发布:
2020-04-16
已更新:
2020-04-16

RHSA-2020:1489 - Security Advisory

概述

Important: thunderbird security update

类型/严重性

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

标题

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 68.7.0.

Security Fix(es):

  • Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819)
  • Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820)
  • Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)
  • Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)
  • Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

受影响的产品

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

修复

  • BZ - 1820869 - CVE-2020-6819 Mozilla: Use-after-free while running the nsDocShell destructor
  • BZ - 1820878 - CVE-2020-6820 Mozilla: Use-after-free when handling a ReadableStream
  • BZ - 1821674 - CVE-2020-6821 Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method
  • BZ - 1821676 - CVE-2020-6822 Mozilla: Out of bounds write in GMPDecodeData when processing large images
  • BZ - 1821682 - CVE-2020-6825 Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7

Red Hat Enterprise Linux Server 7

SRPM
thunderbird-68.7.0-1.el7_8.src.rpm SHA-256: a1e8aa2741bc84eeafd6aa600c71f586a0ba89639d179f18ca2fb90a69550029
x86_64
thunderbird-68.7.0-1.el7_8.x86_64.rpm SHA-256: 44c8971da9352d35b6ba407b6ab5c8351ca22f36530a0af73d5390239945676b
thunderbird-debuginfo-68.7.0-1.el7_8.x86_64.rpm SHA-256: 3f707e34efdf3ef418c07fbdae7a1dcfc8740ae86d963a4e8c6505671cedb52b

Red Hat Enterprise Linux Workstation 7

SRPM
thunderbird-68.7.0-1.el7_8.src.rpm SHA-256: a1e8aa2741bc84eeafd6aa600c71f586a0ba89639d179f18ca2fb90a69550029
x86_64
thunderbird-68.7.0-1.el7_8.x86_64.rpm SHA-256: 44c8971da9352d35b6ba407b6ab5c8351ca22f36530a0af73d5390239945676b
thunderbird-debuginfo-68.7.0-1.el7_8.x86_64.rpm SHA-256: 3f707e34efdf3ef418c07fbdae7a1dcfc8740ae86d963a4e8c6505671cedb52b

Red Hat Enterprise Linux Desktop 7

SRPM
thunderbird-68.7.0-1.el7_8.src.rpm SHA-256: a1e8aa2741bc84eeafd6aa600c71f586a0ba89639d179f18ca2fb90a69550029
x86_64
thunderbird-68.7.0-1.el7_8.x86_64.rpm SHA-256: 44c8971da9352d35b6ba407b6ab5c8351ca22f36530a0af73d5390239945676b
thunderbird-debuginfo-68.7.0-1.el7_8.x86_64.rpm SHA-256: 3f707e34efdf3ef418c07fbdae7a1dcfc8740ae86d963a4e8c6505671cedb52b

Red Hat Enterprise Linux for Power, little endian 7

SRPM
thunderbird-68.7.0-1.el7_8.src.rpm SHA-256: a1e8aa2741bc84eeafd6aa600c71f586a0ba89639d179f18ca2fb90a69550029
ppc64le
thunderbird-68.7.0-1.el7_8.ppc64le.rpm SHA-256: b17aa7e43a41ad28a144f8451dad179f3019027ac9bc8455d396b567eb0b5433
thunderbird-debuginfo-68.7.0-1.el7_8.ppc64le.rpm SHA-256: 0222ab5ade22bf94b887c592389d4ce0856826dfb61e7b8352b06e2f3586c1ac

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/