Debian Long Term Support / LTS Security Information / 2018 / Security Information -- DLA-1575-1 thunderbird

Debian Security Advisory

DLA-1575-1 thunderbird -- LTS security update

Date Reported:

12 Nov 2018

Affected Packages:

thunderbird

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2017-16541, CVE-2018-5156, CVE-2018-5187, CVE-2018-12361, CVE-2018-12367, CVE-2018-12371, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-12383, CVE-2018-12385, CVE-2018-12389, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393.

More information:

Multiple security issues have been found in Thunderbird: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service.

Debian follows the Thunderbird upstream releases. Support for the 52.x series has ended, so starting with this update we're now following the 60.x releases.

Between 52.x and 60.x, Thunderbird has undergone significant internal updates, which makes it incompatible with a number of extensions. For more information please refer to https://support.mozilla.org/en-US/kb/new-thunderbird-60

For Debian 8 Jessie, these problems have been fixed in version 1:60.3.0-1~deb8u1.

We recommend that you upgrade your thunderbird packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS