Vulmon
Amazon Linux 2 Security Advisory: ALAS-2019-1250
Advisory Release Date: 2019-07-18 18:17 Pacific
Advisory Updated Date: 2019-07-22 16:41 Pacific
Severity:
Critical
References:
CVE-2019-11703
CVE-2019-11704
CVE-2019-11705
CVE-2019-11706
CVE-2019-11707
CVE-2019-11708
Issue Overview:
libical: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703)
libical: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706)
Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708)
libical: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705)
libical: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704)
Mozilla: Type confusion in Array.pop (CVE-2019-11707)
Affected Packages:
thunderbird
Issue Correction:
Run yum update thunderbird to update your system.
New Packages:
src:
thunderbird-60.7.2-2.amzn2.0.1.src
x86_64:
thunderbird-60.7.2-2.amzn2.0.1.x86_64
thunderbird-debuginfo-60.7.2-2.amzn2.0.1.x86_64