- 发布:
- 2024-06-20
- 已更新:
- 2024-06-20
RHSA-2024:4002 - Security Advisory
概述
Important: thunderbird security update
类型/严重性
Security Advisory: Important
Red Hat Insights 补丁分析
识别并修复受此公告影响的系统。
标题
An update for thunderbird is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.12.1.
Security Fix(es):
- thunderbird: Use-after-free in networking (CVE-2024-5702)
- thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688)
- thunderbird: External protocol handlers leaked by timing attack (CVE-2024-5690)
- thunderbird: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)
- thunderbird: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)
- thunderbird: Memory Corruption in Text Fragments (CVE-2024-5696)
- thunderbird: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
解决方案
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
受影响的产品
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
- Red Hat Enterprise Linux Server - AUS 9.4 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.4 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.4 s390x
修复
- BZ - 2291394 - CVE-2024-5702 Mozilla: Use-after-free in networking
- BZ - 2291395 - CVE-2024-5688 Mozilla: Use-after-free in JavaScript object transplant
- BZ - 2291396 - CVE-2024-5690 Mozilla: External protocol handlers leaked by timing attack
- BZ - 2291397 - CVE-2024-5691 Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
- BZ - 2291399 - CVE-2024-5693 Mozilla: Cross-Origin Image leak via Offscreen Canvas
- BZ - 2291400 - CVE-2024-5696 Mozilla: Memory Corruption in Text Fragments
- BZ - 2291401 - CVE-2024-5700 Mozilla: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12
CVE
Red Hat Enterprise Linux for x86_64 9
SRPM | |
---|---|
thunderbird-115.12.1-1.el9_4.src.rpm | SHA-256: dcde1f003f90c0bd5325c86daeeba17c8541fe53a1710512d03a351da5557824 |
x86_64 | |
thunderbird-115.12.1-1.el9_4.x86_64.rpm | SHA-256: 3bd5c18c6295bd7203869199e5de7d5ab0e75a0b448ba10616ed53004bd82e49 |
thunderbird-debuginfo-115.12.1-1.el9_4.x86_64.rpm | SHA-256: 0f15f55881d7b8588771daa7660b502d3e82f7923f9f5a2b161deaa29a08bb07 |
thunderbird-debugsource-115.12.1-1.el9_4.x86_64.rpm | SHA-256: 38f9d56d3cd426b70a88b742ea63d62f8cf97240fc1065d3fff3a77789a3e87a |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4
SRPM | |
---|---|
thunderbird-115.12.1-1.el9_4.src.rpm | SHA-256: dcde1f003f90c0bd5325c86daeeba17c8541fe53a1710512d03a351da5557824 |
x86_64 | |
thunderbird-115.12.1-1.el9_4.x86_64.rpm | SHA-256: 3bd5c18c6295bd7203869199e5de7d5ab0e75a0b448ba10616ed53004bd82e49 |
thunderbird-debuginfo-115.12.1-1.el9_4.x86_64.rpm | SHA-256: 0f15f55881d7b8588771daa7660b502d3e82f7923f9f5a2b161deaa29a08bb07 |
thunderbird-debugsource-115.12.1-1.el9_4.x86_64.rpm | SHA-256: 38f9d56d3cd426b70a88b742ea63d62f8cf97240fc1065d3fff3a77789a3e87a |
Red Hat Enterprise Linux Server - AUS 9.4
SRPM | |
---|---|
thunderbird-115.12.1-1.el9_4.src.rpm | SHA-256: dcde1f003f90c0bd5325c86daeeba17c8541fe53a1710512d03a351da5557824 |
x86_64 | |
thunderbird-115.12.1-1.el9_4.x86_64.rpm | SHA-256: 3bd5c18c6295bd7203869199e5de7d5ab0e75a0b448ba10616ed53004bd82e49 |
thunderbird-debuginfo-115.12.1-1.el9_4.x86_64.rpm | SHA-256: 0f15f55881d7b8588771daa7660b502d3e82f7923f9f5a2b161deaa29a08bb07 |
thunderbird-debugsource-115.12.1-1.el9_4.x86_64.rpm | SHA-256: 38f9d56d3cd426b70a88b742ea63d62f8cf97240fc1065d3fff3a77789a3e87a |
Red Hat Enterprise Linux for IBM z Systems 9
SRPM | |
---|---|
thunderbird-115.12.1-1.el9_4.src.rpm | SHA-256: dcde1f003f90c0bd5325c86daeeba17c8541fe53a1710512d03a351da5557824 |
s390x | |
thunderbird-115.12.1-1.el9_4.s390x.rpm | SHA-256: 74c3bc8697f11711f0971c5c7c5440287f7cea730b31ee0cb53b9656e575105c |
thunderbird-debuginfo-115.12.1-1.el9_4.s390x.rpm | SHA-256: 6f721ca0d1cb0341a2f0da263fb00993d8d529c10d81cdcae025a3a67891b4d5 |
thunderbird-debugsource-115.12.1-1.el9_4.s390x.rpm | SHA-256: 01bf343ea74d6c6b1e8cc72f529c0abbea5046c70eaaec2dc32a2b2a8f75ea1f |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4
SRPM | |
---|---|
thunderbird-115.12.1-1.el9_4.src.rpm | SHA-256: dcde1f003f90c0bd5325c86daeeba17c8541fe53a1710512d03a351da5557824 |
s390x | |
thunderbird-115.12.1-1.el9_4.s390x.rpm | SHA-256: 74c3bc8697f11711f0971c5c7c5440287f7cea730b31ee0cb53b9656e575105c |
thunderbird-debuginfo-115.12.1-1.el9_4.s390x.rpm | SHA-256: 6f721ca0d1cb0341a2f0da263fb00993d8d529c10d81cdcae025a3a67891b4d5 |
thunderbird-debugsource-115.12.1-1.el9_4.s390x.rpm | SHA-256: 01bf343ea74d6c6b1e8cc72f529c0abbea5046c70eaaec2dc32a2b2a8f75ea1f |
Red Hat Enterprise Linux for Power, little endian 9
SRPM | |
---|---|
thunderbird-115.12.1-1.el9_4.src.rpm | SHA-256: dcde1f003f90c0bd5325c86daeeba17c8541fe53a1710512d03a351da5557824 |
ppc64le | |
thunderbird-115.12.1-1.el9_4.ppc64le.rpm | SHA-256: 0a147cd06876cac6fdff1b93df00c179a39660f417e66d1b1a2b9a81e36d30e5 |
thunderbird-debuginfo-115.12.1-1.el9_4.ppc64le.rpm | SHA-256: da329d0529b179a0fd6b4202231e0a83d8fe2890ea6c6f104de8cdff9938fac7 |
thunderbird-debugsource-115.12.1-1.el9_4.ppc64le.rpm | SHA-256: 00fde75200fc552bbfc642f241d432603e5542ab1ce186d7feab7fbafe25c3e7 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4
SRPM | |
---|---|
thunderbird-115.12.1-1.el9_4.src.rpm | SHA-256: dcde1f003f90c0bd5325c86daeeba17c8541fe53a1710512d03a351da5557824 |
ppc64le | |
thunderbird-115.12.1-1.el9_4.ppc64le.rpm | SHA-256: 0a147cd06876cac6fdff1b93df00c179a39660f417e66d1b1a2b9a81e36d30e5 |
thunderbird-debuginfo-115.12.1-1.el9_4.ppc64le.rpm | SHA-256: da329d0529b179a0fd6b4202231e0a83d8fe2890ea6c6f104de8cdff9938fac7 |
thunderbird-debugsource-115.12.1-1.el9_4.ppc64le.rpm | SHA-256: 00fde75200fc552bbfc642f241d432603e5542ab1ce186d7feab7fbafe25c3e7 |
Red Hat Enterprise Linux for ARM 64 9
SRPM | |
---|---|
thunderbird-115.12.1-1.el9_4.src.rpm | SHA-256: dcde1f003f90c0bd5325c86daeeba17c8541fe53a1710512d03a351da5557824 |
aarch64 | |
thunderbird-115.12.1-1.el9_4.aarch64.rpm | SHA-256: 0ea7ef3072ec56dcda87dbb7de49f94d0c5e6f0cd20dd3339051cd34cec648c6 |
thunderbird-debuginfo-115.12.1-1.el9_4.aarch64.rpm | SHA-256: 5b344817193d7bbbcf96719d5675f37d661b83c5f73c350720b9f4cbb6ed4a6b |
thunderbird-debugsource-115.12.1-1.el9_4.aarch64.rpm | SHA-256: dda5396efaaf028a36b04855ac1c6a0a3f8e6207a51a75bbb063b4eb44d56328 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4
SRPM | |
---|---|
thunderbird-115.12.1-1.el9_4.src.rpm | SHA-256: dcde1f003f90c0bd5325c86daeeba17c8541fe53a1710512d03a351da5557824 |
aarch64 | |
thunderbird-115.12.1-1.el9_4.aarch64.rpm | SHA-256: 0ea7ef3072ec56dcda87dbb7de49f94d0c5e6f0cd20dd3339051cd34cec648c6 |
thunderbird-debuginfo-115.12.1-1.el9_4.aarch64.rpm | SHA-256: 5b344817193d7bbbcf96719d5675f37d661b83c5f73c350720b9f4cbb6ed4a6b |
thunderbird-debugsource-115.12.1-1.el9_4.aarch64.rpm | SHA-256: dda5396efaaf028a36b04855ac1c6a0a3f8e6207a51a75bbb063b4eb44d56328 |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4
SRPM | |
---|---|
thunderbird-115.12.1-1.el9_4.src.rpm | SHA-256: dcde1f003f90c0bd5325c86daeeba17c8541fe53a1710512d03a351da5557824 |
ppc64le | |
thunderbird-115.12.1-1.el9_4.ppc64le.rpm | SHA-256: 0a147cd06876cac6fdff1b93df00c179a39660f417e66d1b1a2b9a81e36d30e5 |
thunderbird-debuginfo-115.12.1-1.el9_4.ppc64le.rpm | SHA-256: da329d0529b179a0fd6b4202231e0a83d8fe2890ea6c6f104de8cdff9938fac7 |
thunderbird-debugsource-115.12.1-1.el9_4.ppc64le.rpm | SHA-256: 00fde75200fc552bbfc642f241d432603e5542ab1ce186d7feab7fbafe25c3e7 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4
SRPM | |
---|---|
thunderbird-115.12.1-1.el9_4.src.rpm | SHA-256: dcde1f003f90c0bd5325c86daeeba17c8541fe53a1710512d03a351da5557824 |
x86_64 | |
thunderbird-115.12.1-1.el9_4.x86_64.rpm | SHA-256: 3bd5c18c6295bd7203869199e5de7d5ab0e75a0b448ba10616ed53004bd82e49 |
thunderbird-debuginfo-115.12.1-1.el9_4.x86_64.rpm | SHA-256: 0f15f55881d7b8588771daa7660b502d3e82f7923f9f5a2b161deaa29a08bb07 |
thunderbird-debugsource-115.12.1-1.el9_4.x86_64.rpm | SHA-256: 38f9d56d3cd426b70a88b742ea63d62f8cf97240fc1065d3fff3a77789a3e87a |
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.4
SRPM | |
---|---|
thunderbird-115.12.1-1.el9_4.src.rpm | SHA-256: dcde1f003f90c0bd5325c86daeeba17c8541fe53a1710512d03a351da5557824 |
aarch64 | |
thunderbird-115.12.1-1.el9_4.aarch64.rpm | SHA-256: 0ea7ef3072ec56dcda87dbb7de49f94d0c5e6f0cd20dd3339051cd34cec648c6 |
thunderbird-debuginfo-115.12.1-1.el9_4.aarch64.rpm | SHA-256: 5b344817193d7bbbcf96719d5675f37d661b83c5f73c350720b9f4cbb6ed4a6b |
thunderbird-debugsource-115.12.1-1.el9_4.aarch64.rpm | SHA-256: dda5396efaaf028a36b04855ac1c6a0a3f8e6207a51a75bbb063b4eb44d56328 |
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.4
SRPM | |
---|---|
thunderbird-115.12.1-1.el9_4.src.rpm | SHA-256: dcde1f003f90c0bd5325c86daeeba17c8541fe53a1710512d03a351da5557824 |
s390x | |
thunderbird-115.12.1-1.el9_4.s390x.rpm | SHA-256: 74c3bc8697f11711f0971c5c7c5440287f7cea730b31ee0cb53b9656e575105c |
thunderbird-debuginfo-115.12.1-1.el9_4.s390x.rpm | SHA-256: 6f721ca0d1cb0341a2f0da263fb00993d8d529c10d81cdcae025a3a67891b4d5 |
thunderbird-debugsource-115.12.1-1.el9_4.s390x.rpm | SHA-256: 01bf343ea74d6c6b1e8cc72f529c0abbea5046c70eaaec2dc32a2b2a8f75ea1f |
Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。