Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.1984
Important: thunderbird security update
4 June 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: thunderbird
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 8
Red Hat Enterprise Linux WS/Desktop 8
Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux WS/Desktop 7
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux WS/Desktop 6
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Unauthorised Access -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-11698 CVE-2019-11693 CVE-2019-11692
CVE-2019-11691 CVE-2019-9820 CVE-2019-9819
CVE-2019-9817 CVE-2019-9800 CVE-2019-9797
CVE-2019-7317 CVE-2019-5798 CVE-2018-18511
Reference: ASB-2019.0082
ASB-2019.0079
ESB-2019.1979
ESB-2019.1972
Original Bulletin:
https://access.redhat.com/errata/RHSA-2019:1308
https://access.redhat.com/errata/RHSA-2019:1309
https://access.redhat.com/errata/RHSA-2019:1310
Comment: This bulletin contains three (3) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2019:1308-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1308
Issue date: 2019-06-03
CVE Names: CVE-2018-18511 CVE-2019-5798 CVE-2019-7317
CVE-2019-9797 CVE-2019-9800 CVE-2019-9817
CVE-2019-9819 CVE-2019-9820 CVE-2019-11691
CVE-2019-11692 CVE-2019-11693 CVE-2019-11698
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - ppc64le, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 60.7.0.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
(CVE-2019-9800)
* Mozilla: Cross-origin theft of images with createImageBitmap
(CVE-2019-9797)
* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)
* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)
* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)
* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)
* Mozilla: Use-after-free removing listeners in the event listener manager
(CVE-2019-11692)
* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)
* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext
(CVE-2018-18511)
* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)
* Mozilla: Theft of user history data through drag and drop of hyperlinks
to and from bookmarks (CVE-2019-11698)
* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c
1676997 - CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext
1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia
1712617 - CVE-2019-11691 Mozilla: Use-after-free in XMLHttpRequest
1712618 - CVE-2019-11692 Mozilla: Use-after-free removing listeners in the event listener manager
1712619 - CVE-2019-11693 Mozilla: Buffer overflow in WebGL bufferdata on Linux
1712621 - CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
1712622 - CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap
1712623 - CVE-2019-9800 Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
1712626 - CVE-2019-9817 Mozilla: Stealing of cross-domain images using canvas
1712628 - CVE-2019-9819 Mozilla: Compartment mismatch with fetch API
1712629 - CVE-2019-9820 Mozilla: Use-after-free of ChromeEventHandler by DocShell
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
thunderbird-60.7.0-1.el8_0.src.rpm
ppc64le:
thunderbird-60.7.0-1.el8_0.ppc64le.rpm
thunderbird-debuginfo-60.7.0-1.el8_0.ppc64le.rpm
thunderbird-debugsource-60.7.0-1.el8_0.ppc64le.rpm
x86_64:
thunderbird-60.7.0-1.el8_0.x86_64.rpm
thunderbird-debuginfo-60.7.0-1.el8_0.x86_64.rpm
thunderbird-debugsource-60.7.0-1.el8_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-18511
https://access.redhat.com/security/cve/CVE-2019-5798
https://access.redhat.com/security/cve/CVE-2019-7317
https://access.redhat.com/security/cve/CVE-2019-9797
https://access.redhat.com/security/cve/CVE-2019-9800
https://access.redhat.com/security/cve/CVE-2019-9817
https://access.redhat.com/security/cve/CVE-2019-9819
https://access.redhat.com/security/cve/CVE-2019-9820
https://access.redhat.com/security/cve/CVE-2019-11691
https://access.redhat.com/security/cve/CVE-2019-11692
https://access.redhat.com/security/cve/CVE-2019-11693
https://access.redhat.com/security/cve/CVE-2019-11698
https://access.redhat.com/security/updates/classification/#important
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXPWIstzjgjWX9erEAQhmvg//SGv8G0IE1cKX+OnFYTpPQJMqYYPqjlTS
RUKg+Cou8Bw2H6tkO+Qy0ogpNEtBom85m3TRkSzl0KpTb4K85cq0YsKG8J6r/o2K
eAZZy3/Lt69uegsjlXmSMUbeemqXgHt5ZrFL9nU01Wmawlwchvzfz2bijWvBbIbs
BoKHfz0X+T+/fF64d3vAOG1J8Uj98nTgEMxmC+99oi2N4x6T+Q7O3DI8/drfPZ7e
SqF9UtRBkyYjmzvx2HLFAZOc21sFxGjKZzNfkuALUSdDghpi9wBI6B1H713QIs2f
LxOaleoxtpbUW7cEwHDVavGioQ8TD8IPUH+wBHRKAXoOMuDlgtxLOi90Qv02AXiF
Z6DWQ+VNHuwfgmKhQkF/dk5qOFAouSX4ztjs05Tke/8V5+0uxPzuFKub3qTAqqMh
9gU3MbzgiSvyjZxv3w816QZsvpU3lJVZMGdTfAtT1HlnPvaGSV5yFNhJEaicU7Uh
27lKC+PLVD6Rscbyeo9BcgXaB0ZgPaLM6NlZKG6H4NC9+35D5ZInKtgbeRRYr75j
UMqapFl81UgRilAC8JHrhV3eVZde46Gino8XXdtccAgA85ZXVxXqK/0kT+3zRjqS
/UUS4aBYo64bDN5gw20ObI7eyVl9A8/Gdvtw1VunwovLHjh4Rit2OEvjp5oHiRmv
4CFyuGOSg2E=
=1Wfl
- -----END PGP SIGNATURE-----
- ---------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2019:1309-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1309
Issue date: 2019-06-03
CVE Names: CVE-2018-18511 CVE-2019-5798 CVE-2019-7317
CVE-2019-9797 CVE-2019-9800 CVE-2019-9817
CVE-2019-9819 CVE-2019-9820 CVE-2019-11691
CVE-2019-11692 CVE-2019-11693 CVE-2019-11698
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 60.7.0.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
(CVE-2019-9800)
* Mozilla: Cross-origin theft of images with createImageBitmap
(CVE-2019-9797)
* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)
* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)
* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)
* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)
* Mozilla: Use-after-free removing listeners in the event listener manager
(CVE-2019-11692)
* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)
* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext
(CVE-2018-18511)
* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)
* Mozilla: Theft of user history data through drag and drop of hyperlinks
to and from bookmarks (CVE-2019-11698)
* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c
1676997 - CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext
1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia
1712617 - CVE-2019-11691 Mozilla: Use-after-free in XMLHttpRequest
1712618 - CVE-2019-11692 Mozilla: Use-after-free removing listeners in the event listener manager
1712619 - CVE-2019-11693 Mozilla: Buffer overflow in WebGL bufferdata on Linux
1712621 - CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
1712622 - CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap
1712623 - CVE-2019-9800 Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
1712626 - CVE-2019-9817 Mozilla: Stealing of cross-domain images using canvas
1712628 - CVE-2019-9819 Mozilla: Compartment mismatch with fetch API
1712629 - CVE-2019-9820 Mozilla: Use-after-free of ChromeEventHandler by DocShell
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
thunderbird-60.7.0-1.el7_6.src.rpm
x86_64:
thunderbird-60.7.0-1.el7_6.x86_64.rpm
thunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
Source:
thunderbird-60.7.0-1.el7_6.src.rpm
ppc64le:
thunderbird-60.7.0-1.el7_6.ppc64le.rpm
thunderbird-debuginfo-60.7.0-1.el7_6.ppc64le.rpm
x86_64:
thunderbird-60.7.0-1.el7_6.x86_64.rpm
thunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
Source:
thunderbird-60.7.0-1.el7_6.src.rpm
aarch64:
thunderbird-60.7.0-1.el7_6.aarch64.rpm
thunderbird-debuginfo-60.7.0-1.el7_6.aarch64.rpm
ppc64le:
thunderbird-60.7.0-1.el7_6.ppc64le.rpm
thunderbird-debuginfo-60.7.0-1.el7_6.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
thunderbird-60.7.0-1.el7_6.src.rpm
x86_64:
thunderbird-60.7.0-1.el7_6.x86_64.rpm
thunderbird-debuginfo-60.7.0-1.el7_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-18511
https://access.redhat.com/security/cve/CVE-2019-5798
https://access.redhat.com/security/cve/CVE-2019-7317
https://access.redhat.com/security/cve/CVE-2019-9797
https://access.redhat.com/security/cve/CVE-2019-9800
https://access.redhat.com/security/cve/CVE-2019-9817
https://access.redhat.com/security/cve/CVE-2019-9819
https://access.redhat.com/security/cve/CVE-2019-9820
https://access.redhat.com/security/cve/CVE-2019-11691
https://access.redhat.com/security/cve/CVE-2019-11692
https://access.redhat.com/security/cve/CVE-2019-11693
https://access.redhat.com/security/cve/CVE-2019-11698
https://access.redhat.com/security/updates/classification/#important
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXPWIu9zjgjWX9erEAQg21w//Z7v1kJQho28efeI70LrXGp/n0Hlj5i2m
JwhPrwWDnz5BH5WbYrPIch/2CTL7znXR6v5rjisXoFhtvoSme3LPStyijp+bMXGr
FtKnWFJRVt87gWZ8NwvY/mtwCjpIXSOCkAdEe6Rk+crG4gtBRct32ZDfcH+6U1Km
cPpoguI0Q4cd/KZ4yiyFgUG66k0vBZ/mqUch480+vtlNkiO5JhZzPapTMEr5C9Ay
qKmn6A98z3eVOpligYZ/5nAC4HfY6AhQp4CWFPijmvobJzq1a9z0XH4L9KeQk6RA
laW0+rzw9NcsSk4c5WMWlcl9YzzYSr663av26VIKwgUnMEGjmBKstSUfgYIBgu3j
ROMrVlHl2BTPJNrGtW0arWLo2pC0qCKEwcMGo8aisyNBLMc9QXFP4CCjf6uVtpU7
VYfHz3bwfokj7R9dFDh3dDTmyrLeAWkoDckEmo59XEfXaA1u7E/QEAnxA4h9wCb3
TU1frVhktXSh4lPO5JYIE4cpT50MJEyt2FPsSfQaL+q2EUMNlxR5IckSDx+sFicn
jSelaqnOEpJQSle2bLWAQmGgWeMMkyHbRReCjRMBYPt0F/qbFiKIvRJISEYlVb9L
xpnYw8aTMn5OFxH2BCT/+mVniOhZYqPK8CfEF2dTKZ7hYtzammrzndSZf2ifG574
3/xegYaen8Q=
=TKs0
- -----END PGP SIGNATURE-----
- ---------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2019:1310-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1310
Issue date: 2019-06-03
CVE Names: CVE-2018-18511 CVE-2019-5798 CVE-2019-7317
CVE-2019-9797 CVE-2019-9800 CVE-2019-9817
CVE-2019-9819 CVE-2019-9820 CVE-2019-11691
CVE-2019-11692 CVE-2019-11693 CVE-2019-11698
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 60.7.0.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
(CVE-2019-9800)
* Mozilla: Cross-origin theft of images with createImageBitmap
(CVE-2019-9797)
* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)
* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)
* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)
* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)
* Mozilla: Use-after-free removing listeners in the event listener manager
(CVE-2019-11692)
* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)
* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext
(CVE-2018-18511)
* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)
* Mozilla: Theft of user history data through drag and drop of hyperlinks
to and from bookmarks (CVE-2019-11698)
* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c
1676997 - CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext
1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia
1712617 - CVE-2019-11691 Mozilla: Use-after-free in XMLHttpRequest
1712618 - CVE-2019-11692 Mozilla: Use-after-free removing listeners in the event listener manager
1712619 - CVE-2019-11693 Mozilla: Buffer overflow in WebGL bufferdata on Linux
1712621 - CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
1712622 - CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap
1712623 - CVE-2019-9800 Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
1712626 - CVE-2019-9817 Mozilla: Stealing of cross-domain images using canvas
1712628 - CVE-2019-9819 Mozilla: Compartment mismatch with fetch API
1712629 - CVE-2019-9820 Mozilla: Use-after-free of ChromeEventHandler by DocShell
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
thunderbird-60.7.0-1.el6_10.src.rpm
i386:
thunderbird-60.7.0-1.el6_10.i686.rpm
thunderbird-debuginfo-60.7.0-1.el6_10.i686.rpm
x86_64:
thunderbird-60.7.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-60.7.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
thunderbird-60.7.0-1.el6_10.src.rpm
i386:
thunderbird-60.7.0-1.el6_10.i686.rpm
thunderbird-debuginfo-60.7.0-1.el6_10.i686.rpm
ppc64:
thunderbird-60.7.0-1.el6_10.ppc64.rpm
thunderbird-debuginfo-60.7.0-1.el6_10.ppc64.rpm
s390x:
thunderbird-60.7.0-1.el6_10.s390x.rpm
thunderbird-debuginfo-60.7.0-1.el6_10.s390x.rpm
x86_64:
thunderbird-60.7.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-60.7.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
thunderbird-60.7.0-1.el6_10.src.rpm
i386:
thunderbird-60.7.0-1.el6_10.i686.rpm
thunderbird-debuginfo-60.7.0-1.el6_10.i686.rpm
x86_64:
thunderbird-60.7.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-60.7.0-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-18511
https://access.redhat.com/security/cve/CVE-2019-5798
https://access.redhat.com/security/cve/CVE-2019-7317
https://access.redhat.com/security/cve/CVE-2019-9797
https://access.redhat.com/security/cve/CVE-2019-9800
https://access.redhat.com/security/cve/CVE-2019-9817
https://access.redhat.com/security/cve/CVE-2019-9819
https://access.redhat.com/security/cve/CVE-2019-9820
https://access.redhat.com/security/cve/CVE-2019-11691
https://access.redhat.com/security/cve/CVE-2019-11692
https://access.redhat.com/security/cve/CVE-2019-11693
https://access.redhat.com/security/cve/CVE-2019-11698
https://access.redhat.com/security/updates/classification/#important
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXPWIwNzjgjWX9erEAQhz6Q/+Mk6McBpD9bPsmEcdACbjpV+V1ygpi/c5
IPXCWh37tpHkXmu5GLtx7EzrCAvKoo/zoyUSxupaMs3AY1rnE1MJPIV+SCGfvLkM
ObYcsSqEmepRw7SaQ848inF1Krx0XOzHpNrKii8xWe9yHe2yeYf3HjBfmAou7NC5
94xOHU6z/bAukxtfU/33pxledWXykqySe82d2zE4kmDkL6ZraKNtcfRTXps4Volx
6+7AghqT9GdPMqlvQ+wMWmJWwc8Zy3tMPm6hyzvug9i+WfDS0HQ6aEehWhI6SKy6
sDewW4p04Wlqk1wb4CVRpX+7XefJsLc9aioUvs45JpIHco62bcZKZxsRZ16FRxAx
cow6VwgcBk2Y/PuxZsvZZK10Ea+p3fzLJTeD/u1n4zpvv5OYS1YdlesecburqUYZ
+ThjzflSqts8MIV7jbNiXEPCj8Cdv/XXC2peQLU0jtpa9MxOCCqxeiOm1wcUmBXf
gtA7wgXU5ieSgDeDUrWtiISkTQSrXmpFLDxfMX3UQ7fyn4FOidV8emxkgcsr+MUA
VxW2+r91Fc1oDKXreRhScbXXc41MtGKxPjToWh2emLkl2Mj81EbpWKBpv4eoTLpT
CaVeAtPo5gNoKFgEtAa6PJZtdZcf93WdGrKJtHygqwDh1AbJ3LhRqgK/V1GspWTd
DYJCE4Fu6wY=
=YI5G
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXPW602aOgq3Tt24GAQip0xAAnJInwgFkaFh8KEa3Lz1EJZSKXd1Vcvd7
ABcB4eFKtwiLcCJ6Cd+e+RKrRip+qtmEpJ3H7fK8kLksBPY6gOZE5zdM4mCGQD1g
eBkYTyeXYs4mfnmi1c9fz1SoDeG/ksyl3zkzUg/b3wCydTFxdFONEgt4++47Fjhb
wWtyVcLCijpZJY6k4hrRvWOYQdyYXY5QgAqdRFDyrxs9Z9cay+8OZ1QoM7G8XnLQ
aa1aIOmD4MR0npRJ8GY1QUYMF6JNDBmjkbSnGh8PBVMAy3OQ9GCXCUv0TBEu0Jk8
I1tNHOSTLGBtF+cxGqCIWFFL7kW9m6hBqs/u09yqs96eRdQWhdqmU6WRfzcluR25
uieKRIYt2KBh1NiW1mFYYDWKKmC0eeePRJ0KfSqEX5CGHh16D0c0rnUdbryAfjVL
HYO+sXwJjmUo7UdllEZZkmw0+Hh7wHXfeyqya3ky+bPg4RzvUq+F37kYpvPYmFC+
mNlDuNcKhOks10BSix1XIG5gA/TMGpiBfEiVzv6tYBmuwelhuulipyWnDj/ywtBV
SeO0QinrZrYVTXEmRH5XjkC+OHoO5y788YralDfmBUxVp8d86YIxpBLTNegHAs4W
8Ef87ITLG0d2AldAN2iTMfmjr/zYMvRNjQX5aFggFaoXXEyP1q12gEQP0ISHdt+s
XnYxHqV0E0U=
=Zsxb
-----END PGP SIGNATURE-----