Red Hat Product Errata RHSA-2018:0648 - Security Advisory

Issued:: 2018-04-05
Updated:: 2018-04-05

RHSA-2018:0648 - Security Advisory

Overview
Updated Packages

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 52.7.0.

Security Fix(es):

Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5125)
Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5145)
Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146)
Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07) (CVE-2018-5127)
Mozilla: Out-of-bounds write with malformed IPC messages (MFSA 2018-07) (CVE-2018-5129)
Mozilla: Integer overflow during Unicode conversion (MFSA 2018-07) (CVE-2018-5144)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Olli Pettay, Christian Holler, Nils Ohlmeier, Randell Jesup, Tyson Smith, Ralph Giles, Philipp, Jet Villegas, Richard Zhu via Trend Micro's Zero Day Initiative, Nils, James Grant, and Root Object as the original reporters.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.5 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.4 x86_64
Red Hat Enterprise Linux Server - AUS 7.7 x86_64
Red Hat Enterprise Linux Server - AUS 7.6 x86_64
Red Hat Enterprise Linux Server - AUS 7.4 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.4 ppc64le
Red Hat Enterprise Linux Server - TUS 7.7 x86_64
Red Hat Enterprise Linux Server - TUS 7.6 x86_64
Red Hat Enterprise Linux Server - TUS 7.4 x86_64
Red Hat Enterprise Linux for ARM 64 7 aarch64
Red Hat Enterprise Linux for Power 9 7 ppc64le
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4 x86_64

Fixes

BZ - 1555127 - CVE-2018-5125 Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 (MFSA 2018-07)
BZ - 1555128 - CVE-2018-5127 Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07)
BZ - 1555129 - CVE-2018-5129 Mozilla: Out-of-bounds write with malformed IPC messages (MFSA 2018-07)
BZ - 1555132 - CVE-2018-5144 Mozilla: Integer overflow during Unicode conversion (MFSA 2018-07)
BZ - 1555133 - CVE-2018-5145 Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07)
BZ - 1557221 - CVE-2018-5146 Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08)

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
x86_64
thunderbird-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 5434854b0007d9396dba9cc523b51bc5f5f615f7828552cc9fe25e901d85170a
thunderbird-debuginfo-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 7e9bf77f1f3dfbf96a5929de7f453b4fd48bc53d628cf9845bc5b13137d1f30e

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
x86_64
thunderbird-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 5434854b0007d9396dba9cc523b51bc5f5f615f7828552cc9fe25e901d85170a
thunderbird-debuginfo-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 7e9bf77f1f3dfbf96a5929de7f453b4fd48bc53d628cf9845bc5b13137d1f30e

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
x86_64
thunderbird-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 5434854b0007d9396dba9cc523b51bc5f5f615f7828552cc9fe25e901d85170a
thunderbird-debuginfo-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 7e9bf77f1f3dfbf96a5929de7f453b4fd48bc53d628cf9845bc5b13137d1f30e

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.5

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
x86_64
thunderbird-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 5434854b0007d9396dba9cc523b51bc5f5f615f7828552cc9fe25e901d85170a
thunderbird-debuginfo-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 7e9bf77f1f3dfbf96a5929de7f453b4fd48bc53d628cf9845bc5b13137d1f30e

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.4

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
x86_64
thunderbird-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 5434854b0007d9396dba9cc523b51bc5f5f615f7828552cc9fe25e901d85170a
thunderbird-debuginfo-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 7e9bf77f1f3dfbf96a5929de7f453b4fd48bc53d628cf9845bc5b13137d1f30e

Red Hat Enterprise Linux Server - AUS 7.7

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
x86_64
thunderbird-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 5434854b0007d9396dba9cc523b51bc5f5f615f7828552cc9fe25e901d85170a
thunderbird-debuginfo-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 7e9bf77f1f3dfbf96a5929de7f453b4fd48bc53d628cf9845bc5b13137d1f30e

