安全公告详情

NS-SA-2019-0009

2019-07-17 14:54:39

简介

critical: 389-ds-base/thunderbird security update

严重级别

critical

主题

An update for 389-ds-base/thunderbird is now available for NewStart CGSL MAIN 5.04.
NewStart Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

389-ds-base: 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration.
thunderbird: Mozilla Thunderbird is a standalone mail and newsgroup client.


Security Fix(es):
389-ds-base: An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.(CVE-2018-1054)
389-ds-base: It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.(CVE-2017-15135)
389-ds-base: A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.(CVE-2017-15134)
389-ds-base: bugfix
thunderbird: It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.(CVE-2017-7829)
thunderbird: afted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.(CVE-2017-7847)
thunderbird: RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2.(CVE-2017-7848)
thunderbird: It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2.(CVE-2017-7846)
thunderbird: Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.(CVE-2018-5089)
thunderbird: An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.(CVE-2018-5095)
thunderbird: A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6.(CVE-2018-5096)
thunderbird: A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.(CVE-2018-5097)
thunderbird: A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.(CVE-2018-5098)
thunderbird: A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.(CVE-2018-5099)
thunderbird: A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.(CVE-2018-5102)
thunderbird: A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.(CVE-2018-5103)
thunderbird: A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.(CVE-2018-5104)
thunderbird: If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.(CVE-2018-5117)
thunderbird: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F3.

影响组件

  • 389-ds-base
  • thunderbird

影响产品

  • CGSL MAIN 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["389-ds-base-1.3.6.1-28.el7_4.x86_64.rpm","389-ds-base-debuginfo-1.3.6.1-28.el7_4.x86_64.rpm","389-ds-base-devel-1.3.6.1-28.el7_4.x86_64.rpm","389-ds-base-libs-1.3.6.1-28.el7_4.x86_64.rpm","389-ds-base-snmp-1.3.6.1-28.el7_4.x86_64.rpm","389-ds-base-tests-1.3.6.1-28.el7_4.noarch.rpm"],"source":"389-ds-base-1.3.6.1-28.el7_4.src.rpm"},{"binary":["thunderbird-52.6.0-1.el7.centos.x86_64.rpm","thunderbird-debuginfo-52.6.0-1.el7.centos.x86_64.rpm"],"source":"thunderbird-52.6.0-1.el7.centos.src.rpm"}]}]}

CVE

参考