- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201811-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Thunderbird: Multiple vulnerabilities Date: November 24, 2018 Bugs: #651862, #656092, #660342, #669960, #670102 ID: 201811-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. Background ========== Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/thunderbird < 60.3.0 >= 60.3.0 2 mail-client/thunderbird-bin < 60.3.0 >= 60.3.0 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below for details. Impact ====== A remote attacker may be able to execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, or conduct Cross-Site Request Forgery (CSRF). Workaround ========== There is no known workaround at this time. Resolution ========== All Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-60.3.0" All Thunderbird binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-60.3.0" References ========== [ 1 ] CVE-2017-16541 https://nvd.nist.gov/vuln/detail/CVE-2017-16541 [ 2 ] CVE-2018-12359 https://nvd.nist.gov/vuln/detail/CVE-2018-12359 [ 3 ] CVE-2018-12360 https://nvd.nist.gov/vuln/detail/CVE-2018-12360 [ 4 ] CVE-2018-12361 https://nvd.nist.gov/vuln/detail/CVE-2018-12361 [ 5 ] CVE-2018-12362 https://nvd.nist.gov/vuln/detail/CVE-2018-12362 [ 6 ] CVE-2018-12363 https://nvd.nist.gov/vuln/detail/CVE-2018-12363 [ 7 ] CVE-2018-12364 https://nvd.nist.gov/vuln/detail/CVE-2018-12364 [ 8 ] CVE-2018-12365 https://nvd.nist.gov/vuln/detail/CVE-2018-12365 [ 9 ] CVE-2018-12366 https://nvd.nist.gov/vuln/detail/CVE-2018-12366 [ 10 ] CVE-2018-12367 https://nvd.nist.gov/vuln/detail/CVE-2018-12367 [ 11 ] CVE-2018-12371 https://nvd.nist.gov/vuln/detail/CVE-2018-12371 [ 12 ] CVE-2018-12372 https://nvd.nist.gov/vuln/detail/CVE-2018-12372 [ 13 ] CVE-2018-12373 https://nvd.nist.gov/vuln/detail/CVE-2018-12373 [ 14 ] CVE-2018-12374 https://nvd.nist.gov/vuln/detail/CVE-2018-12374 [ 15 ] CVE-2018-12376 https://nvd.nist.gov/vuln/detail/CVE-2018-12376 [ 16 ] CVE-2018-12377 https://nvd.nist.gov/vuln/detail/CVE-2018-12377 [ 17 ] CVE-2018-12378 https://nvd.nist.gov/vuln/detail/CVE-2018-12378 [ 18 ] CVE-2018-12379 https://nvd.nist.gov/vuln/detail/CVE-2018-12379 [ 19 ] CVE-2018-12383 https://nvd.nist.gov/vuln/detail/CVE-2018-12383 [ 20 ] CVE-2018-12385 https://nvd.nist.gov/vuln/detail/CVE-2018-12385 [ 21 ] CVE-2018-12389 https://nvd.nist.gov/vuln/detail/CVE-2018-12389 [ 22 ] CVE-2018-12390 https://nvd.nist.gov/vuln/detail/CVE-2018-12390 [ 23 ] CVE-2018-12391 https://nvd.nist.gov/vuln/detail/CVE-2018-12391 [ 24 ] CVE-2018-12392 https://nvd.nist.gov/vuln/detail/CVE-2018-12392 [ 25 ] CVE-2018-12393 https://nvd.nist.gov/vuln/detail/CVE-2018-12393 [ 26 ] CVE-2018-5125 https://nvd.nist.gov/vuln/detail/CVE-2018-5125 [ 27 ] CVE-2018-5127 https://nvd.nist.gov/vuln/detail/CVE-2018-5127 [ 28 ] CVE-2018-5129 https://nvd.nist.gov/vuln/detail/CVE-2018-5129 [ 29 ] CVE-2018-5144 https://nvd.nist.gov/vuln/detail/CVE-2018-5144 [ 30 ] CVE-2018-5145 https://nvd.nist.gov/vuln/detail/CVE-2018-5145 [ 31 ] CVE-2018-5146 https://nvd.nist.gov/vuln/detail/CVE-2018-5146 [ 32 ] CVE-2018-5150 https://nvd.nist.gov/vuln/detail/CVE-2018-5150 [ 33 ] CVE-2018-5154 https://nvd.nist.gov/vuln/detail/CVE-2018-5154 [ 34 ] CVE-2018-5155 https://nvd.nist.gov/vuln/detail/CVE-2018-5155 [ 35 ] CVE-2018-5156 https://nvd.nist.gov/vuln/detail/CVE-2018-5156 [ 36 ] CVE-2018-5159 https://nvd.nist.gov/vuln/detail/CVE-2018-5159 [ 37 ] CVE-2018-5161 https://nvd.nist.gov/vuln/detail/CVE-2018-5161 [ 38 ] CVE-2018-5162 https://nvd.nist.gov/vuln/detail/CVE-2018-5162 [ 39 ] CVE-2018-5168 https://nvd.nist.gov/vuln/detail/CVE-2018-5168 [ 40 ] CVE-2018-5170 https://nvd.nist.gov/vuln/detail/CVE-2018-5170 [ 41 ] CVE-2018-5178 https://nvd.nist.gov/vuln/detail/CVE-2018-5178 [ 42 ] CVE-2018-5183 https://nvd.nist.gov/vuln/detail/CVE-2018-5183 [ 43 ] CVE-2018-5184 https://nvd.nist.gov/vuln/detail/CVE-2018-5184 [ 44 ] CVE-2018-5185 https://nvd.nist.gov/vuln/detail/CVE-2018-5185 [ 45 ] CVE-2018-5187 https://nvd.nist.gov/vuln/detail/CVE-2018-5187 [ 46 ] CVE-2018-5188 https://nvd.nist.gov/vuln/detail/CVE-2018-5188 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201811-13 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5