[arch-security] [ASA-201605-21] thunderbird: arbitrary code execution
rgacogne at archlinux.org
Sun May 15 10:59:24 UTC 2016
Arch Linux Security Advisory ASA-201605-21
Date : 2016-05-15
CVE-ID : CVE-2016-2804 CVE-2016-2805 CVE-2016-2806 CVE-2016-2807
Package : thunderbird
Type : arbitrary code execution
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package thunderbird before version 45.1.0-1 is vulnerable to
arbitrary code execution.
Upgrade to 45.1.0-1.
# pacman -Syu "thunderbird>=45.1.0-1"
The problem has been fixed upstream in version 45.1.0.
Gary Kwong, Christian Holler, Andrew McCreight, Boris Zbarsky, and Steve
Fink reported memory safety problems and crashes.
Christian Holler reported a memory safety problem.
Gary Kwong, Christian Holler, Jesse Ruderman, Mats Palmgren, Carsten
Book, Boris Zbarsky, David Bolter, and Randell Jesup reported memory
safety problems and crashes.
Christian Holler, Tyson Smith, and Phil Ringalda reported memory safety
problems and crashes.
A remote attacker can execute arbitrary code on the affected host.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the arch-security