[ALAS2-2018-1032] Amazon Linux 2 2017.12 - ALAS2-2018-1032: critical priority package update for thunderbird
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2018-5185:
1580241:
CVE-2018-5185 Mozilla: Leaking plaintext through HTML forms
CVE-2018-5184:
1580236:
CVE-2018-5184 Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack
CVE-2018-5183:
1576283:
CVE-2018-5183 Mozilla: Backport critical security fixes in Skia
CVE-2018-5178:
1576278:
CVE-2018-5178 Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension
CVE-2018-5170:
1580240:
CVE-2018-5170 Mozilla: Filename spoofing for external attachments
CVE-2018-5168:
1576269:
CVE-2018-5168 Mozilla: Lightweight themes can be installed without user interaction
CVE-2018-5162:
1580239:
CVE-2018-5162 Mozilla: Encrypted mail leaks plaintext through src attribute
CVE-2018-5161:
1580237:
CVE-2018-5161 Mozilla: Hang via malformed headers
CVE-2018-5159:
1576260:
CVE-2018-5159 Mozilla: Integer overflow and out-of-bounds write in Skia
CVE-2018-5155:
1576257:
CVE-2018-5155 Mozilla: Use-after-free with SVG animations and text paths
CVE-2018-5154:
1576255:
CVE-2018-5154 Mozilla: Use-after-free with SVG animations and clip paths
CVE-2018-5150:
1576250:
CVE-2018-5150 Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
Package | Affected Version |
---|---|
pkg:rpm/amazonlinux/thunderbird?arch=x86_64&distro=amazonlinux-2 | < 52.8.0-1.amzn2 |
pkg:rpm/amazonlinux/thunderbird-debuginfo?arch=x86_64&distro=amazonlinux-2 | < 52.8.0-1.amzn2 |
- ID
- ALAS2-2018-1032
- Severity
- critical
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2018-1032.html
- Published
-
2018-06-07T23:30:00
(6 years ago) - Modified
-
2018-06-11T22:07:00
(6 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ASA-201805-10
- ASA-201805-21
- DSA-4199-1
- DSA-4209-1
- ELSA-2018-1414
- ELSA-2018-1415
- ELSA-2018-1725
- ELSA-2018-1726
- FREEBSD:5AEFC41E-D304-4EC8-8C82-824F84F08244
- GLSA-201810-01
- GLSA-201811-13
- MFSA-2018-11
- MFSA-2018-12
- MFSA-2018-13
- RHSA-2018:1414
- RHSA-2018:1415
- RHSA-2018:1725
- RHSA-2018:1726
- SUSE-SU-2018:1319-1
- SUSE-SU-2018:1334-1
- SUSE-SU-2018:1334-2
- SUSE-SU-2018:2298-1
- SUSE-SU-2019:2872-1
- USN-3645-1
- USN-3660-1
- USN-3688-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2018-5150 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150 | |
CVE | CVE-2018-5154 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154 | |
CVE | CVE-2018-5155 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155 | |
CVE | CVE-2018-5159 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159 | |
CVE | CVE-2018-5161 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5161 | |
CVE | CVE-2018-5162 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5162 | |
CVE | CVE-2018-5168 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168 | |
CVE | CVE-2018-5170 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5170 | |
CVE | CVE-2018-5178 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178 | |
CVE | CVE-2018-5183 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183 | |
CVE | CVE-2018-5184 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5184 | |
CVE | CVE-2018-5185 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5185 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/thunderbird?arch=x86_64&distro=amazonlinux-2 | amazonlinux | thunderbird | < 52.8.0-1.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/thunderbird-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | thunderbird-debuginfo | < 52.8.0-1.amzn2 | amazonlinux-2 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |