[ALSA-2023:5435] Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2023-10-06
Description:
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Security Fix(es): * firefox: use-after-free in workers (CVE-2023-3600) * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169) * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171) * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176) * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 thunderbird-115.3.1-1.el9_2.alma.aarch64.rpm 2ff7f9986c978b62d06f5a3b57823663b86a6148e3e4e6e3f2b3c1fa2d268d80
ppc64le thunderbird-115.3.1-1.el9_2.alma.ppc64le.rpm 50478017a3004f5fbe399f6f117dc2d95da7bf21939f8c80ed07f9a08c31c336
s390x thunderbird-115.3.1-1.el9_2.alma.s390x.rpm 5184ae1fccf3ede845b79544f995743b1011e287ebd2aa9892ab52690870ecd1
x86_64 thunderbird-115.3.1-1.el9_2.alma.x86_64.rpm 1c980ce5052c198836ca6cd6367afd3556cd0ea1a139f06b122d366faeae9449
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.