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
x86_64
thunderbird-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 5434854b0007d9396dba9cc523b51bc5f5f615f7828552cc9fe25e901d85170a
thunderbird-debuginfo-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 7e9bf77f1f3dfbf96a5929de7f453b4fd48bc53d628cf9845bc5b13137d1f30e

Red Hat Enterprise Linux Server - AUS 7.4

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
x86_64
thunderbird-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 5434854b0007d9396dba9cc523b51bc5f5f615f7828552cc9fe25e901d85170a
thunderbird-debuginfo-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 7e9bf77f1f3dfbf96a5929de7f453b4fd48bc53d628cf9845bc5b13137d1f30e

Red Hat Enterprise Linux Workstation 7

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
x86_64
thunderbird-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 5434854b0007d9396dba9cc523b51bc5f5f615f7828552cc9fe25e901d85170a
thunderbird-debuginfo-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 7e9bf77f1f3dfbf96a5929de7f453b4fd48bc53d628cf9845bc5b13137d1f30e

Red Hat Enterprise Linux Desktop 7

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
x86_64
thunderbird-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 5434854b0007d9396dba9cc523b51bc5f5f615f7828552cc9fe25e901d85170a
thunderbird-debuginfo-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 7e9bf77f1f3dfbf96a5929de7f453b4fd48bc53d628cf9845bc5b13137d1f30e

Red Hat Enterprise Linux for Power, little endian 7

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
ppc64le
thunderbird-52.7.0-1.el7_4.ppc64le.rpm	SHA-256: 1fb15073c0240dc222e0b8c8430a1450112e90f721809b31b62455cfa778f7cb
thunderbird-debuginfo-52.7.0-1.el7_4.ppc64le.rpm	SHA-256: 998e4671f4fb139396acaf6cf78814ab14ae2f35f66e891e49c58cb3de7ac803

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
ppc64le
thunderbird-52.7.0-1.el7_4.ppc64le.rpm	SHA-256: 1fb15073c0240dc222e0b8c8430a1450112e90f721809b31b62455cfa778f7cb
thunderbird-debuginfo-52.7.0-1.el7_4.ppc64le.rpm	SHA-256: 998e4671f4fb139396acaf6cf78814ab14ae2f35f66e891e49c58cb3de7ac803

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
ppc64le
thunderbird-52.7.0-1.el7_4.ppc64le.rpm	SHA-256: 1fb15073c0240dc222e0b8c8430a1450112e90f721809b31b62455cfa778f7cb
thunderbird-debuginfo-52.7.0-1.el7_4.ppc64le.rpm	SHA-256: 998e4671f4fb139396acaf6cf78814ab14ae2f35f66e891e49c58cb3de7ac803

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
ppc64le
thunderbird-52.7.0-1.el7_4.ppc64le.rpm	SHA-256: 1fb15073c0240dc222e0b8c8430a1450112e90f721809b31b62455cfa778f7cb
thunderbird-debuginfo-52.7.0-1.el7_4.ppc64le.rpm	SHA-256: 998e4671f4fb139396acaf6cf78814ab14ae2f35f66e891e49c58cb3de7ac803

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.4

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
ppc64le
thunderbird-52.7.0-1.el7_4.ppc64le.rpm	SHA-256: 1fb15073c0240dc222e0b8c8430a1450112e90f721809b31b62455cfa778f7cb
thunderbird-debuginfo-52.7.0-1.el7_4.ppc64le.rpm	SHA-256: 998e4671f4fb139396acaf6cf78814ab14ae2f35f66e891e49c58cb3de7ac803

Red Hat Enterprise Linux Server - TUS 7.7

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
x86_64
thunderbird-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 5434854b0007d9396dba9cc523b51bc5f5f615f7828552cc9fe25e901d85170a
thunderbird-debuginfo-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 7e9bf77f1f3dfbf96a5929de7f453b4fd48bc53d628cf9845bc5b13137d1f30e

