ALAS2-2019-1157

Amazon Linux 2 Security Advisory: ALAS-2019-1157
Advisory Release Date: 2019-02-13 18:22 Pacific
Advisory Updated Date: 2019-02-14 03:57 Pacific

Severity: Critical

References: CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390)

Crash with nested event loops (CVE-2018-12392)

Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389)

Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393)

Affected Packages:

thunderbird

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update thunderbird to update your system.

New Packages:

src:
    thunderbird-60.2.1-4.amzn2.0.1.src

x86_64:
    thunderbird-60.2.1-4.amzn2.0.1.x86_64
    thunderbird-debuginfo-60.2.1-4.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2018-12389, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393

Mitre: CVE-2018-12389, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2-2019-1157

Additional References