Arch Linux Security Advisory ASA-201803-22
=========================================
Severity: Critical
Date    : 2018-03-24
CVE-ID  : CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5144
          CVE-2018-5145 CVE-2018-5146
Package : thunderbird
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-663

Summary
======
The package thunderbird before version 52.7.0-1 is vulnerable to
multiple issues including arbitrary code execution and access
restriction bypass.

Resolution
=========
Upgrade to 52.7.0-1.

# pacman -Syu "thunderbird>=52.7.0-1"

The problems have been fixed upstream in version 52.7.0.

Workaround
=========
None.

Description
==========
- CVE-2018-5125 (arbitrary code execution)

Various memory safety bugs have been found in Thunderbird < 52.7.0 and
Firefox < 59.0, some of them presenting evidence of memory corruption.
Mozilla presumes that with enough effort some of these could be
exploited to run arbitrary code.

- CVE-2018-5127 (arbitrary code execution)

A buffer overflow can occur in Thunderbird < 52.7.0 when manipulating
the SVG animatedPathSegList through script. This results in a
potentially exploitable crash.

- CVE-2018-5129 (access restriction bypass)

A lack of parameter validation on IPC messages results in a potential
out-of-bounds write in Thunderbird < 52.7.0, through malformed IPC
messages. This can potentially allow for sandbox escape through memory
corruption in the parent process.

- CVE-2018-5144 (arbitrary code execution)

An integer overflow can occur during conversion of text to some Unicode
character sets in Thunderbird < 52.7.0, due to an unchecked length
parameter.

- CVE-2018-5145 (arbitrary code execution)

Various memory safety bugs have been found in Thunderbird < 52.7.0,
some of them presenting evidence of memory corruption. Mozilla presumes
that with enough effort some of these could be exploited to run
arbitrary code.

- CVE-2018-5146 (arbitrary code execution)

An out of bounds memory write vulnerability has been discovered in
libvorbis before 1.3.6 while processing Vorbis audio data related to
codebooks that are not an exact divisor of the partition size.

Impact
=====
A remote attacker might be able to bypass the sandbox and execute
arbitrary code on the affected host via a crafted page containing an
SVG object, a Vorbis audio file or some unicode characters. These
issues can generally not be exploited through email because scripting
is then disabled, but can be exploited in browser-like contexts.

References
=========
https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/#CVE-2018-5125
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520
https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/#CVE-2018-5127
https://bugzilla.mozilla.org/show_bug.cgi?id=1430557
https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/#CVE-2018-5129
https://bugzilla.mozilla.org/show_bug.cgi?id=1428947
https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/#CVE-2018-5144
https://bugzilla.mozilla.org/show_bug.cgi?id=1440926
https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/#CVE-2018-5145
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1261175%2C1348955
https://github.com/xiph/vorbis/commit/667ceb4aab60c1f74060143bb24e5f427b3cce5f
https://seclists.org/oss-sec/2018/q1/243
https://security.archlinux.org/CVE-2018-5125
https://security.archlinux.org/CVE-2018-5127
https://security.archlinux.org/CVE-2018-5129
https://security.archlinux.org/CVE-2018-5144
https://security.archlinux.org/CVE-2018-5145
https://security.archlinux.org/CVE-2018-5146

ArchLinux: 201803-22: thunderbird: multiple issues

March 25, 2018

Summary

- CVE-2018-5125 (arbitrary code execution) Various memory safety bugs have been found in Thunderbird < 52.7.0 and Firefox < 59.0, some of them presenting evidence of memory corruption. Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.
- CVE-2018-5127 (arbitrary code execution)
A buffer overflow can occur in Thunderbird < 52.7.0 when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash.
- CVE-2018-5129 (access restriction bypass)
A lack of parameter validation on IPC messages results in a potential out-of-bounds write in Thunderbird < 52.7.0, through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process.
- CVE-2018-5144 (arbitrary code execution)
An integer overflow can occur during conversion of text to some Unicode character sets in Thunderbird < 52.7.0, due to an unchecked length parameter.
- CVE-2018-5145 (arbitrary code execution)
Various memory safety bugs have been found in Thunderbird < 52.7.0, some of them presenting evidence of memory corruption. Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.
- CVE-2018-5146 (arbitrary code execution)
An out of bounds memory write vulnerability has been discovered in libvorbis before 1.3.6 while processing Vorbis audio data related to codebooks that are not an exact divisor of the partition size.

Resolution

Upgrade to 52.7.0-1. # pacman -Syu "thunderbird>=52.7.0-1"
The problems have been fixed upstream in version 52.7.0.

References

https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/#CVE-2018-5125 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520 https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/#CVE-2018-5127 https://bugzilla.mozilla.org/show_bug.cgi?id=1430557 https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/#CVE-2018-5129 https://bugzilla.mozilla.org/show_bug.cgi?id=1428947 https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/#CVE-2018-5144 https://bugzilla.mozilla.org/show_bug.cgi?id=1440926 https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/#CVE-2018-5145 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1261175%2C1348955 https://github.com/xiph/vorbis/commit/667ceb4aab60c1f74060143bb24e5f427b3cce5f https://seclists.org/oss-sec/2018/q1/243 https://security.archlinux.org/CVE-2018-5125 https://security.archlinux.org/CVE-2018-5127 https://security.archlinux.org/CVE-2018-5129 https://security.archlinux.org/CVE-2018-5144 https://security.archlinux.org/CVE-2018-5145 https://security.archlinux.org/CVE-2018-5146

Severity
CVE-2018-5145 CVE-2018-5146
Package : thunderbird
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-663

Workaround

None.

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved