ALT Linux Team

Branch c9f2 update on 2021-09-15

2021-09-15

ALT-BU-2021-4199-1

Branch c9f2 update bulletin.

ALT-PU-2021-2794-1

Package thunderbird updated to version 78.14.0-alt0.c9.1 for branch c9f2 in task 284962.

Closed vulnerabilities

Published: 2021-09-08

BDU:2021-04558

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2021-11-03
Modified: 2024-11-21

CVE-2021-38492

When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
Published: 2021-11-03
Modified: 2024-11-21

CVE-2021-38493

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:

Closed bugs

Bug #40907

В системе отсутствует пакет libotr5, из-за чего переписка в чате thunderbird выглядит нечитаемо. Нет возможности выставить статус шифрования

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top