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
x86_64
thunderbird-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 5434854b0007d9396dba9cc523b51bc5f5f615f7828552cc9fe25e901d85170a
thunderbird-debuginfo-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 7e9bf77f1f3dfbf96a5929de7f453b4fd48bc53d628cf9845bc5b13137d1f30e

Red Hat Enterprise Linux Server - TUS 7.4

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
x86_64
thunderbird-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 5434854b0007d9396dba9cc523b51bc5f5f615f7828552cc9fe25e901d85170a
thunderbird-debuginfo-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 7e9bf77f1f3dfbf96a5929de7f453b4fd48bc53d628cf9845bc5b13137d1f30e

Red Hat Enterprise Linux for ARM 64 7

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
aarch64
thunderbird-52.7.0-1.el7_4.aarch64.rpm	SHA-256: f929fe101282463b71f0c8be6f154eb4413d399fd750fff518748ee5a213a9d3
thunderbird-debuginfo-52.7.0-1.el7_4.aarch64.rpm	SHA-256: 4b0609ca8a519ef6b4f05c65bd5ff1aedbf61919a070c4bb31a6794151cb964a

Red Hat Enterprise Linux for Power 9 7

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
ppc64le
thunderbird-52.7.0-1.el7_4.ppc64le.rpm	SHA-256: 1fb15073c0240dc222e0b8c8430a1450112e90f721809b31b62455cfa778f7cb
thunderbird-debuginfo-52.7.0-1.el7_4.ppc64le.rpm	SHA-256: 998e4671f4fb139396acaf6cf78814ab14ae2f35f66e891e49c58cb3de7ac803

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
ppc64le
thunderbird-52.7.0-1.el7_4.ppc64le.rpm	SHA-256: 1fb15073c0240dc222e0b8c8430a1450112e90f721809b31b62455cfa778f7cb
thunderbird-debuginfo-52.7.0-1.el7_4.ppc64le.rpm	SHA-256: 998e4671f4fb139396acaf6cf78814ab14ae2f35f66e891e49c58cb3de7ac803

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
ppc64le
thunderbird-52.7.0-1.el7_4.ppc64le.rpm	SHA-256: 1fb15073c0240dc222e0b8c8430a1450112e90f721809b31b62455cfa778f7cb
thunderbird-debuginfo-52.7.0-1.el7_4.ppc64le.rpm	SHA-256: 998e4671f4fb139396acaf6cf78814ab14ae2f35f66e891e49c58cb3de7ac803

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
ppc64le
thunderbird-52.7.0-1.el7_4.ppc64le.rpm	SHA-256: 1fb15073c0240dc222e0b8c8430a1450112e90f721809b31b62455cfa778f7cb
thunderbird-debuginfo-52.7.0-1.el7_4.ppc64le.rpm	SHA-256: 998e4671f4fb139396acaf6cf78814ab14ae2f35f66e891e49c58cb3de7ac803

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
x86_64
thunderbird-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 5434854b0007d9396dba9cc523b51bc5f5f615f7828552cc9fe25e901d85170a
thunderbird-debuginfo-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 7e9bf77f1f3dfbf96a5929de7f453b4fd48bc53d628cf9845bc5b13137d1f30e

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
x86_64
thunderbird-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 5434854b0007d9396dba9cc523b51bc5f5f615f7828552cc9fe25e901d85170a
thunderbird-debuginfo-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 7e9bf77f1f3dfbf96a5929de7f453b4fd48bc53d628cf9845bc5b13137d1f30e

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4

SRPM
thunderbird-52.7.0-1.el7_4.src.rpm	SHA-256: ad27c2645609c1dd9990c4c6496b379ac2f86d64e68b0c5e7f62c2263c175d37
x86_64
thunderbird-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 5434854b0007d9396dba9cc523b51bc5f5f615f7828552cc9fe25e901d85170a
thunderbird-debuginfo-52.7.0-1.el7_4.x86_64.rpm	SHA-256: 7e9bf77f1f3dfbf96a5929de7f453b4fd48bc53d628cf9845bc5b13137d1f30e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.