Issued:
2020-12-14
Updated:
2020-12-14

RHSA-2020:5398 - Security Advisory

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.5.1.

Security Fix(es):

  • Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 1903443 - CVE-2020-26970 Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes

Red Hat Enterprise Linux for x86_64 8

SRPM
thunderbird-78.5.1-1.el8_3.src.rpm SHA-256: afd620f2821cd9d94a47d48ae4831de579911560249fc6671b6138e73e9e2686
x86_64
thunderbird-78.5.1-1.el8_3.x86_64.rpm SHA-256: a16546c26daf89b52d901fe17447cd735b4bf132bc762c736c631487cc5b9195
thunderbird-debuginfo-78.5.1-1.el8_3.x86_64.rpm SHA-256: f5ce5df3332f923138cf9f33a02f37e53fe9f2633e638c7a0d57bc924a794617
thunderbird-debugsource-78.5.1-1.el8_3.x86_64.rpm SHA-256: 5446f694feb86f059e3b817b1ab3a3893be0c621717d8f33b520e9b31fcbaf5b

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM
thunderbird-78.5.1-1.el8_3.src.rpm SHA-256: afd620f2821cd9d94a47d48ae4831de579911560249fc6671b6138e73e9e2686
x86_64
thunderbird-78.5.1-1.el8_3.x86_64.rpm SHA-256: a16546c26daf89b52d901fe17447cd735b4bf132bc762c736c631487cc5b9195
thunderbird-debuginfo-78.5.1-1.el8_3.x86_64.rpm SHA-256: f5ce5df3332f923138cf9f33a02f37e53fe9f2633e638c7a0d57bc924a794617
thunderbird-debugsource-78.5.1-1.el8_3.x86_64.rpm SHA-256: 5446f694feb86f059e3b817b1ab3a3893be0c621717d8f33b520e9b31fcbaf5b

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
thunderbird-78.5.1-1.el8_3.src.rpm SHA-256: afd620f2821cd9d94a47d48ae4831de579911560249fc6671b6138e73e9e2686
x86_64
thunderbird-78.5.1-1.el8_3.x86_64.rpm SHA-256: a16546c26daf89b52d901fe17447cd735b4bf132bc762c736c631487cc5b9195
thunderbird-debuginfo-78.5.1-1.el8_3.x86_64.rpm SHA-256: f5ce5df3332f923138cf9f33a02f37e53fe9f2633e638c7a0d57bc924a794617
thunderbird-debugsource-78.5.1-1.el8_3.x86_64.rpm SHA-256: 5446f694feb86f059e3b817b1ab3a3893be0c621717d8f33b520e9b31fcbaf5b

Red Hat Enterprise Linux for Power, little endian 8

SRPM
thunderbird-78.5.1-1.el8_3.src.rpm SHA-256: afd620f2821cd9d94a47d48ae4831de579911560249fc6671b6138e73e9e2686
ppc64le
thunderbird-78.5.1-1.el8_3.ppc64le.rpm SHA-256: 9ae780dbcf7e1631db6503f9a7999bb64517fd2a212d2e8be81ac4701cffcc5b
thunderbird-debuginfo-78.5.1-1.el8_3.ppc64le.rpm SHA-256: c2084a28303e46d07f9351e6942b4221cdc1828c2bdb1146ffdbc7c91a67db16
thunderbird-debugsource-78.5.1-1.el8_3.ppc64le.rpm SHA-256: f93a3089e046b5ab7a3b50322466cee6f353f2d0407a74cfb73c43848415743a

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM
thunderbird-78.5.1-1.el8_3.src.rpm SHA-256: afd620f2821cd9d94a47d48ae4831de579911560249fc6671b6138e73e9e2686
ppc64le
thunderbird-78.5.1-1.el8_3.ppc64le.rpm SHA-256: 9ae780dbcf7e1631db6503f9a7999bb64517fd2a212d2e8be81ac4701cffcc5b
thunderbird-debuginfo-78.5.1-1.el8_3.ppc64le.rpm SHA-256: c2084a28303e46d07f9351e6942b4221cdc1828c2bdb1146ffdbc7c91a67db16
thunderbird-debugsource-78.5.1-1.el8_3.ppc64le.rpm SHA-256: f93a3089e046b5ab7a3b50322466cee6f353f2d0407a74cfb73c43848415743a

