Arch Linux alert ASA-201607-4 (thunderbird)
| From: | Remi Gacogne <rgacogne@archlinux.org> | |
| To: | arch-security@archlinux.org | |
| Subject: | [arch-security] [ASA-201607-4] thunderbird: arbitrary code execution | |
| Date: | Sun, 10 Jul 2016 10:25:03 +0200 | |
| Message-ID: | <8757d6ee-0269-963d-3f8d-22d5fc1768ec@archlinux.org> |
Arch Linux Security Advisory ASA-201607-4 ========================================= Severity: Critical Date : 2016-07-10 CVE-ID : CVE-2016-2815 CVE-2016-2818 Package : thunderbird Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package thunderbird before version 45.2.0-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 45.2.0-1. # pacman -Syu "thunderbird>=45.2.0-1" The problems have been fixed upstream in version 45.2.0. Workaround ========== None. Description =========== - CVE-2016-2815 (arbitrary code execution) Mozilla developers and community members reported several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. - CVE-2016-2818 (arbitrary code execution) Mozilla developers and community members reported several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Impact ====== A remote attacker can execute arbitrary code on the affected host. References ========== https://www.mozilla.org/en-US/security/known-vulnerabilit... https://access.redhat.com/security/cve/CVE-2016-2815 https://access.redhat.com/security/cve/CVE-2016-2818