ID de Prueba:	1.3.6.1.4.1.25623.1.0.883213
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for thunderbird (CESA-2020:0914)
Resumen:	The remote host is missing an update for the 'thunderbird'; package(s) announced via the CESA-2020:0914 advisory.
Descripción:	Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the CESA-2020:0914 advisory. Vulnerability Insight: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.6.0. Security Fix(es): * Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) * Mozilla: Out of bounds reads in sctp_load_addresses_from_init (CVE-2019-20503) * Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection (CVE-2020-6811) * Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission (CVE-2020-6812) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'thunderbird' package(s) on CentOS 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-20503 Debian Security Information: DSA-4639 (Google Search) https://www.debian.org/security/2020/dsa-4639 Debian Security Information: DSA-4642 (Google Search) https://www.debian.org/security/2020/dsa-4642 Debian Security Information: DSA-4645 (Google Search) https://www.debian.org/security/2020/dsa-4645 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/ http://seclists.org/fulldisclosure/2020/May/49 http://seclists.org/fulldisclosure/2020/May/59 http://seclists.org/fulldisclosure/2020/May/55 http://seclists.org/fulldisclosure/2020/May/52 https://security.gentoo.org/glsa/202003-02 https://security.gentoo.org/glsa/202003-10 https://bugs.chromium.org/p/project-zero/issues/detail?id=1992 https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html https://crbug.com/1059349 https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467 https://support.apple.com/HT211168 https://support.apple.com/HT211171 https://support.apple.com/HT211175 https://support.apple.com/HT211177 https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html https://lists.debian.org/debian-lts-announce/2023/07/msg00003.html RedHat Security Advisories: RHSA-2020:0815 https://access.redhat.com/errata/RHSA-2020:0815 RedHat Security Advisories: RHSA-2020:0816 https://access.redhat.com/errata/RHSA-2020:0816 RedHat Security Advisories: RHSA-2020:0819 https://access.redhat.com/errata/RHSA-2020:0819 RedHat Security Advisories: RHSA-2020:0820 https://access.redhat.com/errata/RHSA-2020:0820 SuSE Security Announcement: openSUSE-SU-2020:0340 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html SuSE Security Announcement: openSUSE-SU-2020:0365 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html SuSE Security Announcement: openSUSE-SU-2020:0366 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html SuSE Security Announcement: openSUSE-SU-2020:0389 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html https://usn.ubuntu.com/4299-1/ https://usn.ubuntu.com/4328-1/ https://usn.ubuntu.com/4335-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-6805 https://bugzilla.mozilla.org/show_bug.cgi?id=1610880 https://www.mozilla.org/security/advisories/mfsa2020-08/ https://www.mozilla.org/security/advisories/mfsa2020-09/ https://www.mozilla.org/security/advisories/mfsa2020-10/ Common Vulnerability Exposure (CVE) ID: CVE-2020-6806 http://packetstormsecurity.com/files/157524/Firefox-js-ReadableStreamCloseInternal-Out-Of-Bounds-Access.html https://bugzilla.mozilla.org/show_bug.cgi?id=1612308 Common Vulnerability Exposure (CVE) ID: CVE-2020-6807 https://bugzilla.mozilla.org/show_bug.cgi?id=1614971 Common Vulnerability Exposure (CVE) ID: CVE-2020-6811 https://bugzilla.mozilla.org/show_bug.cgi?id=1607742 Common Vulnerability Exposure (CVE) ID: CVE-2020-6812 https://bugzilla.mozilla.org/show_bug.cgi?id=1616661 Common Vulnerability Exposure (CVE) ID: CVE-2020-6814 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1592078%2C1604847%2C1608256%2C1612636%2C1614339
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.