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
thunderbird-78.5.1-1.el8_3.src.rpm SHA-256: afd620f2821cd9d94a47d48ae4831de579911560249fc6671b6138e73e9e2686
x86_64
thunderbird-78.5.1-1.el8_3.x86_64.rpm SHA-256: a16546c26daf89b52d901fe17447cd735b4bf132bc762c736c631487cc5b9195
thunderbird-debuginfo-78.5.1-1.el8_3.x86_64.rpm SHA-256: f5ce5df3332f923138cf9f33a02f37e53fe9f2633e638c7a0d57bc924a794617
thunderbird-debugsource-78.5.1-1.el8_3.x86_64.rpm SHA-256: 5446f694feb86f059e3b817b1ab3a3893be0c621717d8f33b520e9b31fcbaf5b

Red Hat Enterprise Linux for ARM 64 8

SRPM
thunderbird-78.5.1-1.el8_3.src.rpm SHA-256: afd620f2821cd9d94a47d48ae4831de579911560249fc6671b6138e73e9e2686
aarch64
thunderbird-78.5.1-1.el8_3.aarch64.rpm SHA-256: 4d8e38f2e47aee363e51495f5fe8d8cf6e759a60da79ccb3eba1155b67668b51
thunderbird-debuginfo-78.5.1-1.el8_3.aarch64.rpm SHA-256: be2d7c1ed6224d48eae0aaa4989da60826b97b62896e2bab6bea8fcab08e5d71
thunderbird-debugsource-78.5.1-1.el8_3.aarch64.rpm SHA-256: 933eec847c34f3368682f71a824bece64bd6c157dfe847ad8ff7d225d98ec899

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM
thunderbird-78.5.1-1.el8_3.src.rpm SHA-256: afd620f2821cd9d94a47d48ae4831de579911560249fc6671b6138e73e9e2686
aarch64
thunderbird-78.5.1-1.el8_3.aarch64.rpm SHA-256: 4d8e38f2e47aee363e51495f5fe8d8cf6e759a60da79ccb3eba1155b67668b51
thunderbird-debuginfo-78.5.1-1.el8_3.aarch64.rpm SHA-256: be2d7c1ed6224d48eae0aaa4989da60826b97b62896e2bab6bea8fcab08e5d71
thunderbird-debugsource-78.5.1-1.el8_3.aarch64.rpm SHA-256: 933eec847c34f3368682f71a824bece64bd6c157dfe847ad8ff7d225d98ec899

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4

SRPM
thunderbird-78.5.1-1.el8_3.src.rpm SHA-256: afd620f2821cd9d94a47d48ae4831de579911560249fc6671b6138e73e9e2686
ppc64le
thunderbird-78.5.1-1.el8_3.ppc64le.rpm SHA-256: 9ae780dbcf7e1631db6503f9a7999bb64517fd2a212d2e8be81ac4701cffcc5b
thunderbird-debuginfo-78.5.1-1.el8_3.ppc64le.rpm SHA-256: c2084a28303e46d07f9351e6942b4221cdc1828c2bdb1146ffdbc7c91a67db16
thunderbird-debugsource-78.5.1-1.el8_3.ppc64le.rpm SHA-256: f93a3089e046b5ab7a3b50322466cee6f353f2d0407a74cfb73c43848415743a

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4

SRPM
thunderbird-78.5.1-1.el8_3.src.rpm SHA-256: afd620f2821cd9d94a47d48ae4831de579911560249fc6671b6138e73e9e2686
x86_64
thunderbird-78.5.1-1.el8_3.x86_64.rpm SHA-256: a16546c26daf89b52d901fe17447cd735b4bf132bc762c736c631487cc5b9195
thunderbird-debuginfo-78.5.1-1.el8_3.x86_64.rpm SHA-256: f5ce5df3332f923138cf9f33a02f37e53fe9f2633e638c7a0d57bc924a794617
thunderbird-debugsource-78.5.1-1.el8_3.x86_64.rpm SHA-256: 5446f694feb86f059e3b817b1ab3a3893be0c621717d8f33b520e9b31fcbaf5b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.