Lucene search

K
slackwareSlackware Linux ProjectSSA-2023-256-04
HistorySep 14, 2023 - 2:32 a.m.

[slackware-security] mozilla-thunderbird

2023-09-1402:32:34
Slackware Linux Project
www.slackware.com
20
slackware
mozilla-thunderbird
security fix
heap buffer overflow
cve-2023-4863
upgrade
installation instructions

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.611 Medium

EPSS

Percentile

97.8%

New mozilla-thunderbird packages are available for Slackware 15.0, and -current
to fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:

patches/packages/mozilla-thunderbird-115.2.2-i686-1_slack15.0.txz: Upgraded.
This release contains a security fix for a critical heap buffer overflow.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.2.2/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
https://vulners.com/cve/CVE-2023-4863
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-115.2.2-i686-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-115.2.2-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-115.2.2-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-115.2.2-x86_64-1.txz

MD5 signatures:

Slackware 15.0 package:
9cd9ca4c381383b3d88799c98d23a17e mozilla-thunderbird-115.2.2-i686-1_slack15.0.txz

Slackware x86_64 15.0 package:
a93aef1e0c56169d641cbd248b19b7c4 mozilla-thunderbird-115.2.2-x86_64-1_slack15.0.txz

Slackware -current package:
53338cf15ec0f21ad5f40b4d2fdb12ab xap/mozilla-thunderbird-115.2.2-i686-1.txz

Slackware x86_64 -current package:
472596d9552e73c524abfb530bed9a1b xap/mozilla-thunderbird-115.2.2-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg mozilla-thunderbird-115.2.2-i686-1_slack15.0.txz

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.611 Medium

EPSS

Percentile

97.8%