ALAS2-2019-1250

Amazon Linux 2 Security Advisory: ALAS-2019-1250
Advisory Release Date: 2019-07-18 18:17 Pacific
Advisory Updated Date: 2019-07-22 16:41 Pacific

Severity: Critical

References: CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 CVE-2019-11707 CVE-2019-11708
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

libical: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703)

libical: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706)

Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708)

libical: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705)

libical: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704)

Mozilla: Type confusion in Array.pop (CVE-2019-11707)

Affected Packages:

thunderbird

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update thunderbird to update your system.

New Packages:

src:
    thunderbird-60.7.2-2.amzn2.0.1.src

x86_64:
    thunderbird-60.7.2-2.amzn2.0.1.x86_64
    thunderbird-debuginfo-60.7.2-2.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2019-11703, CVE-2019-11704, CVE-2019-11705, CVE-2019-11706, CVE-2019-11707, CVE-2019-11708

Mitre: CVE-2019-11703, CVE-2019-11704, CVE-2019-11705, CVE-2019-11706, CVE-2019-11707, CVE-2019-11708

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2-2019-1250

Additional References