ALSA-2023:5435

[ALSA-2023:5435] Important: thunderbird security update

Type:

security

Severity:

important

Release date:

2023-10-06

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.3.1.

Security Fix(es):

* firefox: use-after-free in workers (CVE-2023-3600)
* Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169)
* Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171)
* Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176)
* libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	thunderbird-115.3.1-1.el9_2.alma.aarch64.rpm	2ff7f9986c978b62d06f5a3b57823663b86a6148e3e4e6e3f2b3c1fa2d268d80
ppc64le	thunderbird-115.3.1-1.el9_2.alma.ppc64le.rpm	50478017a3004f5fbe399f6f117dc2d95da7bf21939f8c80ed07f9a08c31c336
s390x	thunderbird-115.3.1-1.el9_2.alma.s390x.rpm	5184ae1fccf3ede845b79544f995743b1011e287ebd2aa9892ab52690870ecd1
x86_64	thunderbird-115.3.1-1.el9_2.alma.x86_64.rpm	1c980ce5052c198836ca6cd6367afd3556cd0ea1a139f06b122d366faeae9449

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.