
- http://rhn.redhat.com/errata/RHSA-2017-0498.html
- http://www.securityfocus.com/bid/96664
- http://www.securitytracker.com/id/1037966
- https://bugzilla.mozilla.org/show_bug.cgi?id=1334876
- https://security.gentoo.org/glsa/201705-06
- https://security.gentoo.org/glsa/201705-07
- https://www.debian.org/security/2017/dsa-3805
- https://www.debian.org/security/2017/dsa-3832
- https://www.mozilla.org/security/advisories/mfsa2017-05/
- https://www.mozilla.org/security/advisories/mfsa2017-06/
- https://www.mozilla.org/security/advisories/mfsa2017-07/
- https://www.mozilla.org/security/advisories/mfsa2017-09/
- http://rhn.redhat.com/errata/RHSA-2017-0459.html
- http://rhn.redhat.com/errata/RHSA-2017-0461.html
- http://rhn.redhat.com/errata/RHSA-2017-0498.html
- http://www.securityfocus.com/bid/96664
- http://www.securitytracker.com/id/1037966
- https://bugzilla.mozilla.org/show_bug.cgi?id=1334876
- https://security.gentoo.org/glsa/201705-06
- https://security.gentoo.org/glsa/201705-07
- https://www.debian.org/security/2017/dsa-3805
- https://www.debian.org/security/2017/dsa-3832
- https://www.mozilla.org/security/advisories/mfsa2017-05/
- https://www.mozilla.org/security/advisories/mfsa2017-06/
- https://www.mozilla.org/security/advisories/mfsa2017-07/
- https://www.mozilla.org/security/advisories/mfsa2017-09/
Modified: 2024-11-21
CVE-2017-5404
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
- http://rhn.redhat.com/errata/RHSA-2017-0459.html
- http://rhn.redhat.com/errata/RHSA-2017-0461.html
- http://rhn.redhat.com/errata/RHSA-2017-0498.html
- http://www.securityfocus.com/bid/96664
- http://www.securitytracker.com/id/1037966
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340138
- https://security.gentoo.org/glsa/201705-06
- https://security.gentoo.org/glsa/201705-07
- https://www.debian.org/security/2017/dsa-3805
- https://www.debian.org/security/2017/dsa-3832
- https://www.exploit-db.com/exploits/41660/
- https://www.mozilla.org/security/advisories/mfsa2017-05/
- https://www.mozilla.org/security/advisories/mfsa2017-06/
- https://www.mozilla.org/security/advisories/mfsa2017-07/
- https://www.mozilla.org/security/advisories/mfsa2017-09/
- http://rhn.redhat.com/errata/RHSA-2017-0459.html
- http://rhn.redhat.com/errata/RHSA-2017-0461.html
- http://rhn.redhat.com/errata/RHSA-2017-0498.html
- http://www.securityfocus.com/bid/96664
- http://www.securitytracker.com/id/1037966
- https://bugzilla.mozilla.org/show_bug.cgi?id=1340138
- https://security.gentoo.org/glsa/201705-06
- https://security.gentoo.org/glsa/201705-07
- https://www.debian.org/security/2017/dsa-3805
- https://www.debian.org/security/2017/dsa-3832
- https://www.exploit-db.com/exploits/41660/
- https://www.mozilla.org/security/advisories/mfsa2017-05/
- https://www.mozilla.org/security/advisories/mfsa2017-06/
- https://www.mozilla.org/security/advisories/mfsa2017-07/
- https://www.mozilla.org/security/advisories/mfsa2017-09/
Modified: 2024-11-21
CVE-2017-5405
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
- http://rhn.redhat.com/errata/RHSA-2017-0459.html
- http://rhn.redhat.com/errata/RHSA-2017-0461.html
- http://rhn.redhat.com/errata/RHSA-2017-0498.html
- http://www.securityfocus.com/bid/96693
- http://www.securitytracker.com/id/1037966
- https://bugzilla.mozilla.org/show_bug.cgi?id=1336699
- https://security.gentoo.org/glsa/201705-06
- https://security.gentoo.org/glsa/201705-07
- https://www.debian.org/security/2017/dsa-3805
- https://www.debian.org/security/2017/dsa-3832
- https://www.mozilla.org/security/advisories/mfsa2017-05/
- https://www.mozilla.org/security/advisories/mfsa2017-06/
- https://www.mozilla.org/security/advisories/mfsa2017-07/
- https://www.mozilla.org/security/advisories/mfsa2017-09/
- http://rhn.redhat.com/errata/RHSA-2017-0459.html
- http://rhn.redhat.com/errata/RHSA-2017-0461.html
- http://rhn.redhat.com/errata/RHSA-2017-0498.html
- http://www.securityfocus.com/bid/96693
- http://www.securitytracker.com/id/1037966
- https://bugzilla.mozilla.org/show_bug.cgi?id=1336699
- https://security.gentoo.org/glsa/201705-06
- https://security.gentoo.org/glsa/201705-07
- https://www.debian.org/security/2017/dsa-3805
- https://www.debian.org/security/2017/dsa-3832
- https://www.mozilla.org/security/advisories/mfsa2017-05/
- https://www.mozilla.org/security/advisories/mfsa2017-06/
- https://www.mozilla.org/security/advisories/mfsa2017-07/
- https://www.mozilla.org/security/advisories/mfsa2017-09/
Modified: 2024-11-21
CVE-2017-5408
