[ALAS2-2018-1032] Amazon Linux 2 2017.12 - ALAS2-2018-1032: critical priority package update for thunderbird

Severity Critical

Affected Packages 2

CVEs 12

Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2018-5185:
1580241:
CVE-2018-5185 Mozilla: Leaking plaintext through HTML forms

CVE-2018-5184:
1580236:
CVE-2018-5184 Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack

CVE-2018-5183:
1576283:
CVE-2018-5183 Mozilla: Backport critical security fixes in Skia

CVE-2018-5178:
1576278:
CVE-2018-5178 Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension

CVE-2018-5170:
1580240:
CVE-2018-5170 Mozilla: Filename spoofing for external attachments

CVE-2018-5168:
1576269:
CVE-2018-5168 Mozilla: Lightweight themes can be installed without user interaction

CVE-2018-5162:
1580239:
CVE-2018-5162 Mozilla: Encrypted mail leaks plaintext through src attribute

CVE-2018-5161:
1580237:
CVE-2018-5161 Mozilla: Hang via malformed headers

CVE-2018-5159:
1576260:
CVE-2018-5159 Mozilla: Integer overflow and out-of-bounds write in Skia

CVE-2018-5155:
1576257:
CVE-2018-5155 Mozilla: Use-after-free with SVG animations and text paths

CVE-2018-5154:
1576255:
CVE-2018-5154 Mozilla: Use-after-free with SVG animations and clip paths

CVE-2018-5150:
1576250:
CVE-2018-5150 Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8

Package	Affected Version
pkg:rpm/amazonlinux/thunderbird?arch=x86_64&distro=amazonlinux-2	< 52.8.0-1.amzn2
pkg:rpm/amazonlinux/thunderbird-debuginfo?arch=x86_64&distro=amazonlinux-2	< 52.8.0-1.amzn2

ID

ALAS2-2018-1032

Severity

critical

URL

https://alas.aws.amazon.com/AL2/ALAS-2018-1032.html

Published

2018-06-07T23:30:00
(6 years ago)

Modified

2018-06-11T22:07:00
(6 years ago)

Rights

Amazon Linux Security Team

Other Advisories

Source	# ID	URL
CVE	CVE-2018-5150	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150
CVE	CVE-2018-5154	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154
CVE	CVE-2018-5155	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155
CVE	CVE-2018-5159	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159
CVE	CVE-2018-5161	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5161
CVE	CVE-2018-5162	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5162
CVE	CVE-2018-5168	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168
CVE	CVE-2018-5170	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5170
CVE	CVE-2018-5178	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178
CVE	CVE-2018-5183	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183
CVE	CVE-2018-5184	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5184
CVE	CVE-2018-5185	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5185

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/amazonlinux/thunderbird?arch=x86_64&distro=amazonlinux-2	amazonlinux	thunderbird	< 52.8.0-1.amzn2	amazonlinux-2	x86_64
Affected	pkg:rpm/amazonlinux/thunderbird-debuginfo?arch=x86_64&distro=amazonlinux-2	amazonlinux	thunderbird-debuginfo	< 52.8.0-1.amzn2	amazonlinux-2	x86_64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date