-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2021:2914-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2914 Issue date: 2021-07-27 CVE Names: CVE-2021-29969 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Security Fix(es): * Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969) * Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970) * Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976) * chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1970109 - CVE-2021-30547 chromium-browser: Out of bounds write in ANGLE 1982013 - CVE-2021-29970 Mozilla: Use-after-free in accessibility features of a document 1982014 - CVE-2021-29976 Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 1982015 - CVE-2021-29969 Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: thunderbird-78.12.0-2.el8_2.src.rpm aarch64: thunderbird-78.12.0-2.el8_2.aarch64.rpm thunderbird-debuginfo-78.12.0-2.el8_2.aarch64.rpm thunderbird-debugsource-78.12.0-2.el8_2.aarch64.rpm ppc64le: thunderbird-78.12.0-2.el8_2.ppc64le.rpm thunderbird-debuginfo-78.12.0-2.el8_2.ppc64le.rpm thunderbird-debugsource-78.12.0-2.el8_2.ppc64le.rpm x86_64: thunderbird-78.12.0-2.el8_2.x86_64.rpm thunderbird-debuginfo-78.12.0-2.el8_2.x86_64.rpm thunderbird-debugsource-78.12.0-2.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-29969 https://access.redhat.com/security/cve/CVE-2021-29970 https://access.redhat.com/security/cve/CVE-2021-29976 https://access.redhat.com/security/cve/CVE-2021-30547 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYP+6MtzjgjWX9erEAQg5aQ//X737fczzlYu/lfpEAd4Nm7N3gLaHY0lU wtR6bvP+pnBTuiJ/VskvolQtw3GDE9i/gQG8bf4HFgAmdZKWLEZYmzTaBiPDkUqF th621VJo8ufR44D3QSXRt34H5dnfmI5wsAaNn9mi9rdoZSAc/Hhq98wYBSOPfFJd B5UTHIVhNKoGpjavyk5V2ue6O/GXTGgh7AaWhpLBwQi3FBrsSnVY07tMkCBhq/bA BBWKAm8b5jTcvXe8NdcUA03FYM5+WyR0RBh+O5PaqihG6yA+xQRC63/zCoK7c/yj ksNty2z1FtDl0V/T+ICtSezs6EdqHUUEtZLDvdsKU6BC/xhJm7fuvevZpxyGznBz 5JqgxhQXFr/9/vbWX7lY9mXjFVqatIBWef8JCrK2QBRo1pyfoUQFgLmo9mTQoZco ZBLXZ4KMS3dlxdKrCuw89kBltlnHGoD1J+ww+TpAF+kWWOHSxSAnGqBTeWFSAxUS PDHCKHla4Yv6jVnhXGTeeETjTQgmyILRKaUgLaBen49gRX66+b5t4jAa5GAlC/St ZnAhXGUvMBsxxo3RyOcC1A/+bAl3+UyV6FUvULCX7mlZ1DACKka8i9p6NneU8Muo qPKbblgORiN5mhi7TPlTMj2LjiE+xLoMYxBo+wTdzfUTmbmUG2IDvWxqQ5cxZBSe N2nFeh6y9MA= =E86k -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce