LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis: Important: thunderbird security update
Advisory ID:       SLSA-2019:0269-1
Issue Date:        2019-02-04
CVE Numbers:       CVE-2018-18500
                   CVE-2018-18501
                   CVE-2018-18505
                   CVE-2016-5824
--

This update upgrades Thunderbird to version 60.5.0.

Security Fix(es):

* Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500)

* Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
(CVE-2018-18501)

* Mozilla: Privilege escalation through IPC channel messages
(CVE-2018-18505)

* libical: Multiple use-after-free vulnerabilities (CVE-2016-5824)
--

SL6
  x86_64
    thunderbird-60.5.0-1.el6_10.x86_64.rpm
    thunderbird-debuginfo-60.5.0-1.el6_10.x86_64.rpm
  i386
    thunderbird-60.5.0-1.el6_10.i686.rpm
    thunderbird-debuginfo-60.5.0-1.el6_10.i686.rpm

- Scientific Linux Development Team