Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.3799.2
thunderbird security update
6 November 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: thunderbird
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-15969 CVE-2020-15683
Reference: ESB-2020.3770
ESB-2020.3701
ESB-2020.3665
ESB-2020.3629
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:4909
https://access.redhat.com/errata/RHSA-2020:4913
https://access.redhat.com/errata/RHSA-2020:4944
https://access.redhat.com/errata/RHSA-2020:4945
https://access.redhat.com/errata/RHSA-2020:4947
https://access.redhat.com/errata/RHSA-2020:4948
Comment: This bulletin contains six (6) Red Hat security advisories.
Revision History: November 6 2020: Appended additional associated advisories
November 5 2020: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2020:4909-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4909
Issue date: 2020-11-04
CVE Names: CVE-2020-15683 CVE-2020-15969
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.4.0.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
(CVE-2020-15683)
* chromium-browser: Use after free in WebRTC (CVE-2020-15969)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC
1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
thunderbird-78.4.0-1.el7_9.src.rpm
x86_64:
thunderbird-78.4.0-1.el7_9.x86_64.rpm
thunderbird-debuginfo-78.4.0-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
Source:
thunderbird-78.4.0-1.el7_9.src.rpm
ppc64le:
thunderbird-78.4.0-1.el7_9.ppc64le.rpm
thunderbird-debuginfo-78.4.0-1.el7_9.ppc64le.rpm
x86_64:
thunderbird-78.4.0-1.el7_9.x86_64.rpm
thunderbird-debuginfo-78.4.0-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
thunderbird-78.4.0-1.el7_9.src.rpm
x86_64:
thunderbird-78.4.0-1.el7_9.x86_64.rpm
thunderbird-debuginfo-78.4.0-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-15683
https://access.redhat.com/security/cve/CVE-2020-15969
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX6K5DdzjgjWX9erEAQjw4A//eWtdc4EzxM8leWC6YCWJvbjVnJz+Y4l6
qo024EcJB/gVKIuiv90JRE0cOguAKG9ahcUtZSegCGEcdj3xHQ1/z3ur4L4n0Y3n
ph+OAIN+ujfXboT7yPHLD8gZF3oc3pRHDjqQvWbcjaXyl/miGevO0M19JnvbXINR
ZbvQU2wFyCoz+ngC30Yfp6c+FgsriU1P+tkiv+f2IApfiqVe9WDgSwaSC3QVtOha
5V0Xa2aTEpikjfugeQUUKZcUJJtXmVF+WTZ9CQJOPlma0vs3/byBp43xND7i2/bi
5hAb2yIvrzoCvaQqd+9rsMT0JKoDdD4BW0585GL2qDvTNWWH6ptYSeE9aEOHrqoG
dgyCRcHuaG31ZFN11eBmyl343Nb4rsEnjvmJmkNvqJzoDJ3NnpfZilb8gO60Fa1C
Mf/wQpq8qyIsrDHaaib+CKvLLkgE2nWMhh2gVMJvU51FyuomI9T04mcWSbPFv3/M
Lx3/olJpZWfsx6i6uJJJff8rBJmueGTk2OAfHBoLsRzq4STY6L4JwqZFz6qvoDJX
vUnzUQ58uZs+7/tqb0h2Npn2VpDHiMmkJSBomFdKnWEis7DGLEmsskzGV5Yk6Oja
fSs/vpbN3z/RFvkoor1yI1X+eLi2qT5ZNdUtNPX2t275WkXUR0Kq4wh6Sn3szx21
8QnWZbz7ziQ=
=bM6p
- -----END PGP SIGNATURE-----
- ------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2020:4913-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4913
Issue date: 2020-11-04
CVE Names: CVE-2020-15683 CVE-2020-15969
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.4.0.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
(CVE-2020-15683)
* chromium-browser: Use after free in WebRTC (CVE-2020-15969)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC
1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
thunderbird-78.4.0-1.el8_3.src.rpm
aarch64:
thunderbird-78.4.0-1.el8_3.aarch64.rpm
thunderbird-debuginfo-78.4.0-1.el8_3.aarch64.rpm
thunderbird-debugsource-78.4.0-1.el8_3.aarch64.rpm
ppc64le:
thunderbird-78.4.0-1.el8_3.ppc64le.rpm
thunderbird-debuginfo-78.4.0-1.el8_3.ppc64le.rpm
thunderbird-debugsource-78.4.0-1.el8_3.ppc64le.rpm
x86_64:
thunderbird-78.4.0-1.el8_3.x86_64.rpm
thunderbird-debuginfo-78.4.0-1.el8_3.x86_64.rpm
thunderbird-debugsource-78.4.0-1.el8_3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-15683
https://access.redhat.com/security/cve/CVE-2020-15969
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX6KsNtzjgjWX9erEAQg/MA/9Gi6qCO/1vfMjx19gqbH42Xnv4JL3cq6E
6WbyyXxN2LMxvU7TPONDhY56oqw/e+fYPoyg23a7TBCDfM+ofiuBqVEtzVcI6Lv4
Vf7ag2e4S6Gc26fgh2kCb8Tqin/RJeKU0QhPHvPknobvQqRArZtiZq3DPj7x/SXR
PgGzOx81QPoKQ1K5QwPrvcJC1drrAlzvgXZ7gpyVpOUckOthJaG33a+WAbWpb46V
Y+D0/fJIYJwDhaEI79nO+VyjF4XLhZmDL0ncTIKjVlDzu48Y7NUIHvYmHDD789wG
nLo/sES5t6efDGnBwX+7micCq6tqIu0ASUwhsoxadMalmW8WZjuS9OJ9XNs7VaU0
DjHE06lkuv2oe1a+QjAPdJr9W/WA0fnVOSYbY8hhl64dNLiqi5oJvdxFvQvWT16s
JbkRGkPIHuaT6/89xUX9cxLXVRWO+qloiyT2VzlcNsXj7/T9QoWFQx6u9NkpruN4
7/iWQDIHa0qUFe7py0nf5ygsKF2Z/1Ja5+hYFYBHeOa5Z4JMOjDH3PS2HMo0y7mh
bHX/0y66h3Oe/T9EBijJg/kjZ70zEP4TxrJG2UdaFwxvBNcILXrDpOXGyW7iAhNG
IRhW2Uc6ErS1TSzCCXApgVRdWPY7aDneiWwNjQ8kyOnWUhyEmM1XBtAbPJfG8TAo
9Mg89r8Nusw=
=pnsO
- -----END PGP SIGNATURE-----
- -------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2020:4944-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4944
Issue date: 2020-11-05
CVE Names: CVE-2020-15683 CVE-2020-15969
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 8.0
Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream E4S (v. 8.0) - ppc64le, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.4.0.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
(CVE-2020-15683)
* chromium-browser: Use after free in WebRTC (CVE-2020-15969)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC
1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
6. Package List:
Red Hat Enterprise Linux AppStream E4S (v. 8.0):
Source:
thunderbird-78.4.0-1.el8_0.src.rpm
ppc64le:
thunderbird-78.4.0-1.el8_0.ppc64le.rpm
thunderbird-debuginfo-78.4.0-1.el8_0.ppc64le.rpm
thunderbird-debugsource-78.4.0-1.el8_0.ppc64le.rpm
x86_64:
thunderbird-78.4.0-1.el8_0.x86_64.rpm
thunderbird-debuginfo-78.4.0-1.el8_0.x86_64.rpm
thunderbird-debugsource-78.4.0-1.el8_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-15683
https://access.redhat.com/security/cve/CVE-2020-15969
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX6O+btzjgjWX9erEAQjsOg//UF3JIfGF0dcYskI0UyjMy/1RiZibmcGe
lS3j0rQiyvQj/AsWzO2iKFbZP25RWDoFuZQxbrWFMXGp5z6NAPgKibyGaVlCAERr
KCiViI8pCAthi+d9CObi1reTbqO+lA4bwBhwPLlmrBFuI2XkGqkMD5jD4JpVlQxk
KjMiqAkLhX6G03i7AUIbFedb9Zat4E5LtgxmU5oTN1cRefXnGmYexjsSrOtkxDLM
W6vb01RH9TBlsSkrOvPl8GDUKeU8yvmiDFmiNUKKyulh3SdlQ/iWk2qV6YpDd1SB
d9ftypmLUoKaRuvIbkznEL7uZIJkw5aNlIhQDpqOL5xM5XwhfTXgrZbkiXNvEYWb
n3lItQHI0sHS/J5AtUVnXxuVlMXtfYZVdQ7fzL56iQNYas16hFhrVv71FynbA4ad
ItMW7EjnO+RpYTZ1iXr+01UKi4Xg5CXCrgVj1KFf+vbMT95TJcfPoCIu8tdh+5Ts
MTjdfilGkHoa5Gkt0KTmkolTuVaq4xqZ6anknfaxPFYHqsbzSbuHY6t1uGQm4vzI
t9QzQZZS35YCCtqYuwa10S93G4aocUlii3ybRW1IKa4gZYXuTvZ7T+ZL/BtTiVn6
uoZVzMQGjhIfmb0hO5IkhdqU1Y+Va4tp3TCWF+DL+mmPgQMO/nHH3qHJxxLZ1okX
Xu9aBn3WFRw=
=HfUh
- -----END PGP SIGNATURE-----
- ------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2020:4945-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4945
Issue date: 2020-11-05
CVE Names: CVE-2020-15683 CVE-2020-15969
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.1) - ppc64le, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.4.0.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
(CVE-2020-15683)
* chromium-browser: Use after free in WebRTC (CVE-2020-15969)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC
1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.1):
Source:
thunderbird-78.4.0-1.el8_1.src.rpm
ppc64le:
thunderbird-78.4.0-1.el8_1.ppc64le.rpm
thunderbird-debuginfo-78.4.0-1.el8_1.ppc64le.rpm
thunderbird-debugsource-78.4.0-1.el8_1.ppc64le.rpm
x86_64:
thunderbird-78.4.0-1.el8_1.x86_64.rpm
thunderbird-debuginfo-78.4.0-1.el8_1.x86_64.rpm
thunderbird-debugsource-78.4.0-1.el8_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-15683
https://access.redhat.com/security/cve/CVE-2020-15969
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX6PBAtzjgjWX9erEAQjKiw/8DfyKQvgBrJdxKsQT/yCLjRcPeOyBsm7/
/CRLSQbyRfAG2EPJeUqKHvi4G5AlGiylFN7YaRRrBrL9SYIxohx0j96BwnH/sZL9
06b34CwC0WGB5XOgrQqbI15G3DziZYV594QrZI17cMRGMJg1BkweFdiGO91tQjbi
aDYnfVxXWK9glH1gk579MB6yqRVYM6f+rE+V2jJ1qHxQgIBHRl3iFiRqdKMixTqk
0EuFJb5nCcyI0mv6d4Ubr+a6HdtsSt1PRpc2L9owXKAR3bCtosiMw/ykc06B93ll
qk4iKWnFvHSGS7qOyKfh3BO/Vv3E7vOYTqNUG7HgwwXSoHo0bdU4cEvVumC3i4dc
5m7tfq0OfxNm7V9XrPiYoAk5UQVmzw4fVXZJHyaNkFeL+9O9qSGsWdI8mpREImFc
ViitO0gelZe3+qGbeSxAj5T+IDF7vCWB/CQuLtp+xYi9vrsHdRZ5m+4lpRPdXVP3
QG/f+E4wgzHer81AMZ/7AhgOq3LM7bG17Cu1KTaTRp/xE+NseYu0qqkDtYNd6jGV
+HHi0xv5B3vhXv7Zz4Oq48JkCwqS62hkuSwqcH2Wn3k2FVuOcDxrwdobhUQLjsq7
QH4pMpAulMp/czk7r1U4zAqegRlboW5OcDoK7WI2FPxh57NMsmvgR8k7Oe9WO/eC
fR4AZlb65tY=
=OXaD
- -----END PGP SIGNATURE-----
- -------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2020:4947-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4947
Issue date: 2020-11-05
CVE Names: CVE-2020-15683 CVE-2020-15969
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.4.0.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
(CVE-2020-15683)
* chromium-browser: Use after free in WebRTC (CVE-2020-15969)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC
1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
thunderbird-78.4.0-1.el6_10.src.rpm
i386:
thunderbird-78.4.0-1.el6_10.i686.rpm
x86_64:
thunderbird-78.4.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-78.4.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
thunderbird-78.4.0-1.el6_10.src.rpm
i386:
thunderbird-78.4.0-1.el6_10.i686.rpm
ppc64:
thunderbird-78.4.0-1.el6_10.ppc64.rpm
thunderbird-debuginfo-78.4.0-1.el6_10.ppc64.rpm
s390x:
thunderbird-78.4.0-1.el6_10.s390x.rpm
thunderbird-debuginfo-78.4.0-1.el6_10.s390x.rpm
x86_64:
thunderbird-78.4.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-78.4.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
thunderbird-78.4.0-1.el6_10.src.rpm
i386:
thunderbird-78.4.0-1.el6_10.i686.rpm
x86_64:
thunderbird-78.4.0-1.el6_10.i686.rpm
thunderbird-78.4.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-78.4.0-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-15683
https://access.redhat.com/security/cve/CVE-2020-15969
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX6PGZ9zjgjWX9erEAQicqg/9F7pV3T451oH2gVXrlC9sFg+7c+1ssi33
G8Bx81sTSCrA81eUNNd+TJJxSc6xsMb44c33LTAefJUSfs0HsJH77xOXUj6Ytfh/
iRi7MSZaL5wcm6KNmkVG69bPYUzGP/Q22M3v0EDoWctGE6UdxvNxmmpOZBmYvGnb
SW8ZWXsQ2ji6i3AT3CpxGq9X3ErDn22FNCb8WpCLoeCHyCQX3NR3PGXPSc5wdDHB
QeURQhEYE2bdZdqsbJGc3pVULkg+kSfeUSZQ3550+RTxUA84jwKdDRenZRfB24Ze
4TowCtY798wO5NmQjUGQaHY4ma+Uae15AulMVxdmJY9e8yKq0xnMn5Mu1MQKE0/u
luJQVMHHribBe3bUo4wS6oYklTl/MTVZQ09uO7LBmwZBcfdgHKlkI9qyk32e8uh3
5T6sluWvFWuIPhvEnWnpF8UKz4yWE3y0QyXs73q9FSP5JmDCo8Bv3CjSo2fZQHFq
FuZjYDMNtDl35N+9LP1fmODFiu/JfLoHQInbxZRyWrb/QKLBbEetuAxkYHCptkYG
Q0KA2P6worM+M7IYr0wtulsMyRYQd7Mu1DW9HFK0O+Uv7KcutL9wswxLRjSNGWBv
o2I1kpYD97ZHShTsgik1n3fcFScurvrQVwoV6mWSKgAhtB3s+JqkJtjywzUVR4Qx
H9Js/8tmZM0=
=HXvo
- -----END PGP SIGNATURE-----
- -------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2020:4948-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4948
Issue date: 2020-11-05
CVE Names: CVE-2020-15683 CVE-2020-15969
=====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.4.0.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
(CVE-2020-15683)
* chromium-browser: Use after free in WebRTC (CVE-2020-15969)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC
1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.2):
Source:
thunderbird-78.4.0-1.el8_2.src.rpm
aarch64:
thunderbird-78.4.0-1.el8_2.aarch64.rpm
thunderbird-debuginfo-78.4.0-1.el8_2.aarch64.rpm
thunderbird-debugsource-78.4.0-1.el8_2.aarch64.rpm
ppc64le:
thunderbird-78.4.0-1.el8_2.ppc64le.rpm
thunderbird-debuginfo-78.4.0-1.el8_2.ppc64le.rpm
thunderbird-debugsource-78.4.0-1.el8_2.ppc64le.rpm
x86_64:
thunderbird-78.4.0-1.el8_2.x86_64.rpm
thunderbird-debuginfo-78.4.0-1.el8_2.x86_64.rpm
thunderbird-debugsource-78.4.0-1.el8_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-15683
https://access.redhat.com/security/cve/CVE-2020-15969
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX6O99tzjgjWX9erEAQhlhQ//fKmeCL6fZMBiQwE8JVj8+f9J5EPZPtH/
Eb0FfUyHZ1UOnRz1P7VCaXJ7FUWs5vZzwStNAzK/BIngqn6e92X0tOr4Y3Cjv+sE
2RNZ2HSX2UDu41f4sj9LL5a1I+ou4ujH7rEBVKCQETHDG51nF+042wmxorD2YbGy
8e4IBy7125VyQl6Po6eFBt1+Ql9hckkVqizlLh93+B8vW/pGgABYYG0FQOPIJ9lq
y+klJ5o2c9bA/3j38j0ifwy3osMWC3m9LEbyclz5bi2w2l60lg2BO4MBuSPrrop+
ZinY8TToPxA84X2ypaETgtRSdblmcIhXscWcIS7h2MZnP1hCCZo93Dxjs8zRTN/3
gdOipQKszqtNtZ4zi4JsttJcpMVqyi7cLrV876a8FWTSM7yWg0bjfZ6rjnyVpLk2
0JccnIP0cds6DRzbS/fAxcr7lyaWPV+qeu/H51PYrO5kW/3GKDSpajs65OG7jC1H
r9xEsakrSXymnrslf+gMewLlZjXlqdCoYVzwS2bwh//IgDQIfQY5I2T6hsXjwkD0
wn73ALiY3LEdOvojc2gVQy9yjS80pfPZQoiBdan6xV260FqxLWBBUOvLiZZycV5K
agGzaR8CebaxkANzicO7mzyZlevI2cZbAkxcBqDPXh0NzpHpNrWfE+g5SrfoVSUI
3MySc0MuOF4=
=CIAO
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX6R9C+NLKJtyKPYoAQh2bhAAp1yFogjrcH7lZ8L2zboHrqNFYsi951Hr
VqbnxGF09tJZ7zh+MoyzciPcMtweFOKm+SqFOxwJ7Kp6dvaU8zFEqevJ3wk/pVop
6/8+iZj50R1UJUcC3LnDxK0B5H+i683IoZ0AyJcQb2bQDe4LhjZIC7+RheJytIC7
HYJbJcMIqg6rBRX+rxItQkskZwJSiGtX+vZsJdDoB9oyuNtrq14b2SsO/IMmDBnE
77fH10WuQmWGcFvRia1hPqu6C4g1oD1PSg/4ssOrSf1wjLe+ElT6Kue0QShWua9C
Vjq1+IQEPwiJbyjg5AUDAWfwd1c2z5p0IO3lu07AJoMA5fWjNDct8GM9zAf+Emtn
zQP8WLXnK2/LmLO/oNbxFIhZSEHivF2IhyedeeiKW3U8LPdx6UF7l7jUn7Jnx7ij
rO2Ahnrog5qYAAO6xkhafk8cWozASV/UfZMglEnlMIvdJAbVjbR5432KOy4wvcIl
CIaDcBjr4xwf6tRCOJodYOpfPbpr7fYTVm+6pA2u5JFmfWy7YHmnVLhZT++wZ1yv
4ARk0pTuzB/37oNSl7D8+o1AVQ+O+rNCOHplzhxSgH7LbftAVse9yXGFKlwMHc4z
6XFcv+cwr88OT6jP3ZWeUukVeYde/TwnUIIOU1D4pRhv33VKy7qZ1DktquGEUQ1x
2jh0KxyFmS4=
=oDvG
-----END PGP SIGNATURE-----