Synopsis: Important: thunderbird security update
Advisory ID: SLSA-2016:0460-1
Issue Date: 2016-03-16
CVE Numbers: CVE-2016-1952
CVE-2016-1954
CVE-2016-1957
CVE-2016-1960
CVE-2016-1961
CVE-2016-1964
CVE-2016-1966
CVE-2016-1974
—
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user
running Thunderbird. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957,
CVE-2016-1960, CVE-2016-1961, CVE-2016-1974, CVE-2016-1964, CVE-2016-1966)
Multiple security flaws were found in the graphite2 font library shipped
with Thunderbird. A web page containing malicious content could cause
Thunderbird to crash or, potentially, execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2016-1977, CVE-2016-2790,
CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,
CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,
CVE-2016-2801, CVE-2016-2802)
After installing the update, Thunderbird must be restarted for the changes
to take effect.
—
SL5
x86_64
thunderbird-38.7.0-1.el5_11.x86_64.rpm
thunderbird-debuginfo-38.7.0-1.el5_11.x86_64.rpm
i386
thunderbird-38.7.0-1.el5_11.i386.rpm
thunderbird-debuginfo-38.7.0-1.el5_11.i386.rpm
SL6
x86_64
thunderbird-38.7.0-1.el6_7.x86_64.rpm
thunderbird-debuginfo-38.7.0-1.el6_7.x86_64.rpm
i386
thunderbird-38.7.0-1.el6_7.i686.rpm
thunderbird-debuginfo-38.7.0-1.el6_7.i686.rpm
SL7
x86_64
thunderbird-38.7.0-1.el7_2.x86_64.rpm
thunderbird-debuginfo-38.7.0-1.el7_2.x86_64.rpm
– Scientific Linux Development Team
