CentOS Local Security Checks : CentOS Update for thunderbird CESA-2020:0120 centos7

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.883163

Categoría: CentOS Local Security Checks

Título: CentOS Update for thunderbird CESA-2020:0120 centos7

Resumen: The remote host is missing an update for the 'thunderbird'; package(s) announced via the CESA-2020:0120 advisory.

Descripción: Summary:
The remote host is missing an update for the 'thunderbird'
package(s) announced via the CESA-2020:0120 advisory.

Vulnerability Insight:
Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 68.4.1.

Security Fix(es):

* Mozilla: IonMonkey type confusion with StoreElementHole and
FallibleStoreElement (CVE-2019-17026)

* Mozilla: Bypass of @namespace CSS sanitization during pasting
(CVE-2019-17016)

* Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017)

* Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
(CVE-2019-17024)

* Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Affected Software/OS:
'thunderbird' package(s) on CentOS 7.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-17016
Bugtraq: 20200109 [SECURITY] [DSA 4600-1] firefox-esr security update (Google Search)
https://seclists.org/bugtraq/2020/Jan/12
Bugtraq: 20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01) (Google Search)
https://seclists.org/bugtraq/2020/Jan/18
Bugtraq: 20200120 [SECURITY] [DSA 4603-1] thunderbird security update (Google Search)
https://seclists.org/bugtraq/2020/Jan/26
Debian Security Information: DSA-4600 (Google Search)
https://www.debian.org/security/2020/dsa-4600
Debian Security Information: DSA-4603 (Google Search)
https://www.debian.org/security/2020/dsa-4603
https://security.gentoo.org/glsa/202003-02
http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1599181
https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html
https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html
RedHat Security Advisories: RHSA-2020:0085
https://access.redhat.com/errata/RHSA-2020:0085
RedHat Security Advisories: RHSA-2020:0086
https://access.redhat.com/errata/RHSA-2020:0086
RedHat Security Advisories: RHSA-2020:0111
https://access.redhat.com/errata/RHSA-2020:0111
RedHat Security Advisories: RHSA-2020:0120
https://access.redhat.com/errata/RHSA-2020:0120
RedHat Security Advisories: RHSA-2020:0123
https://access.redhat.com/errata/RHSA-2020:0123
RedHat Security Advisories: RHSA-2020:0127
https://access.redhat.com/errata/RHSA-2020:0127
RedHat Security Advisories: RHSA-2020:0292
https://access.redhat.com/errata/RHSA-2020:0292
RedHat Security Advisories: RHSA-2020:0295
https://access.redhat.com/errata/RHSA-2020:0295
SuSE Security Announcement: openSUSE-SU-2020:0060 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html
SuSE Security Announcement: openSUSE-SU-2020:0094 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html
https://usn.ubuntu.com/4234-1/
https://usn.ubuntu.com/4241-1/
https://usn.ubuntu.com/4335-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-17017
https://bugzilla.mozilla.org/show_bug.cgi?id=1603055
Common Vulnerability Exposure (CVE) ID: CVE-2019-17022
https://bugzilla.mozilla.org/show_bug.cgi?id=1602843
Common Vulnerability Exposure (CVE) ID: CVE-2019-17024
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1507180%2C1595470%2C1598605%2C1601826
Common Vulnerability Exposure (CVE) ID: CVE-2019-17026
http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1607443
https://www.mozilla.org/security/advisories/mfsa2020-03/
https://www.mozilla.org/security/advisories/mfsa2020-04/

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.883163
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for thunderbird CESA-2020:0120 centos7
Resumen:	The remote host is missing an update for the 'thunderbird'; package(s) announced via the CESA-2020:0120 advisory.
Descripción:	Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the CESA-2020:0120 advisory. Vulnerability Insight: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017) * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'thunderbird' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-17016 Bugtraq: 20200109 [SECURITY] [DSA 4600-1] firefox-esr security update (Google Search) https://seclists.org/bugtraq/2020/Jan/12 Bugtraq: 20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01) (Google Search) https://seclists.org/bugtraq/2020/Jan/18 Bugtraq: 20200120 [SECURITY] [DSA 4603-1] thunderbird security update (Google Search) https://seclists.org/bugtraq/2020/Jan/26 Debian Security Information: DSA-4600 (Google Search) https://www.debian.org/security/2020/dsa-4600 Debian Security Information: DSA-4603 (Google Search) https://www.debian.org/security/2020/dsa-4603 https://security.gentoo.org/glsa/202003-02 http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html https://bugzilla.mozilla.org/show_bug.cgi?id=1599181 https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html RedHat Security Advisories: RHSA-2020:0085 https://access.redhat.com/errata/RHSA-2020:0085 RedHat Security Advisories: RHSA-2020:0086 https://access.redhat.com/errata/RHSA-2020:0086 RedHat Security Advisories: RHSA-2020:0111 https://access.redhat.com/errata/RHSA-2020:0111 RedHat Security Advisories: RHSA-2020:0120 https://access.redhat.com/errata/RHSA-2020:0120 RedHat Security Advisories: RHSA-2020:0123 https://access.redhat.com/errata/RHSA-2020:0123 RedHat Security Advisories: RHSA-2020:0127 https://access.redhat.com/errata/RHSA-2020:0127 RedHat Security Advisories: RHSA-2020:0292 https://access.redhat.com/errata/RHSA-2020:0292 RedHat Security Advisories: RHSA-2020:0295 https://access.redhat.com/errata/RHSA-2020:0295 SuSE Security Announcement: openSUSE-SU-2020:0060 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html SuSE Security Announcement: openSUSE-SU-2020:0094 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html https://usn.ubuntu.com/4234-1/ https://usn.ubuntu.com/4241-1/ https://usn.ubuntu.com/4335-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-17017 https://bugzilla.mozilla.org/show_bug.cgi?id=1603055 Common Vulnerability Exposure (CVE) ID: CVE-2019-17022 https://bugzilla.mozilla.org/show_bug.cgi?id=1602843 Common Vulnerability Exposure (CVE) ID: CVE-2019-17024 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1507180%2C1595470%2C1598605%2C1601826 Common Vulnerability Exposure (CVE) ID: CVE-2019-17026 http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html https://bugzilla.mozilla.org/show_bug.cgi?id=1607443 https://www.mozilla.org/security/advisories/mfsa2020-03/ https://www.mozilla.org/security/advisories/mfsa2020-04/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH