Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2018-1032

Related Vulnerabilities: CVE-2018-5150   CVE-2018-5154   CVE-2018-5155   CVE-2018-5159   CVE-2018-5161   CVE-2018-5162   CVE-2018-5168   CVE-2018-5170   CVE-2018-5178   CVE-2018-5183   CVE-2018-5184   CVE-2018-5185  

The following CVEs are fixed in the updated thunderbird package: CVE-2018-5161: Hang via malformed headersCVE-2018-5162: Encrypted mail leaks plaintext through src attributeCVE-2018-5183: Backport critical security fixes in SkiaCVE-2018-5155: Use-after-free with SVG animations and text pathsCVE-2018-5170: Filename spoofing for external attachmentsCVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext attackCVE-2018-5159: Integer overflow and out-of-bounds write in SkiaCVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extensionCVE-2018-5168: Lightweight themes can be installed without user interactionCVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8CVE-2018-5154: Use-after-free with SVG animations and clip pathsCVE-2018-5185: Leaking plaintext through HTML forms

Source

ALAS2-2018-1032

Amazon Linux 2 Security Advisory: ALAS-2018-1032
Advisory Release Date: 2018-06-07 23:30 Pacific
Advisory Updated Date: 2018-06-11 22:07 Pacific
Severity: Critical
Issue Overview:

The following CVEs are fixed in the updated thunderbird package:

CVE-2018-5161: Hang via malformed headers
CVE-2018-5162: Encrypted mail leaks plaintext through src attribute
CVE-2018-5183: Backport critical security fixes in Skia
CVE-2018-5155: Use-after-free with SVG animations and text paths
CVE-2018-5170: Filename spoofing for external attachments
CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext attack
CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension
CVE-2018-5168: Lightweight themes can be installed without user interaction
CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
CVE-2018-5154: Use-after-free with SVG animations and clip paths
CVE-2018-5185: Leaking plaintext through HTML forms


Affected Packages:

thunderbird


Issue Correction:
Run yum update thunderbird to update your system.

New Packages:
src:
    thunderbird-52.8.0-1.amzn2.src

x86_64:
    thunderbird-52.8.0-1.amzn2.x86_64
    thunderbird-debuginfo-52.8.0-1.amzn2.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started