Gentoo Linux Security Advisory 201811-13

Gentoo Linux Security Advisory 201811-13: Posted Nov 24, 2018; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201811-13 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. Versions less than 60.3.0 are affected.; tags | advisory, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2017-16541, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12371, CVE-2018-12372, CVE-2018-12373, CVE-2018-12374, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-12383, CVE-2018-12385, CVE-2018-12389, CVE-2018-12390, CVE-2018-12391, CVE-2018-12392, CVE-2018-12393, CVE-2018-5125; SHA-256 | dfd702cee32bc438649bed899c42ec0c300d02359e8e2217025dfe8241b5cd45; Download | Favorite | View

Gentoo Linux Security Advisory 201811-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201811-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Mozilla Thunderbird: Multiple vulnerabilities
     Date: November 24, 2018
     Bugs: #651862, #656092, #660342, #669960, #670102
       ID: 201811-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Mozilla Thunderbird, the
worst of which could lead to the execution of arbitrary code.

Background
==========

Mozilla Thunderbird is a popular open-source email client from the
Mozilla project.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  mail-client/thunderbird      < 60.3.0                  >= 60.3.0 
  2  mail-client/thunderbird-bin
                                  < 60.3.0                  >= 60.3.0 
    -------------------------------------------------------------------
     2 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
Please review the referenced Mozilla Foundation Security Advisories and
CVE identifiers below for details.

Impact
======

A remote attacker may be able to execute arbitrary code, cause a Denial
of Service condition, obtain sensitive information, or conduct
Cross-Site Request Forgery (CSRF).

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Thunderbird users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-60.3.0"

All Thunderbird binary users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-60.3.0"

References
==========

[  1 ] CVE-2017-16541
       https://nvd.nist.gov/vuln/detail/CVE-2017-16541
[  2 ] CVE-2018-12359
       https://nvd.nist.gov/vuln/detail/CVE-2018-12359
[  3 ] CVE-2018-12360
       https://nvd.nist.gov/vuln/detail/CVE-2018-12360
[  4 ] CVE-2018-12361
       https://nvd.nist.gov/vuln/detail/CVE-2018-12361
[  5 ] CVE-2018-12362
       https://nvd.nist.gov/vuln/detail/CVE-2018-12362
[  6 ] CVE-2018-12363
       https://nvd.nist.gov/vuln/detail/CVE-2018-12363
[  7 ] CVE-2018-12364
       https://nvd.nist.gov/vuln/detail/CVE-2018-12364
[  8 ] CVE-2018-12365
       https://nvd.nist.gov/vuln/detail/CVE-2018-12365
[  9 ] CVE-2018-12366
       https://nvd.nist.gov/vuln/detail/CVE-2018-12366
[ 10 ] CVE-2018-12367
       https://nvd.nist.gov/vuln/detail/CVE-2018-12367
[ 11 ] CVE-2018-12371
       https://nvd.nist.gov/vuln/detail/CVE-2018-12371
[ 12 ] CVE-2018-12372
       https://nvd.nist.gov/vuln/detail/CVE-2018-12372
[ 13 ] CVE-2018-12373
       https://nvd.nist.gov/vuln/detail/CVE-2018-12373
[ 14 ] CVE-2018-12374
       https://nvd.nist.gov/vuln/detail/CVE-2018-12374
[ 15 ] CVE-2018-12376
       https://nvd.nist.gov/vuln/detail/CVE-2018-12376
[ 16 ] CVE-2018-12377
       https://nvd.nist.gov/vuln/detail/CVE-2018-12377
[ 17 ] CVE-2018-12378
       https://nvd.nist.gov/vuln/detail/CVE-2018-12378
[ 18 ] CVE-2018-12379
       https://nvd.nist.gov/vuln/detail/CVE-2018-12379
[ 19 ] CVE-2018-12383
       https://nvd.nist.gov/vuln/detail/CVE-2018-12383
[ 20 ] CVE-2018-12385
       https://nvd.nist.gov/vuln/detail/CVE-2018-12385
[ 21 ] CVE-2018-12389
       https://nvd.nist.gov/vuln/detail/CVE-2018-12389
[ 22 ] CVE-2018-12390
       https://nvd.nist.gov/vuln/detail/CVE-2018-12390
[ 23 ] CVE-2018-12391
       https://nvd.nist.gov/vuln/detail/CVE-2018-12391
[ 24 ] CVE-2018-12392
       https://nvd.nist.gov/vuln/detail/CVE-2018-12392
[ 25 ] CVE-2018-12393
       https://nvd.nist.gov/vuln/detail/CVE-2018-12393
[ 26 ] CVE-2018-5125
       https://nvd.nist.gov/vuln/detail/CVE-2018-5125
[ 27 ] CVE-2018-5127
       https://nvd.nist.gov/vuln/detail/CVE-2018-5127
[ 28 ] CVE-2018-5129
       https://nvd.nist.gov/vuln/detail/CVE-2018-5129
[ 29 ] CVE-2018-5144
       https://nvd.nist.gov/vuln/detail/CVE-2018-5144
[ 30 ] CVE-2018-5145
       https://nvd.nist.gov/vuln/detail/CVE-2018-5145
[ 31 ] CVE-2018-5146
       https://nvd.nist.gov/vuln/detail/CVE-2018-5146
[ 32 ] CVE-2018-5150
       https://nvd.nist.gov/vuln/detail/CVE-2018-5150
[ 33 ] CVE-2018-5154
       https://nvd.nist.gov/vuln/detail/CVE-2018-5154
[ 34 ] CVE-2018-5155
       https://nvd.nist.gov/vuln/detail/CVE-2018-5155
[ 35 ] CVE-2018-5156
       https://nvd.nist.gov/vuln/detail/CVE-2018-5156
[ 36 ] CVE-2018-5159
       https://nvd.nist.gov/vuln/detail/CVE-2018-5159
[ 37 ] CVE-2018-5161
       https://nvd.nist.gov/vuln/detail/CVE-2018-5161
[ 38 ] CVE-2018-5162
       https://nvd.nist.gov/vuln/detail/CVE-2018-5162
[ 39 ] CVE-2018-5168
       https://nvd.nist.gov/vuln/detail/CVE-2018-5168
[ 40 ] CVE-2018-5170
       https://nvd.nist.gov/vuln/detail/CVE-2018-5170
[ 41 ] CVE-2018-5178
       https://nvd.nist.gov/vuln/detail/CVE-2018-5178
[ 42 ] CVE-2018-5183
       https://nvd.nist.gov/vuln/detail/CVE-2018-5183
[ 43 ] CVE-2018-5184
       https://nvd.nist.gov/vuln/detail/CVE-2018-5184
[ 44 ] CVE-2018-5185
       https://nvd.nist.gov/vuln/detail/CVE-2018-5185
[ 45 ] CVE-2018-5187
       https://nvd.nist.gov/vuln/detail/CVE-2018-5187
[ 46 ] CVE-2018-5188
       https://nvd.nist.gov/vuln/detail/CVE-2018-5188

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201811-13

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Gentoo Linux Security Advisory 201811-13

Gentoo Linux Security Advisory 201811-13

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Gentoo Linux Security Advisory 201811-13

Share This

Gentoo Linux Security Advisory 201811-13

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems