Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.3799.2 thunderbird security update 6 November 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: thunderbird Publisher: Red Hat Operating System: Red Hat Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-15969 CVE-2020-15683 Reference: ESB-2020.3770 ESB-2020.3701 ESB-2020.3665 ESB-2020.3629 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:4909 https://access.redhat.com/errata/RHSA-2020:4913 https://access.redhat.com/errata/RHSA-2020:4944 https://access.redhat.com/errata/RHSA-2020:4945 https://access.redhat.com/errata/RHSA-2020:4947 https://access.redhat.com/errata/RHSA-2020:4948 Comment: This bulletin contains six (6) Red Hat security advisories. Revision History: November 6 2020: Appended additional associated advisories November 5 2020: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2020:4909-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4909 Issue date: 2020-11-04 CVE Names: CVE-2020-15683 CVE-2020-15969 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC 1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-78.4.0-1.el7_9.src.rpm x86_64: thunderbird-78.4.0-1.el7_9.x86_64.rpm thunderbird-debuginfo-78.4.0-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-78.4.0-1.el7_9.src.rpm ppc64le: thunderbird-78.4.0-1.el7_9.ppc64le.rpm thunderbird-debuginfo-78.4.0-1.el7_9.ppc64le.rpm x86_64: thunderbird-78.4.0-1.el7_9.x86_64.rpm thunderbird-debuginfo-78.4.0-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-78.4.0-1.el7_9.src.rpm x86_64: thunderbird-78.4.0-1.el7_9.x86_64.rpm thunderbird-debuginfo-78.4.0-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-15683 https://access.redhat.com/security/cve/CVE-2020-15969 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6K5DdzjgjWX9erEAQjw4A//eWtdc4EzxM8leWC6YCWJvbjVnJz+Y4l6 qo024EcJB/gVKIuiv90JRE0cOguAKG9ahcUtZSegCGEcdj3xHQ1/z3ur4L4n0Y3n ph+OAIN+ujfXboT7yPHLD8gZF3oc3pRHDjqQvWbcjaXyl/miGevO0M19JnvbXINR ZbvQU2wFyCoz+ngC30Yfp6c+FgsriU1P+tkiv+f2IApfiqVe9WDgSwaSC3QVtOha 5V0Xa2aTEpikjfugeQUUKZcUJJtXmVF+WTZ9CQJOPlma0vs3/byBp43xND7i2/bi 5hAb2yIvrzoCvaQqd+9rsMT0JKoDdD4BW0585GL2qDvTNWWH6ptYSeE9aEOHrqoG dgyCRcHuaG31ZFN11eBmyl343Nb4rsEnjvmJmkNvqJzoDJ3NnpfZilb8gO60Fa1C Mf/wQpq8qyIsrDHaaib+CKvLLkgE2nWMhh2gVMJvU51FyuomI9T04mcWSbPFv3/M Lx3/olJpZWfsx6i6uJJJff8rBJmueGTk2OAfHBoLsRzq4STY6L4JwqZFz6qvoDJX vUnzUQ58uZs+7/tqb0h2Npn2VpDHiMmkJSBomFdKnWEis7DGLEmsskzGV5Yk6Oja fSs/vpbN3z/RFvkoor1yI1X+eLi2qT5ZNdUtNPX2t275WkXUR0Kq4wh6Sn3szx21 8QnWZbz7ziQ= =bM6p - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2020:4913-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4913 Issue date: 2020-11-04 CVE Names: CVE-2020-15683 CVE-2020-15969 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC 1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: thunderbird-78.4.0-1.el8_3.src.rpm aarch64: thunderbird-78.4.0-1.el8_3.aarch64.rpm thunderbird-debuginfo-78.4.0-1.el8_3.aarch64.rpm thunderbird-debugsource-78.4.0-1.el8_3.aarch64.rpm ppc64le: thunderbird-78.4.0-1.el8_3.ppc64le.rpm thunderbird-debuginfo-78.4.0-1.el8_3.ppc64le.rpm thunderbird-debugsource-78.4.0-1.el8_3.ppc64le.rpm x86_64: thunderbird-78.4.0-1.el8_3.x86_64.rpm thunderbird-debuginfo-78.4.0-1.el8_3.x86_64.rpm thunderbird-debugsource-78.4.0-1.el8_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-15683 https://access.redhat.com/security/cve/CVE-2020-15969 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6KsNtzjgjWX9erEAQg/MA/9Gi6qCO/1vfMjx19gqbH42Xnv4JL3cq6E 6WbyyXxN2LMxvU7TPONDhY56oqw/e+fYPoyg23a7TBCDfM+ofiuBqVEtzVcI6Lv4 Vf7ag2e4S6Gc26fgh2kCb8Tqin/RJeKU0QhPHvPknobvQqRArZtiZq3DPj7x/SXR PgGzOx81QPoKQ1K5QwPrvcJC1drrAlzvgXZ7gpyVpOUckOthJaG33a+WAbWpb46V Y+D0/fJIYJwDhaEI79nO+VyjF4XLhZmDL0ncTIKjVlDzu48Y7NUIHvYmHDD789wG nLo/sES5t6efDGnBwX+7micCq6tqIu0ASUwhsoxadMalmW8WZjuS9OJ9XNs7VaU0 DjHE06lkuv2oe1a+QjAPdJr9W/WA0fnVOSYbY8hhl64dNLiqi5oJvdxFvQvWT16s JbkRGkPIHuaT6/89xUX9cxLXVRWO+qloiyT2VzlcNsXj7/T9QoWFQx6u9NkpruN4 7/iWQDIHa0qUFe7py0nf5ygsKF2Z/1Ja5+hYFYBHeOa5Z4JMOjDH3PS2HMo0y7mh bHX/0y66h3Oe/T9EBijJg/kjZ70zEP4TxrJG2UdaFwxvBNcILXrDpOXGyW7iAhNG IRhW2Uc6ErS1TSzCCXApgVRdWPY7aDneiWwNjQ8kyOnWUhyEmM1XBtAbPJfG8TAo 9Mg89r8Nusw= =pnsO - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2020:4944-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4944 Issue date: 2020-11-05 CVE Names: CVE-2020-15683 CVE-2020-15969 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.0) - ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC 1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 6. Package List: Red Hat Enterprise Linux AppStream E4S (v. 8.0): Source: thunderbird-78.4.0-1.el8_0.src.rpm ppc64le: thunderbird-78.4.0-1.el8_0.ppc64le.rpm thunderbird-debuginfo-78.4.0-1.el8_0.ppc64le.rpm thunderbird-debugsource-78.4.0-1.el8_0.ppc64le.rpm x86_64: thunderbird-78.4.0-1.el8_0.x86_64.rpm thunderbird-debuginfo-78.4.0-1.el8_0.x86_64.rpm thunderbird-debugsource-78.4.0-1.el8_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-15683 https://access.redhat.com/security/cve/CVE-2020-15969 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6O+btzjgjWX9erEAQjsOg//UF3JIfGF0dcYskI0UyjMy/1RiZibmcGe lS3j0rQiyvQj/AsWzO2iKFbZP25RWDoFuZQxbrWFMXGp5z6NAPgKibyGaVlCAERr KCiViI8pCAthi+d9CObi1reTbqO+lA4bwBhwPLlmrBFuI2XkGqkMD5jD4JpVlQxk KjMiqAkLhX6G03i7AUIbFedb9Zat4E5LtgxmU5oTN1cRefXnGmYexjsSrOtkxDLM W6vb01RH9TBlsSkrOvPl8GDUKeU8yvmiDFmiNUKKyulh3SdlQ/iWk2qV6YpDd1SB d9ftypmLUoKaRuvIbkznEL7uZIJkw5aNlIhQDpqOL5xM5XwhfTXgrZbkiXNvEYWb n3lItQHI0sHS/J5AtUVnXxuVlMXtfYZVdQ7fzL56iQNYas16hFhrVv71FynbA4ad ItMW7EjnO+RpYTZ1iXr+01UKi4Xg5CXCrgVj1KFf+vbMT95TJcfPoCIu8tdh+5Ts MTjdfilGkHoa5Gkt0KTmkolTuVaq4xqZ6anknfaxPFYHqsbzSbuHY6t1uGQm4vzI t9QzQZZS35YCCtqYuwa10S93G4aocUlii3ybRW1IKa4gZYXuTvZ7T+ZL/BtTiVn6 uoZVzMQGjhIfmb0hO5IkhdqU1Y+Va4tp3TCWF+DL+mmPgQMO/nHH3qHJxxLZ1okX Xu9aBn3WFRw= =HfUh - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------ - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2020:4945-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4945 Issue date: 2020-11-05 CVE Names: CVE-2020-15683 CVE-2020-15969 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC 1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: thunderbird-78.4.0-1.el8_1.src.rpm ppc64le: thunderbird-78.4.0-1.el8_1.ppc64le.rpm thunderbird-debuginfo-78.4.0-1.el8_1.ppc64le.rpm thunderbird-debugsource-78.4.0-1.el8_1.ppc64le.rpm x86_64: thunderbird-78.4.0-1.el8_1.x86_64.rpm thunderbird-debuginfo-78.4.0-1.el8_1.x86_64.rpm thunderbird-debugsource-78.4.0-1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-15683 https://access.redhat.com/security/cve/CVE-2020-15969 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6PBAtzjgjWX9erEAQjKiw/8DfyKQvgBrJdxKsQT/yCLjRcPeOyBsm7/ /CRLSQbyRfAG2EPJeUqKHvi4G5AlGiylFN7YaRRrBrL9SYIxohx0j96BwnH/sZL9 06b34CwC0WGB5XOgrQqbI15G3DziZYV594QrZI17cMRGMJg1BkweFdiGO91tQjbi aDYnfVxXWK9glH1gk579MB6yqRVYM6f+rE+V2jJ1qHxQgIBHRl3iFiRqdKMixTqk 0EuFJb5nCcyI0mv6d4Ubr+a6HdtsSt1PRpc2L9owXKAR3bCtosiMw/ykc06B93ll qk4iKWnFvHSGS7qOyKfh3BO/Vv3E7vOYTqNUG7HgwwXSoHo0bdU4cEvVumC3i4dc 5m7tfq0OfxNm7V9XrPiYoAk5UQVmzw4fVXZJHyaNkFeL+9O9qSGsWdI8mpREImFc ViitO0gelZe3+qGbeSxAj5T+IDF7vCWB/CQuLtp+xYi9vrsHdRZ5m+4lpRPdXVP3 QG/f+E4wgzHer81AMZ/7AhgOq3LM7bG17Cu1KTaTRp/xE+NseYu0qqkDtYNd6jGV +HHi0xv5B3vhXv7Zz4Oq48JkCwqS62hkuSwqcH2Wn3k2FVuOcDxrwdobhUQLjsq7 QH4pMpAulMp/czk7r1U4zAqegRlboW5OcDoK7WI2FPxh57NMsmvgR8k7Oe9WO/eC fR4AZlb65tY= =OXaD - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2020:4947-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4947 Issue date: 2020-11-05 CVE Names: CVE-2020-15683 CVE-2020-15969 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC 1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: thunderbird-78.4.0-1.el6_10.src.rpm i386: thunderbird-78.4.0-1.el6_10.i686.rpm x86_64: thunderbird-78.4.0-1.el6_10.x86_64.rpm thunderbird-debuginfo-78.4.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: thunderbird-78.4.0-1.el6_10.src.rpm i386: thunderbird-78.4.0-1.el6_10.i686.rpm ppc64: thunderbird-78.4.0-1.el6_10.ppc64.rpm thunderbird-debuginfo-78.4.0-1.el6_10.ppc64.rpm s390x: thunderbird-78.4.0-1.el6_10.s390x.rpm thunderbird-debuginfo-78.4.0-1.el6_10.s390x.rpm x86_64: thunderbird-78.4.0-1.el6_10.x86_64.rpm thunderbird-debuginfo-78.4.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: thunderbird-78.4.0-1.el6_10.src.rpm i386: thunderbird-78.4.0-1.el6_10.i686.rpm x86_64: thunderbird-78.4.0-1.el6_10.i686.rpm thunderbird-78.4.0-1.el6_10.x86_64.rpm thunderbird-debuginfo-78.4.0-1.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-15683 https://access.redhat.com/security/cve/CVE-2020-15969 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6PGZ9zjgjWX9erEAQicqg/9F7pV3T451oH2gVXrlC9sFg+7c+1ssi33 G8Bx81sTSCrA81eUNNd+TJJxSc6xsMb44c33LTAefJUSfs0HsJH77xOXUj6Ytfh/ iRi7MSZaL5wcm6KNmkVG69bPYUzGP/Q22M3v0EDoWctGE6UdxvNxmmpOZBmYvGnb SW8ZWXsQ2ji6i3AT3CpxGq9X3ErDn22FNCb8WpCLoeCHyCQX3NR3PGXPSc5wdDHB QeURQhEYE2bdZdqsbJGc3pVULkg+kSfeUSZQ3550+RTxUA84jwKdDRenZRfB24Ze 4TowCtY798wO5NmQjUGQaHY4ma+Uae15AulMVxdmJY9e8yKq0xnMn5Mu1MQKE0/u luJQVMHHribBe3bUo4wS6oYklTl/MTVZQ09uO7LBmwZBcfdgHKlkI9qyk32e8uh3 5T6sluWvFWuIPhvEnWnpF8UKz4yWE3y0QyXs73q9FSP5JmDCo8Bv3CjSo2fZQHFq FuZjYDMNtDl35N+9LP1fmODFiu/JfLoHQInbxZRyWrb/QKLBbEetuAxkYHCptkYG Q0KA2P6worM+M7IYr0wtulsMyRYQd7Mu1DW9HFK0O+Uv7KcutL9wswxLRjSNGWBv o2I1kpYD97ZHShTsgik1n3fcFScurvrQVwoV6mWSKgAhtB3s+JqkJtjywzUVR4Qx H9Js/8tmZM0= =HXvo - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2020:4948-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4948 Issue date: 2020-11-05 CVE Names: CVE-2020-15683 CVE-2020-15969 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC 1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: thunderbird-78.4.0-1.el8_2.src.rpm aarch64: thunderbird-78.4.0-1.el8_2.aarch64.rpm thunderbird-debuginfo-78.4.0-1.el8_2.aarch64.rpm thunderbird-debugsource-78.4.0-1.el8_2.aarch64.rpm ppc64le: thunderbird-78.4.0-1.el8_2.ppc64le.rpm thunderbird-debuginfo-78.4.0-1.el8_2.ppc64le.rpm thunderbird-debugsource-78.4.0-1.el8_2.ppc64le.rpm x86_64: thunderbird-78.4.0-1.el8_2.x86_64.rpm thunderbird-debuginfo-78.4.0-1.el8_2.x86_64.rpm thunderbird-debugsource-78.4.0-1.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-15683 https://access.redhat.com/security/cve/CVE-2020-15969 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6O99tzjgjWX9erEAQhlhQ//fKmeCL6fZMBiQwE8JVj8+f9J5EPZPtH/ Eb0FfUyHZ1UOnRz1P7VCaXJ7FUWs5vZzwStNAzK/BIngqn6e92X0tOr4Y3Cjv+sE 2RNZ2HSX2UDu41f4sj9LL5a1I+ou4ujH7rEBVKCQETHDG51nF+042wmxorD2YbGy 8e4IBy7125VyQl6Po6eFBt1+Ql9hckkVqizlLh93+B8vW/pGgABYYG0FQOPIJ9lq y+klJ5o2c9bA/3j38j0ifwy3osMWC3m9LEbyclz5bi2w2l60lg2BO4MBuSPrrop+ ZinY8TToPxA84X2ypaETgtRSdblmcIhXscWcIS7h2MZnP1hCCZo93Dxjs8zRTN/3 gdOipQKszqtNtZ4zi4JsttJcpMVqyi7cLrV876a8FWTSM7yWg0bjfZ6rjnyVpLk2 0JccnIP0cds6DRzbS/fAxcr7lyaWPV+qeu/H51PYrO5kW/3GKDSpajs65OG7jC1H r9xEsakrSXymnrslf+gMewLlZjXlqdCoYVzwS2bwh//IgDQIfQY5I2T6hsXjwkD0 wn73ALiY3LEdOvojc2gVQy9yjS80pfPZQoiBdan6xV260FqxLWBBUOvLiZZycV5K agGzaR8CebaxkANzicO7mzyZlevI2cZbAkxcBqDPXh0NzpHpNrWfE+g5SrfoVSUI 3MySc0MuOF4= =CIAO - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX6R9C+NLKJtyKPYoAQh2bhAAp1yFogjrcH7lZ8L2zboHrqNFYsi951Hr VqbnxGF09tJZ7zh+MoyzciPcMtweFOKm+SqFOxwJ7Kp6dvaU8zFEqevJ3wk/pVop 6/8+iZj50R1UJUcC3LnDxK0B5H+i683IoZ0AyJcQb2bQDe4LhjZIC7+RheJytIC7 HYJbJcMIqg6rBRX+rxItQkskZwJSiGtX+vZsJdDoB9oyuNtrq14b2SsO/IMmDBnE 77fH10WuQmWGcFvRia1hPqu6C4g1oD1PSg/4ssOrSf1wjLe+ElT6Kue0QShWua9C Vjq1+IQEPwiJbyjg5AUDAWfwd1c2z5p0IO3lu07AJoMA5fWjNDct8GM9zAf+Emtn zQP8WLXnK2/LmLO/oNbxFIhZSEHivF2IhyedeeiKW3U8LPdx6UF7l7jUn7Jnx7ij rO2Ahnrog5qYAAO6xkhafk8cWozASV/UfZMglEnlMIvdJAbVjbR5432KOy4wvcIl CIaDcBjr4xwf6tRCOJodYOpfPbpr7fYTVm+6pA2u5JFmfWy7YHmnVLhZT++wZ1yv 4ARk0pTuzB/37oNSl7D8+o1AVQ+O+rNCOHplzhxSgH7LbftAVse9yXGFKlwMHc4z 6XFcv+cwr88OT6jP3ZWeUukVeYde/TwnUIIOU1D4pRhv33VKy7qZ1DktquGEUQ1x 2jh0KxyFmS4= =oDvG -----END PGP SIGNATURE-----