- 発行日:
- 2024-06-20
- 更新日:
- 2024-06-20
RHSA-2024:4036 - Security Advisory
概要
Important: thunderbird security update
タイプ/重大度
Security Advisory: Important
Red Hat Insights パッチ分析
このアドバイザリーの影響を受けるシステムを特定し、修正します。
トピック
An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
説明
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.12.1.
Security Fix(es):
- thunderbird: Use-after-free in networking (CVE-2024-5702)
- thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688)
- thunderbird: External protocol handlers leaked by timing attack (CVE-2024-5690)
- thunderbird: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)
- thunderbird: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)
- thunderbird: Memory Corruption in Text Fragments (CVE-2024-5696)
- thunderbird: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
解決策
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
影響を受ける製品
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
修正
- BZ - 2291394 - CVE-2024-5702 Mozilla: Use-after-free in networking
- BZ - 2291395 - CVE-2024-5688 Mozilla: Use-after-free in JavaScript object transplant
- BZ - 2291396 - CVE-2024-5690 Mozilla: External protocol handlers leaked by timing attack
- BZ - 2291397 - CVE-2024-5691 Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
- BZ - 2291399 - CVE-2024-5693 Mozilla: Cross-Origin Image leak via Offscreen Canvas
- BZ - 2291400 - CVE-2024-5696 Mozilla: Memory Corruption in Text Fragments
- BZ - 2291401 - CVE-2024-5700 Mozilla: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12
CVE
Red Hat Enterprise Linux for x86_64 8
| SRPM | |
|---|---|
| thunderbird-115.12.1-1.el8_10.src.rpm | SHA-256: 1ea5c95864108eed6ac8fce7d07f57c691741f06e1013557daef30be532dd286 |
| x86_64 | |
| thunderbird-115.12.1-1.el8_10.x86_64.rpm | SHA-256: c57395b756203e4f4b6eadb49c323108b7c516c6ef237223b9fe404dac4ba5f2 |
| thunderbird-debuginfo-115.12.1-1.el8_10.x86_64.rpm | SHA-256: 85937ad7854036b37e57c58f24e4f2fcfb222ddeb9a30423ad971c5ad2c5fa7d |
| thunderbird-debugsource-115.12.1-1.el8_10.x86_64.rpm | SHA-256: 03bc7948fbcb3d7448af554b12803a70269953eb50f8f258d0fb72369abb9fae |
Red Hat Enterprise Linux for IBM z Systems 8
| SRPM | |
|---|---|
| thunderbird-115.12.1-1.el8_10.src.rpm | SHA-256: 1ea5c95864108eed6ac8fce7d07f57c691741f06e1013557daef30be532dd286 |
| s390x | |
| thunderbird-115.12.1-1.el8_10.s390x.rpm | SHA-256: 436fb080af54fc06c47229603eb55b411994fa6a3809e0e1e8e3a9bb977c98dd |
| thunderbird-debuginfo-115.12.1-1.el8_10.s390x.rpm | SHA-256: d8f378bb1c46ad2657bba7cbb50479ca90b6851b571a2a73fe04403e4b3a0a8b |
| thunderbird-debugsource-115.12.1-1.el8_10.s390x.rpm | SHA-256: d9cb3c19064b89214342e7f8ce3d4b9461378f1e97c0565c9076eb11fee1598d |
Red Hat Enterprise Linux for Power, little endian 8
| SRPM | |
|---|---|
| thunderbird-115.12.1-1.el8_10.src.rpm | SHA-256: 1ea5c95864108eed6ac8fce7d07f57c691741f06e1013557daef30be532dd286 |
| ppc64le | |
| thunderbird-115.12.1-1.el8_10.ppc64le.rpm | SHA-256: 150498f21ae0f7c2bafc91f7ce9d6061664205bad3b5bb85ddd88dc4dd1ad5b7 |
| thunderbird-debuginfo-115.12.1-1.el8_10.ppc64le.rpm | SHA-256: ca974411c1f3d96a3a17884a135e1635f72c747670bb83008d9017a61f832188 |
| thunderbird-debugsource-115.12.1-1.el8_10.ppc64le.rpm | SHA-256: f3828d69263f358f6e0f2d6d241ef3e44be8e3fce281e1c08c193f2536e33e0b |
Red Hat Enterprise Linux for ARM 64 8
| SRPM | |
|---|---|
| thunderbird-115.12.1-1.el8_10.src.rpm | SHA-256: 1ea5c95864108eed6ac8fce7d07f57c691741f06e1013557daef30be532dd286 |
| aarch64 | |
| thunderbird-115.12.1-1.el8_10.aarch64.rpm | SHA-256: 7fae1ee2a66c26511e00c05a53bf61de5045db0ba7fbbb2c0e3d855b6b6af211 |
| thunderbird-debuginfo-115.12.1-1.el8_10.aarch64.rpm | SHA-256: 7f2aa6ea7f29a17c811720aaeab9ac410e1db1f3942cd905ee368985f86bcdc4 |
| thunderbird-debugsource-115.12.1-1.el8_10.aarch64.rpm | SHA-256: 8711fdbd4a64ea0257a13a25274d765b0a8f0ba54bae7c5d13b280c0389d6a1b |
Red Hat のセキュリティーに関する連絡先は secalert@redhat.com です。 連絡先の詳細は https://access.redhat.com/security/team/contact/ をご覧ください。