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
- http://rhn.redhat.com/errata/RHSA-2017-0459.html
- http://rhn.redhat.com/errata/RHSA-2017-0461.html
- http://rhn.redhat.com/errata/RHSA-2017-0498.html
- http://www.securityfocus.com/bid/96693
- http://www.securitytracker.com/id/1037966
- https://bugzilla.mozilla.org/show_bug.cgi?id=1313711
- https://security.gentoo.org/glsa/201705-06
- https://security.gentoo.org/glsa/201705-07
- https://www.debian.org/security/2017/dsa-3805
- https://www.debian.org/security/2017/dsa-3832
- https://www.mozilla.org/security/advisories/mfsa2017-05/
- https://www.mozilla.org/security/advisories/mfsa2017-06/
- https://www.mozilla.org/security/advisories/mfsa2017-07/
- https://www.mozilla.org/security/advisories/mfsa2017-09/
- http://rhn.redhat.com/errata/RHSA-2017-0459.html
- http://rhn.redhat.com/errata/RHSA-2017-0461.html
- http://rhn.redhat.com/errata/RHSA-2017-0498.html
- http://www.securityfocus.com/bid/96693
- http://www.securitytracker.com/id/1037966
- https://bugzilla.mozilla.org/show_bug.cgi?id=1313711
- https://security.gentoo.org/glsa/201705-06
- https://security.gentoo.org/glsa/201705-07
- https://www.debian.org/security/2017/dsa-3805
- https://www.debian.org/security/2017/dsa-3832
- https://www.mozilla.org/security/advisories/mfsa2017-05/
- https://www.mozilla.org/security/advisories/mfsa2017-06/
- https://www.mozilla.org/security/advisories/mfsa2017-07/
- https://www.mozilla.org/security/advisories/mfsa2017-09/
Modified: 2024-11-21
CVE-2017-5410
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
- http://rhn.redhat.com/errata/RHSA-2017-0459.html
- http://rhn.redhat.com/errata/RHSA-2017-0461.html
- http://rhn.redhat.com/errata/RHSA-2017-0498.html
- http://www.securityfocus.com/bid/96693
- http://www.securitytracker.com/id/1037966
- https://bugzilla.mozilla.org/show_bug.cgi?id=1330687
- https://security.gentoo.org/glsa/201705-06
- https://security.gentoo.org/glsa/201705-07
- https://www.debian.org/security/2017/dsa-3805
- https://www.debian.org/security/2017/dsa-3832
- https://www.mozilla.org/security/advisories/mfsa2017-05/
- https://www.mozilla.org/security/advisories/mfsa2017-06/
- https://www.mozilla.org/security/advisories/mfsa2017-07/
- https://www.mozilla.org/security/advisories/mfsa2017-09/
- http://rhn.redhat.com/errata/RHSA-2017-0459.html
- http://rhn.redhat.com/errata/RHSA-2017-0461.html
- http://rhn.redhat.com/errata/RHSA-2017-0498.html
- http://www.securityfocus.com/bid/96693
- http://www.securitytracker.com/id/1037966
- https://bugzilla.mozilla.org/show_bug.cgi?id=1330687
- https://security.gentoo.org/glsa/201705-06
- https://security.gentoo.org/glsa/201705-07
- https://www.debian.org/security/2017/dsa-3805
- https://www.debian.org/security/2017/dsa-3832
- https://www.mozilla.org/security/advisories/mfsa2017-05/
- https://www.mozilla.org/security/advisories/mfsa2017-06/
- https://www.mozilla.org/security/advisories/mfsa2017-07/
- https://www.mozilla.org/security/advisories/mfsa2017-09/
Closed vulnerabilities
Modified: 2025-04-20
CVE-2017-7869
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
- http://www.securityfocus.com/bid/97040
- https://access.redhat.com/errata/RHSA-2017:2292
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
- https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe
- https://www.gnutls.org/security.html
- http://www.securityfocus.com/bid/97040
- https://access.redhat.com/errata/RHSA-2017:2292
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
- https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe
- https://www.gnutls.org/security.html
Closed vulnerabilities
Modified: 2025-04-20
CVE-2016-10109
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.
- http://www.debian.org/security/2017/dsa-3752
- http://www.openwall.com/lists/oss-security/2017/01/03/3
- http://www.securityfocus.com/bid/95263
- http://www.ubuntu.com/usn/USN-3176-1
- https://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://salsa.debian.org/rousseau/PCSC/-/commit/697fe05967af7ea215bcd5d5774be587780c9e22
- https://security.gentoo.org/glsa/201702-01
- http://www.debian.org/security/2017/dsa-3752
- http://www.openwall.com/lists/oss-security/2017/01/03/3
- http://www.securityfocus.com/bid/95263
- http://www.ubuntu.com/usn/USN-3176-1
- https://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://salsa.debian.org/rousseau/PCSC/-/commit/697fe05967af7ea215bcd5d5774be587780c9e22
- https://security.gentoo.org/glsa/201702-01
Closed bugs
Zabbix Java gateway