Issued:
2021-01-13
Updated:
2021-01-13

RHSA-2021:0089 - Security Advisory

Synopsis

Critical: thunderbird security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.6.1.

Security Fix(es):

  • Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 1913503 - CVE-2020-16044 Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Red Hat Enterprise Linux for x86_64 8

SRPM
thunderbird-78.6.1-1.el8_3.src.rpm SHA-256: d94245c60d505a031c082f544600ff3ffdd52bfbc73422e5cec7b91bd40093c0
x86_64
thunderbird-78.6.1-1.el8_3.x86_64.rpm SHA-256: 5a5bcdce1cdda05cfa27ede97a901610fd4de45135d82b8986de3233ec39bbb6
thunderbird-debuginfo-78.6.1-1.el8_3.x86_64.rpm SHA-256: 720192befe9ba2020a3577b69e27dca78ad2eb6c001e60019cce225caa0eb5c4
thunderbird-debugsource-78.6.1-1.el8_3.x86_64.rpm SHA-256: fed34442367e5fb0fe568afd120529d0bad0e7194c2f8037e58913db10e429ff

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM
thunderbird-78.6.1-1.el8_3.src.rpm SHA-256: d94245c60d505a031c082f544600ff3ffdd52bfbc73422e5cec7b91bd40093c0
x86_64
thunderbird-78.6.1-1.el8_3.x86_64.rpm SHA-256: 5a5bcdce1cdda05cfa27ede97a901610fd4de45135d82b8986de3233ec39bbb6
thunderbird-debuginfo-78.6.1-1.el8_3.x86_64.rpm SHA-256: 720192befe9ba2020a3577b69e27dca78ad2eb6c001e60019cce225caa0eb5c4
thunderbird-debugsource-78.6.1-1.el8_3.x86_64.rpm SHA-256: fed34442367e5fb0fe568afd120529d0bad0e7194c2f8037e58913db10e429ff

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
thunderbird-78.6.1-1.el8_3.src.rpm SHA-256: d94245c60d505a031c082f544600ff3ffdd52bfbc73422e5cec7b91bd40093c0
x86_64
thunderbird-78.6.1-1.el8_3.x86_64.rpm SHA-256: 5a5bcdce1cdda05cfa27ede97a901610fd4de45135d82b8986de3233ec39bbb6
thunderbird-debuginfo-78.6.1-1.el8_3.x86_64.rpm SHA-256: 720192befe9ba2020a3577b69e27dca78ad2eb6c001e60019cce225caa0eb5c4
thunderbird-debugsource-78.6.1-1.el8_3.x86_64.rpm SHA-256: fed34442367e5fb0fe568afd120529d0bad0e7194c2f8037e58913db10e429ff

Red Hat Enterprise Linux for Power, little endian 8

SRPM
thunderbird-78.6.1-1.el8_3.src.rpm SHA-256: d94245c60d505a031c082f544600ff3ffdd52bfbc73422e5cec7b91bd40093c0
ppc64le
thunderbird-78.6.1-1.el8_3.ppc64le.rpm SHA-256: a78912461efd204822736aaaa2ad9194d6460b7f9defa544e69daf50f0d613e5
thunderbird-debuginfo-78.6.1-1.el8_3.ppc64le.rpm SHA-256: 3244b11c888759e9d4213bd14d0e535b6cce34ba22cbc5efc5b5723e449764cc
thunderbird-debugsource-78.6.1-1.el8_3.ppc64le.rpm SHA-256: eb19a7bb35260c52d933c8fc3c553c707977412ce864d35cba61a3128dcd3db3

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM
thunderbird-78.6.1-1.el8_3.src.rpm SHA-256: d94245c60d505a031c082f544600ff3ffdd52bfbc73422e5cec7b91bd40093c0
ppc64le
thunderbird-78.6.1-1.el8_3.ppc64le.rpm SHA-256: a78912461efd204822736aaaa2ad9194d6460b7f9defa544e69daf50f0d613e5
thunderbird-debuginfo-78.6.1-1.el8_3.ppc64le.rpm SHA-256: 3244b11c888759e9d4213bd14d0e535b6cce34ba22cbc5efc5b5723e449764cc
thunderbird-debugsource-78.6.1-1.el8_3.ppc64le.rpm SHA-256: eb19a7bb35260c52d933c8fc3c553c707977412ce864d35cba61a3128dcd3db3

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
thunderbird-78.6.1-1.el8_3.src.rpm SHA-256: d94245c60d505a031c082f544600ff3ffdd52bfbc73422e5cec7b91bd40093c0
x86_64
thunderbird-78.6.1-1.el8_3.x86_64.rpm SHA-256: 5a5bcdce1cdda05cfa27ede97a901610fd4de45135d82b8986de3233ec39bbb6
thunderbird-debuginfo-78.6.1-1.el8_3.x86_64.rpm SHA-256: 720192befe9ba2020a3577b69e27dca78ad2eb6c001e60019cce225caa0eb5c4
thunderbird-debugsource-78.6.1-1.el8_3.x86_64.rpm SHA-256: fed34442367e5fb0fe568afd120529d0bad0e7194c2f8037e58913db10e429ff

Red Hat Enterprise Linux for ARM 64 8

SRPM
thunderbird-78.6.1-1.el8_3.src.rpm SHA-256: d94245c60d505a031c082f544600ff3ffdd52bfbc73422e5cec7b91bd40093c0
aarch64
thunderbird-78.6.1-1.el8_3.aarch64.rpm SHA-256: ca0db74c714e65f221765a4ac513de1ab02e1d6f0965f9d67529809b0de35934
thunderbird-debuginfo-78.6.1-1.el8_3.aarch64.rpm SHA-256: d9384c13cc0258be2ebb8d6342118cb8cc5036adb2cea5a06f90661c0dd55344
thunderbird-debugsource-78.6.1-1.el8_3.aarch64.rpm SHA-256: 0ae2452e18305ff62bebe66f83f0b46b5e0785d347e1248f3d59d49417845c40

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM
thunderbird-78.6.1-1.el8_3.src.rpm SHA-256: d94245c60d505a031c082f544600ff3ffdd52bfbc73422e5cec7b91bd40093c0
aarch64
thunderbird-78.6.1-1.el8_3.aarch64.rpm SHA-256: ca0db74c714e65f221765a4ac513de1ab02e1d6f0965f9d67529809b0de35934
thunderbird-debuginfo-78.6.1-1.el8_3.aarch64.rpm SHA-256: d9384c13cc0258be2ebb8d6342118cb8cc5036adb2cea5a06f90661c0dd55344
thunderbird-debugsource-78.6.1-1.el8_3.aarch64.rpm SHA-256: 0ae2452e18305ff62bebe66f83f0b46b5e0785d347e1248f3d59d49417845c40

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4

SRPM
thunderbird-78.6.1-1.el8_3.src.rpm SHA-256: d94245c60d505a031c082f544600ff3ffdd52bfbc73422e5cec7b91bd40093c0
ppc64le
thunderbird-78.6.1-1.el8_3.ppc64le.rpm SHA-256: a78912461efd204822736aaaa2ad9194d6460b7f9defa544e69daf50f0d613e5
thunderbird-debuginfo-78.6.1-1.el8_3.ppc64le.rpm SHA-256: 3244b11c888759e9d4213bd14d0e535b6cce34ba22cbc5efc5b5723e449764cc
thunderbird-debugsource-78.6.1-1.el8_3.ppc64le.rpm SHA-256: eb19a7bb35260c52d933c8fc3c553c707977412ce864d35cba61a3128dcd3db3

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4

SRPM
thunderbird-78.6.1-1.el8_3.src.rpm SHA-256: d94245c60d505a031c082f544600ff3ffdd52bfbc73422e5cec7b91bd40093c0
x86_64
thunderbird-78.6.1-1.el8_3.x86_64.rpm SHA-256: 5a5bcdce1cdda05cfa27ede97a901610fd4de45135d82b8986de3233ec39bbb6
thunderbird-debuginfo-78.6.1-1.el8_3.x86_64.rpm SHA-256: 720192befe9ba2020a3577b69e27dca78ad2eb6c001e60019cce225caa0eb5c4
thunderbird-debugsource-78.6.1-1.el8_3.x86_64.rpm SHA-256: fed34442367e5fb0fe568afd120529d0bad0e7194c2f8037e58913db10e429ff

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.