Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202005-03 ] Mozilla Thunderbird: Multiple vulnerabilities
Date: Tue, 12 May 2020 23:36:25
Message-Id: c9ca48b4-88a2-87e5-681f-7a837a044f65@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202005-03
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Mozilla Thunderbird: Multiple vulnerabilities
9 Date: May 12, 2020
10 Bugs: #721324
11 ID: 202005-03
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Mozilla Thunderbird, the
19 worst of which could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 Mozilla Thunderbird is a popular open-source email client from the
25 Mozilla project.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 mail-client/thunderbird < 68.8.0 >= 68.8.0
34 2 mail-client/thunderbird-bin
35 < 68.8.0 >= 68.8.0
36 -------------------------------------------------------------------
37 2 affected packages
38
39 Description
40 ===========
41
42 Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
43 Please review the CVE identifiers referenced below for details.
44
45 Impact
46 ======
47
48 A remote attacker may be able to execute arbitrary code, cause a Denial
49 of Service condition or spoof sender email address.
50
51 Workaround
52 ==========
53
54 There is no known workaround at this time.
55
56 Resolution
57 ==========
58
59 All Mozilla Thunderbird users should upgrade to the latest version:
60
61 # emerge --sync
62 # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-68.8.0"
63
64 All Mozilla Thunderbird binary users should upgrade to the latest
65 version:
66
67 # emerge --sync
68 # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-68.8.0"
69
70 References
71 ==========
72
73 [ 1 ] CVE-2020-12387
74 https://nvd.nist.gov/vuln/detail/CVE-2020-12387
75 [ 2 ] CVE-2020-12392
76 https://nvd.nist.gov/vuln/detail/CVE-2020-12392
77 [ 3 ] CVE-2020-12395
78 https://nvd.nist.gov/vuln/detail/CVE-2020-12395
79 [ 4 ] CVE-2020-12397
80 https://nvd.nist.gov/vuln/detail/CVE-2020-12397
81 [ 5 ] CVE-2020-6831
82 https://nvd.nist.gov/vuln/detail/CVE-2020-6831
83 [ 6 ] MFSA-2020-18
84 https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/
85
86 Availability
87 ============
88
89 This GLSA and any updates to it are available for viewing at
90 the Gentoo Security Website:
91
92 https://security.gentoo.org/glsa/202005-03
93
94 Concerns?
95 =========
96
97 Security is a primary focus of Gentoo Linux and ensuring the
98 confidentiality and security of our users' machines is of utmost
99 importance to us. Any security concerns should be addressed to
100 security@g.o or alternatively, you may file a bug at
101 https://bugs.gentoo.org.
102
103 License
104 =======
105
106 Copyright 2020 Gentoo Foundation, Inc; referenced text
107 belongs to its owner(s).
108
109 The contents of this document are licensed under the
110 Creative Commons - Attribution / Share Alike license.
111
112 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature