Headline
RHSA-2022:1326: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-1097: Mozilla: Use-after-free in NSSToken objects
- CVE-2022-1196: Mozilla: Use-after-free after VR Process destruction
- CVE-2022-1197: Mozilla: OpenPGP revocation information was ignored
- CVE-2022-24713: Mozilla: Denial of Service via complex regular expressions
- CVE-2022-28281: Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
- CVE-2022-28282: Mozilla: Use-after-free in DocumentL10n::TranslateDocument
- CVE-2022-28285: Mozilla: Incorrect AliasSet used in JIT Codegen
- CVE-2022-28286: Mozilla: iframe contents could be rendered outside the border
- CVE-2022-28289: Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
发布:
2022-04-12
已更新:
2022-04-12
RHSA-2022:1326 - Security Advisory
- 概述
- 更新的软件包
概述
Important: thunderbird security update
类型/严重性
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
标题
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 91.8.0.
Security Fix(es):
- Mozilla: Use-after-free in NSSToken objects (CVE-2022-1097)
- Mozilla: Out of bounds write due to unexpected WebAuthN Extensions (CVE-2022-28281)
- Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 (CVE-2022-28289)
- Mozilla: Use-after-free after VR Process destruction (CVE-2022-1196)
- Mozilla: OpenPGP revocation information was ignored (CVE-2022-1197)
- Mozilla: Use-after-free in DocumentL10n::TranslateDocument (CVE-2022-28282)
- Mozilla: Incorrect AliasSet used in JIT Codegen (CVE-2022-28285)
- Mozilla: Denial of Service via complex regular expressions (CVE-2022-24713)
- Mozilla: iframe contents could be rendered outside the border (CVE-2022-28286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
解决方案
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
受影响的产品
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
修复
- BZ - 2072559 - CVE-2022-1097 Mozilla: Use-after-free in NSSToken objects
- BZ - 2072560 - CVE-2022-28281 Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
- BZ - 2072561 - CVE-2022-1196 Mozilla: Use-after-free after VR Process destruction
- BZ - 2072562 - CVE-2022-28282 Mozilla: Use-after-free in DocumentL10n::TranslateDocument
- BZ - 2072563 - CVE-2022-28285 Mozilla: Incorrect AliasSet used in JIT Codegen
- BZ - 2072564 - CVE-2022-28286 Mozilla: iframe contents could be rendered outside the border
- BZ - 2072565 - CVE-2022-24713 Mozilla: Denial of Service via complex regular expressions
- BZ - 2072566 - CVE-2022-28289 Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
- BZ - 2072963 - CVE-2022-1197 Mozilla: OpenPGP revocation information was ignored
CVE
- CVE-2022-1097
- CVE-2022-1196
- CVE-2022-1197
- CVE-2022-24713
- CVE-2022-28281
- CVE-2022-28282
- CVE-2022-28285
- CVE-2022-28286
- CVE-2022-28289
参考
- https://access.redhat.com/security/updates/classification/#important
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2
SRPM
thunderbird-91.8.0-1.el8_2.src.rpm
SHA-256: 755e82b918d3d4c17f1dbdd843d8768f5c45f0541a619a7506a47f9cd602e374
x86_64
thunderbird-91.8.0-1.el8_2.x86_64.rpm
SHA-256: b67469f9f4ba7e3c777747f7d9be7792145f4d9090620482ec0356cd0a030a4e
thunderbird-debuginfo-91.8.0-1.el8_2.x86_64.rpm
SHA-256: 263b13057b1816661931bf03605eb87cc0868497044b81d0378462167b026ddb
thunderbird-debugsource-91.8.0-1.el8_2.x86_64.rpm
SHA-256: 73d2a2459078671b8307dd7cc8e8ca36b817abc00b5134bfb5956c967365f463
Red Hat Enterprise Linux Server - AUS 8.2
SRPM
thunderbird-91.8.0-1.el8_2.src.rpm
SHA-256: 755e82b918d3d4c17f1dbdd843d8768f5c45f0541a619a7506a47f9cd602e374
x86_64
thunderbird-91.8.0-1.el8_2.x86_64.rpm
SHA-256: b67469f9f4ba7e3c777747f7d9be7792145f4d9090620482ec0356cd0a030a4e
thunderbird-debuginfo-91.8.0-1.el8_2.x86_64.rpm
SHA-256: 263b13057b1816661931bf03605eb87cc0868497044b81d0378462167b026ddb
thunderbird-debugsource-91.8.0-1.el8_2.x86_64.rpm
SHA-256: 73d2a2459078671b8307dd7cc8e8ca36b817abc00b5134bfb5956c967365f463
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2
SRPM
thunderbird-91.8.0-1.el8_2.src.rpm
SHA-256: 755e82b918d3d4c17f1dbdd843d8768f5c45f0541a619a7506a47f9cd602e374
ppc64le
thunderbird-91.8.0-1.el8_2.ppc64le.rpm
SHA-256: 244eb3f6ba9328bbfd05507b00d71c9cffd689a2a07e0e30684fb4a006d7525b
thunderbird-debuginfo-91.8.0-1.el8_2.ppc64le.rpm
SHA-256: c2c4750f924778d14eb2f2bb77d49efb0c2c0e0ef4383930f270970f81c973e7
thunderbird-debugsource-91.8.0-1.el8_2.ppc64le.rpm
SHA-256: b41e75e8fdbf361ef640e5557107454848d3abdf82af65c6806ac00ea7d25900
Red Hat Enterprise Linux Server - TUS 8.2
SRPM
thunderbird-91.8.0-1.el8_2.src.rpm
SHA-256: 755e82b918d3d4c17f1dbdd843d8768f5c45f0541a619a7506a47f9cd602e374
x86_64
thunderbird-91.8.0-1.el8_2.x86_64.rpm
SHA-256: b67469f9f4ba7e3c777747f7d9be7792145f4d9090620482ec0356cd0a030a4e
thunderbird-debuginfo-91.8.0-1.el8_2.x86_64.rpm
SHA-256: 263b13057b1816661931bf03605eb87cc0868497044b81d0378462167b026ddb
thunderbird-debugsource-91.8.0-1.el8_2.x86_64.rpm
SHA-256: 73d2a2459078671b8307dd7cc8e8ca36b817abc00b5134bfb5956c967365f463
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2
SRPM
thunderbird-91.8.0-1.el8_2.src.rpm
SHA-256: 755e82b918d3d4c17f1dbdd843d8768f5c45f0541a619a7506a47f9cd602e374
aarch64
thunderbird-91.8.0-1.el8_2.aarch64.rpm
SHA-256: 61d83e16cdcd3aca7fae4877f94c41b8ae8c188d89849ee94a0ad91cd3e1e634
thunderbird-debuginfo-91.8.0-1.el8_2.aarch64.rpm
SHA-256: b78299d19f69034909744860c616ec3352783cff00e9c08eedddba58d0b6cdfe
thunderbird-debugsource-91.8.0-1.el8_2.aarch64.rpm
SHA-256: ba367bdddb06cc09273dc7b2a07775086cf76530a7bcaaddde6ffc33d548c4ef
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2
SRPM
thunderbird-91.8.0-1.el8_2.src.rpm
SHA-256: 755e82b918d3d4c17f1dbdd843d8768f5c45f0541a619a7506a47f9cd602e374
ppc64le
thunderbird-91.8.0-1.el8_2.ppc64le.rpm
SHA-256: 244eb3f6ba9328bbfd05507b00d71c9cffd689a2a07e0e30684fb4a006d7525b
thunderbird-debuginfo-91.8.0-1.el8_2.ppc64le.rpm
SHA-256: c2c4750f924778d14eb2f2bb77d49efb0c2c0e0ef4383930f270970f81c973e7
thunderbird-debugsource-91.8.0-1.el8_2.ppc64le.rpm
SHA-256: b41e75e8fdbf361ef640e5557107454848d3abdf82af65c6806ac00ea7d25900
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2
SRPM
thunderbird-91.8.0-1.el8_2.src.rpm
SHA-256: 755e82b918d3d4c17f1dbdd843d8768f5c45f0541a619a7506a47f9cd602e374
x86_64
thunderbird-91.8.0-1.el8_2.x86_64.rpm
SHA-256: b67469f9f4ba7e3c777747f7d9be7792145f4d9090620482ec0356cd0a030a4e
thunderbird-debuginfo-91.8.0-1.el8_2.x86_64.rpm
SHA-256: 263b13057b1816661931bf03605eb87cc0868497044b81d0378462167b026ddb
thunderbird-debugsource-91.8.0-1.el8_2.x86_64.rpm
SHA-256: 73d2a2459078671b8307dd7cc8e8ca36b817abc00b5134bfb5956c967365f463
Red Hat 安全团队联络方式为 [email protected]。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。
Related news
An update for rh-dotnet31-curl is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-22876: curl: Leak of authentication credentials in URL via automatic Referer * CVE-2021-22924: curl: Bad connection reuse due to flawed path name checks * CVE-2021-22946: curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols * CVE-2021-22947: curl: Server responses received before STARTTLS processed aft...
Red Hat OpenShift Container Platform release 4.7.48 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2022-25173 CVE-2022-25174 CVE-2022-25175 CVE-2022-25181 CVE-2022-25182 CVE-2022-25183 CVE-2022-25176 CVE-2022-25177 CVE-2022-25178 CVE-2022-25179 CVE-2022-25180 CVE-2022-25184"This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25173: wo...
Red Hat AMQ Streams 2.1.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3520: lz4: memory corruption due to an integer overflow bug caused by memmove argument * CVE-2021-43797: netty: control chars in header names may lead to HTTP request smuggling
Red Hat OpenShift Virtualization release 4.8.5 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-33195: golang: net: lookup functions may return invalid host names * CVE-2021-33197: golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty * CVE-2021-33198: golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs ...