Lucene search

K
slackwareSlackware Linux ProjectSSA-2022-235-03
HistoryAug 23, 2022 - 7:39 p.m.

[slackware-security] mozilla-thunderbird

2022-08-2319:39:04
Slackware Linux Project
www.slackware.com
20

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

New mozilla-thunderbird packages are available for Slackware 15.0 and -current
to fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:

patches/packages/mozilla-thunderbird-91.13.0-i686-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/91.13.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/
https://vulners.com/cve/CVE-2022-38472
https://vulners.com/cve/CVE-2022-38473
https://vulners.com/cve/CVE-2022-38478
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-91.13.0-i686-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-91.13.0-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-102.2.0-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-102.2.0-x86_64-1.txz

MD5 signatures:

Slackware 15.0 package:
c4d9153442bab6be1779766412f45f49 mozilla-thunderbird-91.13.0-i686-1_slack15.0.txz

Slackware x86_64 15.0 package:
6e920b29e660acb5bda01ba73ea326c3 mozilla-thunderbird-91.13.0-x86_64-1_slack15.0.txz

Slackware -current package:
99b7bda4a371aa1e98e5867c953273c6 xap/mozilla-thunderbird-102.2.0-i686-1.txz

Slackware x86_64 -current package:
24545c9bfe4d736e0e5e43b0c3c8aa5d xap/mozilla-thunderbird-102.2.0-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg mozilla-thunderbird-91.13.0-i686-1_slack15.0.txz

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

Related for SSA-2022-235-03