Red Hat Product Errata RHSA-2020:2613 - Security Advisory
Issued:
2020-06-18
Updated:
2020-06-18

RHSA-2020:2613 - Security Advisory

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 68.9.0.

Security Fix(es):

  • Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage (CVE-2020-12398)
  • Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405)
  • Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406)
  • Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x

Fixes

  • BZ - 1843030 - CVE-2020-12410 Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
  • BZ - 1843312 - CVE-2020-12406 Mozilla: JavaScript Type confusion with NativeTypes
  • BZ - 1843313 - CVE-2020-12405 Mozilla: Use-after-free in SharedWorkerService
  • BZ - 1846556 - CVE-2020-12398 Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage

Red Hat Enterprise Linux Server 6

SRPM
thunderbird-68.9.0-1.el6_10.src.rpm SHA-256: d17a4716e4bd4cd42650ba8c2f42b48c49fd613aca90d5fbc3c002f61311e973
x86_64
thunderbird-68.9.0-1.el6_10.x86_64.rpm SHA-256: f76def69b5029a25b0354ec7d0b06d368fe545dec29fb3401bc6cc584ab47a8a
thunderbird-68.9.0-1.el6_10.x86_64.rpm SHA-256: f76def69b5029a25b0354ec7d0b06d368fe545dec29fb3401bc6cc584ab47a8a
thunderbird-debuginfo-68.9.0-1.el6_10.x86_64.rpm SHA-256: 3d90f8bcba17c3e1f2691a630eaac6cf159d4cadba3691bed0cc8010ab18b875
i386
thunderbird-68.9.0-1.el6_10.i686.rpm SHA-256: b7b0f22c945ded4bea11eb510e98b010fa87921517d0952eeb3e16288428888a
thunderbird-debuginfo-68.9.0-1.el6_10.i686.rpm SHA-256: b49a6b31a292d7ef7b27946a8a795c0200ca6dd7781f0df3b51faf08f08cefa2

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
thunderbird-68.9.0-1.el6_10.src.rpm SHA-256: d17a4716e4bd4cd42650ba8c2f42b48c49fd613aca90d5fbc3c002f61311e973
x86_64
thunderbird-68.9.0-1.el6_10.x86_64.rpm SHA-256: f76def69b5029a25b0354ec7d0b06d368fe545dec29fb3401bc6cc584ab47a8a
thunderbird-debuginfo-68.9.0-1.el6_10.x86_64.rpm SHA-256: 3d90f8bcba17c3e1f2691a630eaac6cf159d4cadba3691bed0cc8010ab18b875
i386
thunderbird-68.9.0-1.el6_10.i686.rpm SHA-256: b7b0f22c945ded4bea11eb510e98b010fa87921517d0952eeb3e16288428888a
thunderbird-debuginfo-68.9.0-1.el6_10.i686.rpm SHA-256: b49a6b31a292d7ef7b27946a8a795c0200ca6dd7781f0df3b51faf08f08cefa2

Red Hat Enterprise Linux Workstation 6

SRPM
thunderbird-68.9.0-1.el6_10.src.rpm SHA-256: d17a4716e4bd4cd42650ba8c2f42b48c49fd613aca90d5fbc3c002f61311e973
x86_64
thunderbird-68.9.0-1.el6_10.x86_64.rpm SHA-256: f76def69b5029a25b0354ec7d0b06d368fe545dec29fb3401bc6cc584ab47a8a
thunderbird-debuginfo-68.9.0-1.el6_10.x86_64.rpm SHA-256: 3d90f8bcba17c3e1f2691a630eaac6cf159d4cadba3691bed0cc8010ab18b875
i386
thunderbird-68.9.0-1.el6_10.i686.rpm SHA-256: b7b0f22c945ded4bea11eb510e98b010fa87921517d0952eeb3e16288428888a
thunderbird-debuginfo-68.9.0-1.el6_10.i686.rpm SHA-256: b49a6b31a292d7ef7b27946a8a795c0200ca6dd7781f0df3b51faf08f08cefa2

Red Hat Enterprise Linux Desktop 6

SRPM
thunderbird-68.9.0-1.el6_10.src.rpm SHA-256: d17a4716e4bd4cd42650ba8c2f42b48c49fd613aca90d5fbc3c002f61311e973
x86_64
thunderbird-68.9.0-1.el6_10.x86_64.rpm SHA-256: f76def69b5029a25b0354ec7d0b06d368fe545dec29fb3401bc6cc584ab47a8a
thunderbird-debuginfo-68.9.0-1.el6_10.x86_64.rpm SHA-256: 3d90f8bcba17c3e1f2691a630eaac6cf159d4cadba3691bed0cc8010ab18b875
i386
thunderbird-68.9.0-1.el6_10.i686.rpm SHA-256: b7b0f22c945ded4bea11eb510e98b010fa87921517d0952eeb3e16288428888a
thunderbird-debuginfo-68.9.0-1.el6_10.i686.rpm SHA-256: b49a6b31a292d7ef7b27946a8a795c0200ca6dd7781f0df3b51faf08f08cefa2

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
thunderbird-68.9.0-1.el6_10.src.rpm SHA-256: d17a4716e4bd4cd42650ba8c2f42b48c49fd613aca90d5fbc3c002f61311e973
s390x
thunderbird-68.9.0-1.el6_10.s390x.rpm SHA-256: 78a07ed184496ada7a2d4c58eebb4588520cfd0b65dd2784c97e638ff78d2158
thunderbird-debuginfo-68.9.0-1.el6_10.s390x.rpm SHA-256: a4577976071657b566489829a40656d34fc0de2bd7d6b569bc65df1e15b81c3d

Red Hat Enterprise Linux for Power, big endian 6

SRPM
thunderbird-68.9.0-1.el6_10.src.rpm SHA-256: d17a4716e4bd4cd42650ba8c2f42b48c49fd613aca90d5fbc3c002f61311e973
ppc64
thunderbird-68.9.0-1.el6_10.ppc64.rpm SHA-256: 81f41d6df66f1700c7fc1ef5767a71b6ab8fdd76f3a339c23ed843429d75f3cd
thunderbird-debuginfo-68.9.0-1.el6_10.ppc64.rpm SHA-256: babf62255e1c03ea97c60164e044b5d79bc5e8407a0920662ae93495b284653d

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM
thunderbird-68.9.0-1.el6_10.src.rpm SHA-256: d17a4716e4bd4cd42650ba8c2f42b48c49fd613aca90d5fbc3c002f61311e973
s390x
thunderbird-68.9.0-1.el6_10.s390x.rpm SHA-256: 78a07ed184496ada7a2d4c58eebb4588520cfd0b65dd2784c97e638ff78d2158
thunderbird-debuginfo-68.9.0-1.el6_10.s390x.rpm SHA-256: a4577976071657b566489829a40656d34fc0de2bd7d6b569bc65df1e15b81c3d

Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6

SRPM
thunderbird-68.9.0-1.el6_10.src.rpm SHA-256: d17a4716e4bd4cd42650ba8c2f42b48c49fd613aca90d5fbc3c002f61311e973
x86_64
thunderbird-68.9.0-1.el6_10.x86_64.rpm SHA-256: f76def69b5029a25b0354ec7d0b06d368fe545dec29fb3401bc6cc584ab47a8a
thunderbird-debuginfo-68.9.0-1.el6_10.x86_64.rpm SHA-256: 3d90f8bcba17c3e1f2691a630eaac6cf159d4cadba3691bed0cc8010ab18b875
i386
thunderbird-68.9.0-1.el6_10.i686.rpm SHA-256: b7b0f22c945ded4bea11eb510e98b010fa87921517d0952eeb3e16288428888a
thunderbird-debuginfo-68.9.0-1.el6_10.i686.rpm SHA-256: b49a6b31a292d7ef7b27946a8a795c0200ca6dd7781f0df3b51faf08f08cefa2

Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6

SRPM
thunderbird-68.9.0-1.el6_10.src.rpm SHA-256: d17a4716e4bd4cd42650ba8c2f42b48c49fd613aca90d5fbc3c002f61311e973
s390x
thunderbird-68.9.0-1.el6_10.s390x.rpm SHA-256: 78a07ed184496ada7a2d4c58eebb4588520cfd0b65dd2784c97e638ff78d2158
thunderbird-debuginfo-68.9.0-1.el6_10.s390x.rpm SHA-256: a4577976071657b566489829a40656d34fc0de2bd7d6b569bc65df1e15b81c3d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.