drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Mozilla Thunderbird
Name: |
Mehrere Probleme in Mozilla Thunderbird |
|
ID: |
201803-14 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Mi, 28. März 2018, 22:15 |
|
Referenzen: |
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7801
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7823
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7784
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7805
https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/
https://nvd.nist.gov/vuln/detail/CVE-2018-5096
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7824
https://nvd.nist.gov/vuln/detail/CVE-2017-7830
https://nvd.nist.gov/vuln/detail/CVE-2018-5117
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7819
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/
https://nvd.nist.gov/vuln/detail/CVE-2018-5089
https://nvd.nist.gov/vuln/detail/CVE-2017-7829
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7786
https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/
https://nvd.nist.gov/vuln/detail/CVE-2017-7828
https://nvd.nist.gov/vuln/detail/CVE-2018-5102
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7814
https://nvd.nist.gov/vuln/detail/CVE-2018-5095
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7753
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7807
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7809
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7825
https://nvd.nist.gov/vuln/detail/CVE-2017-7848
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7810
https://nvd.nist.gov/vuln/detail/CVE-2018-5097
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7793
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7787
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/
https://nvd.nist.gov/vuln/detail/CVE-2017-7846
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7792
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7802
https://nvd.nist.gov/vuln/detail/CVE-2017-7826
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7803
https://nvd.nist.gov/vuln/detail/CVE-2018-5104
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7779
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7800
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7818
https://nvd.nist.gov/vuln/detail/CVE-2018-5098
https://nvd.nist.gov/vuln/detail/CVE-2018-5099
https://nvd.nist.gov/vuln/detail/CVE-2018-5103
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7791
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/
https://nvd.nist.gov/vuln/detail/CVE-2017-7847
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7785 |
|
Applikationen: |
Mozilla Thunderbird |
|
Originalnachricht |
--y2zxS2PfCDLh6JVG Content-Type: text/plain; charset=utf-8 Content-Disposition: inlin Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201803-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: Mozilla Thunderbird: Multiple vulnerabilities Date: March 28, 2018 Bugs: #627376, #639048, #643842, #645812, #645820 ID: 201803-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code.
Background ==========
Mozilla Thunderbird is a popular open-source email client from the Mozilla project.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/thunderbird < 52.6.0 >= 52.6.0 2 mail-client/thunderbird-bin < 52.6.0 >= 52.6.0 ------------------------------------------------------------------- 2 affected packages
Description ===========
Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below for details.
Impact ======
A remote attacker may be able to execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, conduct URL hijacking, or conduct cross-site scripting (XSS).
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All Thunderbird users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-52.6.0"
All Thunderbird binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-52.6.0"
References ==========
[ 1 ] CVE-2017-7753 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7753 [ 2 ] CVE-2017-7779 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7779 [ 3 ] CVE-2017-7784 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7784 [ 4 ] CVE-2017-7785 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7785 [ 5 ] CVE-2017-7786 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7786 [ 6 ] CVE-2017-7787 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7787 [ 7 ] CVE-2017-7791 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7791 [ 8 ] CVE-2017-7792 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7792 [ 9 ] CVE-2017-7793 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7793 [ 10 ] CVE-2017-7800 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7800 [ 11 ] CVE-2017-7801 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7801 [ 12 ] CVE-2017-7802 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7802 [ 13 ] CVE-2017-7803 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7803 [ 14 ] CVE-2017-7805 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7805 [ 15 ] CVE-2017-7807 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7807 [ 16 ] CVE-2017-7809 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7809 [ 17 ] CVE-2017-7810 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7810 [ 18 ] CVE-2017-7814 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7814 [ 19 ] CVE-2017-7818 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7818 [ 20 ] CVE-2017-7819 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7819 [ 21 ] CVE-2017-7823 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7823 [ 22 ] CVE-2017-7824 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7824 [ 23 ] CVE-2017-7825 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7825 [ 24 ] CVE-2017-7826 https://nvd.nist.gov/vuln/detail/CVE-2017-7826 [ 25 ] CVE-2017-7828 https://nvd.nist.gov/vuln/detail/CVE-2017-7828 [ 26 ] CVE-2017-7829 https://nvd.nist.gov/vuln/detail/CVE-2017-7829 [ 27 ] CVE-2017-7830 https://nvd.nist.gov/vuln/detail/CVE-2017-7830 [ 28 ] CVE-2017-7846 https://nvd.nist.gov/vuln/detail/CVE-2017-7846 [ 29 ] CVE-2017-7847 https://nvd.nist.gov/vuln/detail/CVE-2017-7847 [ 30 ] CVE-2017-7848 https://nvd.nist.gov/vuln/detail/CVE-2017-7848 [ 31 ] CVE-2018-5089 https://nvd.nist.gov/vuln/detail/CVE-2018-5089 [ 32 ] CVE-2018-5095 https://nvd.nist.gov/vuln/detail/CVE-2018-5095 [ 33 ] CVE-2018-5096 https://nvd.nist.gov/vuln/detail/CVE-2018-5096 [ 34 ] CVE-2018-5097 https://nvd.nist.gov/vuln/detail/CVE-2018-5097 [ 35 ] CVE-2018-5098 https://nvd.nist.gov/vuln/detail/CVE-2018-5098 [ 36 ] CVE-2018-5099 https://nvd.nist.gov/vuln/detail/CVE-2018-5099 [ 37 ] CVE-2018-5102 https://nvd.nist.gov/vuln/detail/CVE-2018-5102 [ 38 ] CVE-2018-5103 https://nvd.nist.gov/vuln/detail/CVE-2018-5103 [ 39 ] CVE-2018-5104 https://nvd.nist.gov/vuln/detail/CVE-2018-5104 [ 40 ] CVE-2018-5117 https://nvd.nist.gov/vuln/detail/CVE-2018-5117 [ 41 ] Mozilla Foundation Security Advisory 2017-20 https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/ [ 42 ] Mozilla Foundation Security Advisory 2017-23 https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/ [ 43 ] Mozilla Foundation Security Advisory 2017-26 https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/ [ 44 ] Mozilla Foundation Security Advisory 2017-30 https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/ [ 45 ] Mozilla Foundation Security Advisory 2018-04 https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201803-14
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
--y2zxS2PfCDLh6JVG Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEiDRK3jyVBE/RkymqpRQw84X1dt0FAlq73eoACgkQpRQw84X1 dt2/8Af/TFogyAXEZCQKoeqCFy/KY1Zvi5XHLixLlFoawZX/t0Wyjo+xtohbrvA2 JF5Qq6c/iOvDpfoRROntq+b8SGwrEQq47I+clZY6kL6GgnJOIVTeFp7F8PSByPW3 hnjP52IJGZoUwLVUQlNc8Kha/b3Tb6Zdx9hz9edVNxUYznDW6Ettg7JLFVogr+GF 5t3dEAPsJUjcEN3xEczQ4RorZPgXnwqRov6JIR6nSoSbokF5uyaJA5YHboYxyKIc VICJiTVuQ8hC1HbKVTevw3UYiqrLjxYA/dhzLoBYH7gJQsO9ZtxcUIIvGaMw1wft e/4N4sBvHsoc6jxpMVp05OrH3b8clA== =6uHR -----END PGP SIGNATURE-----
--y2zxS2PfCDLh6JVG--
|
|
|
|