Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: glsamaker@g.o
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202209-18 ] Mozilla Thunderbird: Multiple Vulnerabilities
Date: Thu, 29 Sep 2022 14:40:28
Message-Id: 166446132683.9.83807034271615105@90bb6a0775af
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202209-18
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Mozilla Thunderbird: Multiple Vulnerabilities
9 Date: September 29, 2022
10 Bugs: #872572
11 ID: 202209-18
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Mozilla Thunderbird, the
19 world of which could result in arbitrary code execution.
20
21 Background
22 ==========
23
24 Mozilla Thunderbird is a popular open-source email client from the
25 Mozilla project.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 mail-client/thunderbird < 102.3.0 >= 102.3.0
34 2 mail-client/thunderbird-bin < 102.3.0 >= 102.3.0
35
36 Description
37 ===========
38
39 Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
40 Please review the CVE identifiers referenced below for details.
41
42 Impact
43 ======
44
45 Please review the referenced CVE identifiers for details.
46
47 Workaround
48 ==========
49
50 There is no known workaround at this time.
51
52 Resolution
53 ==========
54
55 All Mozilla Thunderbird users should upgrade to the latest version:
56
57 # emerge --sync
58 # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.3.0"
59
60 All Mozilla Thunderbird binary users should upgrade to the latest
61 version:
62
63 # emerge --sync
64 # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.3.0"
65
66 References
67 ==========
68
69 [ 1 ] CVE-2022-3155
70 https://nvd.nist.gov/vuln/detail/CVE-2022-3155
71 [ 2 ] CVE-2022-40956
72 https://nvd.nist.gov/vuln/detail/CVE-2022-40956
73 [ 3 ] CVE-2022-40957
74 https://nvd.nist.gov/vuln/detail/CVE-2022-40957
75 [ 4 ] CVE-2022-40958
76 https://nvd.nist.gov/vuln/detail/CVE-2022-40958
77 [ 5 ] CVE-2022-40959
78 https://nvd.nist.gov/vuln/detail/CVE-2022-40959
79 [ 6 ] CVE-2022-40960
80 https://nvd.nist.gov/vuln/detail/CVE-2022-40960
81 [ 7 ] CVE-2022-40962
82 https://nvd.nist.gov/vuln/detail/CVE-2022-40962
83
84 Availability
85 ============
86
87 This GLSA and any updates to it are available for viewing at
88 the Gentoo Security Website:
89
90 https://security.gentoo.org/glsa/202209-18
91
92 Concerns?
93 =========
94
95 Security is a primary focus of Gentoo Linux and ensuring the
96 confidentiality and security of our users' machines is of utmost
97 importance to us. Any security concerns should be addressed to
98 security@g.o or alternatively, you may file a bug at
99 https://bugs.gentoo.org.
100
101 License
102 =======
103
104 Copyright 2022 Gentoo Foundation, Inc; referenced text
105 belongs to its owner(s).
106
107 The contents of this document are licensed under the
108 Creative Commons - Attribution / Share Alike license.
109
110 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups