Lucene search

K
slackwareSlackware Linux ProjectSSA-2023-273-02
HistorySep 30, 2023 - 9:42 p.m.

[slackware-security] mozilla-thunderbird

2023-09-3021:42:55
Slackware Linux Project
www.slackware.com
23
mozilla-thunderbird
slackware 15.0
slackware -current
security fix
libvpx vp8
buffer overflow
osu open source lab
ftp hosting

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.248

Percentile

96.7%

New mozilla-thunderbird packages are available for Slackware 15.0 and -current
to fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:

patches/packages/mozilla-thunderbird-115.3.1-i686-1_slack15.0.txz: Upgraded.
This release contains a security fix for a critical heap buffer overflow in
the libvpx VP8 encoder.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.3.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
https://vulners.com/cve/CVE-2023-5217
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-115.3.1-i686-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-115.3.1-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-115.3.1-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-115.3.1-x86_64-1.txz

MD5 signatures:

Slackware 15.0 package:
0cea2374ec068923458ad9c103478ebf mozilla-thunderbird-115.3.1-i686-1_slack15.0.txz

Slackware x86_64 15.0 package:
52a2814e0b07a90be709bd26928fb5eb mozilla-thunderbird-115.3.1-x86_64-1_slack15.0.txz

Slackware -current package:
602be3f93800465c9db6f6aff9554a56 xap/mozilla-thunderbird-115.3.1-i686-1.txz

Slackware x86_64 -current package:
263fe29cea0d763a4309ae6d659c0f8c xap/mozilla-thunderbird-115.3.1-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg mozilla-thunderbird-115.3.1-i686-1_slack15.0.txz

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.248

Percentile

96.7%