Synopsis: Important: thunderbird security update
Advisory ID: SLSA-2018:1726-1
Issue Date: 2018-05-24
CVE Numbers: CVE-2018-5150
CVE-2018-5154
CVE-2018-5155
CVE-2018-5159
CVE-2018-5168
CVE-2018-5178
CVE-2018-5183
CVE-2018-5184
CVE-2018-5161
CVE-2018-5162
CVE-2018-5170
CVE-2018-5185
—
This update upgrades Thunderbird to version 52.8.0.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
(CVE-2018-5150)
* Mozilla: Backport critical security fixes in Skia (CVE-2018-5183)
* Mozilla: Use-after-free with SVG animations and clip paths
(CVE-2018-5154)
* Mozilla: Use-after-free with SVG animations and text paths
(CVE-2018-5155)
* Mozilla: Integer overflow and out-of-bounds write in Skia
(CVE-2018-5159)
* Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack
(CVE-2018-5184)
* Mozilla: Hang via malformed headers (CVE-2018-5161)
* Mozilla: Encrypted mail leaks plaintext through src attribute
(CVE-2018-5162)
* Mozilla: Lightweight themes can be installed without user interaction
(CVE-2018-5168)
* Mozilla: Filename spoofing for external attachments (CVE-2018-5170)
* Mozilla: Buffer overflow during UTF-8 to Unicode string conversion
through legacy extension (CVE-2018-5178)
* Mozilla: Leaking plaintext through HTML forms (CVE-2018-5185)
—
SL6
x86_64
thunderbird-52.8.0-2.el6_9.x86_64.rpm
thunderbird-debuginfo-52.8.0-2.el6_9.x86_64.rpm
i386
thunderbird-52.8.0-2.el6_9.i686.rpm
thunderbird-debuginfo-52.8.0-2.el6_9.i686.rpm
– Scientific Linux Development Team
