ALT-BU-2018-3664-1
Branch sisyphus update bulletin.
Package thunderbird updated to version 60.4.0-alt1 for branch sisyphus in task 218477.
Closed vulnerabilities
BDU:2019-01422
Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код
BDU:2019-01423
Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с целочисленным переполнением, позволяющая нарушителю осуществить запись за границами буфера в памяти
BDU:2019-01424
Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с использованием памяти после освобождения, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2019-01425
Уязвимость графической библиотеки Skia веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2019-01426
Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с недостатками механизмов ограничения домена (Same Origin Policy), позволяющая нарушителю перенаправить пользователя на вредоносный сайт
Modified: 2024-11-21
CVE-2018-12405
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
- 106168
- 106168
- RHSA-2018:3831
- RHSA-2018:3831
- RHSA-2018:3833
- RHSA-2018:3833
- RHSA-2019:0159
- RHSA-2019:0159
- RHSA-2019:0160
- RHSA-2019:0160
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471
- [debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update
- [debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update
- GLSA-201903-04
- GLSA-201903-04
- USN-3844-1
- USN-3844-1
- USN-3868-1
- USN-3868-1
- DSA-4354
- DSA-4354
- DSA-4362
- DSA-4362
- https://www.mozilla.org/security/advisories/mfsa2018-29/
- https://www.mozilla.org/security/advisories/mfsa2018-29/
- https://www.mozilla.org/security/advisories/mfsa2018-30/
- https://www.mozilla.org/security/advisories/mfsa2018-30/
- https://www.mozilla.org/security/advisories/mfsa2018-31/
- https://www.mozilla.org/security/advisories/mfsa2018-31/
Modified: 2024-11-21
CVE-2018-18492
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
- 106168
- 106168
- RHSA-2018:3831
- RHSA-2018:3831
- RHSA-2018:3833
- RHSA-2018:3833
- RHSA-2019:0159
- RHSA-2019:0159
- RHSA-2019:0160
- RHSA-2019:0160
- https://bugzilla.mozilla.org/show_bug.cgi?id=1499861
- https://bugzilla.mozilla.org/show_bug.cgi?id=1499861
- [debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update
- [debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update
- GLSA-201903-04
- GLSA-201903-04
- USN-3844-1
- USN-3844-1
- USN-3868-1
- USN-3868-1
- DSA-4354
- DSA-4354
- DSA-4362
- DSA-4362
- https://www.mozilla.org/security/advisories/mfsa2018-29/
- https://www.mozilla.org/security/advisories/mfsa2018-29/
- https://www.mozilla.org/security/advisories/mfsa2018-30/
- https://www.mozilla.org/security/advisories/mfsa2018-30/
- https://www.mozilla.org/security/advisories/mfsa2018-31/
- https://www.mozilla.org/security/advisories/mfsa2018-31/
Modified: 2024-11-21
CVE-2018-18493
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
- 106168
- 106168
- RHSA-2018:3831
- RHSA-2018:3831
- RHSA-2018:3833
- RHSA-2018:3833
- RHSA-2019:0159
- RHSA-2019:0159
- RHSA-2019:0160
- RHSA-2019:0160
- https://bugzilla.mozilla.org/show_bug.cgi?id=1504452
- https://bugzilla.mozilla.org/show_bug.cgi?id=1504452
- [debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update
- [debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update
- GLSA-201903-04
- GLSA-201903-04
- USN-3844-1
- USN-3844-1
- USN-3868-1
- USN-3868-1
- DSA-4354
- DSA-4354
- DSA-4362
- DSA-4362
- https://www.mozilla.org/security/advisories/mfsa2018-29/
- https://www.mozilla.org/security/advisories/mfsa2018-29/
- https://www.mozilla.org/security/advisories/mfsa2018-30/
- https://www.mozilla.org/security/advisories/mfsa2018-30/
- https://www.mozilla.org/security/advisories/mfsa2018-31/
- https://www.mozilla.org/security/advisories/mfsa2018-31/
Modified: 2024-11-21
CVE-2018-18494
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
- 106168
- 106168
- RHSA-2018:3831
- RHSA-2018:3831
- RHSA-2018:3833
- RHSA-2018:3833
- RHSA-2019:0159
- RHSA-2019:0159
- RHSA-2019:0160
- RHSA-2019:0160
- https://bugzilla.mozilla.org/show_bug.cgi?id=1487964
- https://bugzilla.mozilla.org/show_bug.cgi?id=1487964
- [debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update
- [debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update
- GLSA-201903-04
- GLSA-201903-04
- USN-3844-1
- USN-3844-1
- USN-3868-1
- USN-3868-1
- DSA-4354
- DSA-4354
- DSA-4362
- DSA-4362
- https://www.mozilla.org/security/advisories/mfsa2018-29/
- https://www.mozilla.org/security/advisories/mfsa2018-29/
- https://www.mozilla.org/security/advisories/mfsa2018-30/
- https://www.mozilla.org/security/advisories/mfsa2018-30/
- https://www.mozilla.org/security/advisories/mfsa2018-31/
- https://www.mozilla.org/security/advisories/mfsa2018-31/
Modified: 2024-11-21
CVE-2018-18498
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
- 106168
- 106168
- RHSA-2018:3831
- RHSA-2018:3831
- RHSA-2018:3833
- RHSA-2018:3833
- RHSA-2019:0159
- RHSA-2019:0159
- RHSA-2019:0160
- RHSA-2019:0160
- https://bugzilla.mozilla.org/show_bug.cgi?id=1500011
- https://bugzilla.mozilla.org/show_bug.cgi?id=1500011
- [debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update
- [debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update
- GLSA-201903-04
- GLSA-201903-04
- USN-3844-1
- USN-3844-1
- USN-3868-1
- USN-3868-1
- DSA-4354
- DSA-4354
- DSA-4362
- DSA-4362
- https://www.mozilla.org/security/advisories/mfsa2018-29/
- https://www.mozilla.org/security/advisories/mfsa2018-29/
- https://www.mozilla.org/security/advisories/mfsa2018-30/
- https://www.mozilla.org/security/advisories/mfsa2018-30/
- https://www.mozilla.org/security/advisories/mfsa2018-31/
- https://www.mozilla.org/security/advisories/mfsa2018-31/
Closed bugs
hsh failed to create src.rpm file