Updated thunderbird, tigervnc, and firefox packages are available for AlmaLinux:
ALSA-2024:0001 Important: thunderbird security update
ALSA-2024:0003 Important: thunderbird security update
ALSA-2024:0010 Important: tigervnc security update
ALSA-2024:0012 Important: firefox security update
ALSA-2024:0018 Important: tigervnc security update
ALSA-2024:0025 Important: firefox security update
ID:
ALSA-2024:0001
Title:
ALSA-2024:0001 Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2024-01-03
Description
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.6.0.
Security Fix(es):
* Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (CVE-2023-6856)
* Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)
* Mozilla: S/MIME signature accepted despite mismatching message date (CVE-2023-50761)
* Mozilla: Truncated signed text was shown with a valid OpenPGP signature (CVE-2023-50762)
* Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)
* Mozilla: Heap buffer overflow in nsTextFragment (CVE-2023-6858)
* Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)
* Mozilla: Potential sandbox escape due to VideoBridge lack of texture validation (CVE-2023-6860)
* Mozilla: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (CVE-2023-6861)
* Mozilla: Use-after-free in nsDNSService (CVE-2023-6862)
* Mozilla: Undefined behavior in ShutdownObserver() (CVE-2023-6863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-50761
CVE-2023-50762
CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
RHSA-2024:0001
ALSA-2024:0001
Updated packages listed below:
Architecture
Package
Checksum
aarch64
thunderbird-115.6.0-1.el9_3.alma.aarch64.rpm
a50d290eedeb8747e153efe4dbe8ed0b5bf604c908f40a91761ef47a09708354
aarch64
thunderbird-115.6.0-1.el9_3.alma.plus.aarch64.rpm
c24e7120a2efa065aecd2a7b50be3dde1f2d1fcbb23b57c73f1e2d5d041c5cdd
ppc64le
thunderbird-115.6.0-1.el9_3.alma.plus.ppc64le.rpm
3a00dacfee1e3a5b736d762789fb5ba8d10c00fa08dc597246de0096e25d208e
ppc64le
thunderbird-115.6.0-1.el9_3.alma.ppc64le.rpm
6975f1d22e72f11ac459f1fa1f2706e67b0862fd812b4b56a58c12783de4e7e4
s390x
thunderbird-115.6.0-1.el9_3.alma.plus.s390x.rpm
24fb9dc5207f9d73d32e1f8405b687bd361d40922a6fc1365641e156b0d4b6a8
s390x
thunderbird-115.6.0-1.el9_3.alma.s390x.rpm
e5cc9d50f0d3a997a88461ab422eff1f8a6b606237de698c08fca6b1bcebed9b
x86_64
thunderbird-115.6.0-1.el9_3.alma.x86_64.rpm
2db5559c11bd68ec549bc96385ea9681632b3c20c876faf9c0ef9499e5f64d6f
x86_64
thunderbird-115.6.0-1.el9_3.alma.plus.x86_64.rpm
72ba006f1f91c8db907193a6c169196a8a263cf924024eed10122099dc43ae0b
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ID:
ALSA-2024:0003
Title:
ALSA-2024:0003 Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2024-01-04
Description
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.6.0.
Security Fix(es):
* Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (CVE-2023-6856)
* Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)
* Mozilla: S/MIME signature accepted despite mismatching message date (CVE-2023-50761)
* Mozilla: Truncated signed text was shown with a valid OpenPGP signature (CVE-2023-50762)
* Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)
* Mozilla: Heap buffer overflow in nsTextFragment (CVE-2023-6858)
* Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)
* Mozilla: Potential sandbox escape due to VideoBridge lack of texture validation (CVE-2023-6860)
* Mozilla: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (CVE-2023-6861)
* Mozilla: Use-after-free in nsDNSService (CVE-2023-6862)
* Mozilla: Undefined behavior in ShutdownObserver() (CVE-2023-6863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-50761
CVE-2023-50762
CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
RHSA-2024:0003
ALSA-2024:0003
Updated packages listed below:
Architecture
Package
Checksum
aarch64
thunderbird-115.6.0-1.el8_9.alma.aarch64.rpm
52ab44e10c27cf308767a056b5fe1477a7df25ff7d1be0b6e91e9c8d840c9fb1
aarch64
thunderbird-115.6.0-1.el8_9.alma.plus.aarch64.rpm
8dfdf13ae492a13ef8a37bf63e9e498fc7c9d61a4b5885ed65ec3194e4bb0028
ppc64le
thunderbird-115.6.0-1.el8_9.alma.plus.ppc64le.rpm
1e90725f4217e28d3743f61c14c4be0daca6cbd3faec71998ba27693914da717
ppc64le
thunderbird-115.6.0-1.el8_9.alma.ppc64le.rpm
65b9379baf4371d9d248a7a7d3aced2859696aa1bd0062c12d9c342b3d93f6b0
s390x
thunderbird-115.6.0-1.el8_9.alma.plus.s390x.rpm
6a7bde9a01d3d9b59a78dcea650b60e258e82e602203810af0d088e3cc449b39
s390x
thunderbird-115.6.0-1.el8_9.alma.s390x.rpm
945cbb209ae31ad5efd3c063ffa1ded75197f1a14aef568a1b9f973ba9d51d26
x86_64
thunderbird-115.6.0-1.el8_9.alma.x86_64.rpm
981deb0d5acab4983bf120938899261b5090e49c2ef02b289f2706f85696df89
x86_64
thunderbird-115.6.0-1.el8_9.alma.plus.x86_64.rpm
daba7bd9623a3e02de556d5d4f765ebef27db8cba2eb774ba6d1b92a609432a0
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ID:
ALSA-2024:0010
Title:
ALSA-2024:0010 Important: tigervnc security update
Type:
security
Severity:
important
Release date:
2024-01-03
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
* xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367)
* xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377)
* xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-5367
CVE-2023-6377
CVE-2023-6478
RHSA-2024:0010
ALSA-2024:0010
Updated packages listed below:
Architecture
Package
Checksum
aarch64
tigervnc-server-minimal-1.13.1-3.el9_3.3.alma.1.aarch64.rpm
1a13b24be33bace5ad9f20da22ae391edd4bd95e4d908fc06c6e56dfcaff7398
aarch64
tigervnc-server-module-1.13.1-3.el9_3.3.alma.1.aarch64.rpm
20e4549dd959284cadc996a4e90d965c03890edf93e985e1529a017f82b54b87
aarch64
tigervnc-1.13.1-3.el9_3.3.alma.1.aarch64.rpm
2213b3427395769f98e02c9cc47e99eabc09266564c9ec5c567df6fb2519f595
aarch64
tigervnc-server-1.13.1-3.el9_3.3.alma.1.aarch64.rpm
db77ffec79a1e3b82cd269dc6af94af266b2a5a67daef9719b975bb7616abfb2
noarch
tigervnc-license-1.13.1-3.el9_3.3.alma.1.noarch.rpm
24e7c7b936310a7431a75cd4667a29a921adf4498d6b590d9d39f8bfc6b04e4d
noarch
tigervnc-icons-1.13.1-3.el9_3.3.alma.1.noarch.rpm
3a9e687b068bc354e443cf57ab3543461ec41d8cb40b8746dd3c3582b55ca406
noarch
tigervnc-selinux-1.13.1-3.el9_3.3.alma.1.noarch.rpm
ff518f13e65a4aca8f744ae459296109897598014a61b9acfb792901d7f37af7
ppc64le
tigervnc-server-minimal-1.13.1-3.el9_3.3.alma.1.ppc64le.rpm
108a58a838295bfb7f06965274bf20b21a76f40bb369005fda3ccad591b4e74e
ppc64le
tigervnc-1.13.1-3.el9_3.3.alma.1.ppc64le.rpm
22d5313b07652f10960dd6348803efc722ea41c56d45f58d9bb5081e8aad15a5
ppc64le
tigervnc-server-module-1.13.1-3.el9_3.3.alma.1.ppc64le.rpm
9247d47a335e2ad5a85451a68e541a5209234d6618c3301c704c8d96c2746fbd
ppc64le
tigervnc-server-1.13.1-3.el9_3.3.alma.1.ppc64le.rpm
9d639ff15e67755a005941668cedaae204cdee3b0059ee6411c7bb9ebfee0fdd
s390x
tigervnc-server-module-1.13.1-3.el9_3.3.alma.1.s390x.rpm
24430a8537d7b994f88520239d1b932eadba811b109399893a8cbfae5d10d213
s390x
tigervnc-server-1.13.1-3.el9_3.3.alma.1.s390x.rpm
6666f3ead3262d4e1fe03f04afd01bbc9a09885b57e1a7e5cb0dd840e45c1f65
s390x
tigervnc-1.13.1-3.el9_3.3.alma.1.s390x.rpm
9ccc182315dfc34d5a11b5fea2179cf96237a98038c069f88e8e2c9a5ab4db48
s390x
tigervnc-server-minimal-1.13.1-3.el9_3.3.alma.1.s390x.rpm
d031d1345a831a91338dd165a0989e3ee59a92419a41998506e985820283d608
x86_64
tigervnc-server-module-1.13.1-3.el9_3.3.alma.1.x86_64.rpm
9b97878d507e9efc30ed97c6fdab5ebcd27a11418765c79f5914033d5bbad642
x86_64
tigervnc-1.13.1-3.el9_3.3.alma.1.x86_64.rpm
9ed29f62f9997d7cd2323f1142e1b6ec12d5429650e5bf614acfcf0a2325893e
x86_64
tigervnc-server-minimal-1.13.1-3.el9_3.3.alma.1.x86_64.rpm
be85686d13303788cd8799efb3c3e891717591e50bd659c8ce0ca02cc0f40b09
x86_64
tigervnc-server-1.13.1-3.el9_3.3.alma.1.x86_64.rpm
f9ceef9b348942adb5aec11ea78deef2fa48a76cadc537f059eb0649ed6ca728
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ID:
ALSA-2024:0012
Title:
ALSA-2024:0012 Important: firefox security update
Type:
security
Severity:
important
Release date:
2024-01-04
Description
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.6.0 ESR.
Security Fix(es):
* Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (CVE-2023-6856)
* Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)
* Mozilla: Potential exposure of uninitialized data in EncryptingOutputStream (CVE-2023-6865)
* Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)
* Mozilla: Heap buffer overflow in nsTextFragment (CVE-2023-6858)
* Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)
* Mozilla: Potential sandbox escape due to VideoBridge lack of texture validation (CVE-2023-6860)
* Mozilla: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (CVE-2023-6861)
* Mozilla: Use-after-free in nsDNSService (CVE-2023-6862)
* Mozilla: Clickjacking permission prompts using the popup transition (CVE-2023-6867)
* Mozilla: Undefined behavior in ShutdownObserver() (CVE-2023-6863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
CVE-2023-6865
CVE-2023-6867
RHSA-2024:0012
ALSA-2024:0012
Updated packages listed below:
Architecture
Package
Checksum
aarch64
firefox-115.6.0-1.el8_9.alma.aarch64.rpm
45c4419c7b8210b8fbfe75b25a73af8a90b9b0c3ce2f027c3cbc652bf29f4570
ppc64le
firefox-115.6.0-1.el8_9.alma.ppc64le.rpm
73c33819f68b913e568552bdb6cc3122b079c5dfb9a05d32fb90e98042564052
s390x
firefox-115.6.0-1.el8_9.alma.s390x.rpm
ca25974d6f14535518ceef6af1e395aafa2a8d95c3ca3453d2417f1d0573674b
x86_64
firefox-115.6.0-1.el8_9.alma.x86_64.rpm
e74079bac988d4d6e9400e71a39db579e2758386a599f40241d9bb663078c51d
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ID:
ALSA-2024:0018
Title:
ALSA-2024:0018 Important: tigervnc security update
Type:
security
Severity:
important
Release date:
2024-01-04
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
* xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377)
* xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-6377
CVE-2023-6478
RHSA-2024:0018
ALSA-2024:0018
Updated packages listed below:
Architecture
Package
Checksum
aarch64
tigervnc-server-minimal-1.13.1-2.el8_9.4.alma.1.aarch64.rpm
7aba89631b41ce75945d03b7ceee704f0ee100bc21bf6406c1eefe0bfe1e249a
aarch64
tigervnc-server-module-1.13.1-2.el8_9.4.alma.1.aarch64.rpm
839adb1e2c3e50dbdf4245dadcd349d5e30955c1a6fb996dd69e6384e42b3eb7
aarch64
tigervnc-server-1.13.1-2.el8_9.4.alma.1.aarch64.rpm
a44496358d2d88186a9036d7d0c559c70bf43230fe1ebc675ef9212f58d424e4
aarch64
tigervnc-1.13.1-2.el8_9.4.alma.1.aarch64.rpm
b5d636667bf92bd6324110f11d9f5480a1df0ade4e0c23ec272cd216cdcbbf82
noarch
tigervnc-icons-1.13.1-2.el8_9.4.alma.1.noarch.rpm
248685d3f55185b73ff28293031e387b74ab0265a8495b5bf0a6239b84045182
noarch
tigervnc-selinux-1.13.1-2.el8_9.4.alma.1.noarch.rpm
30ef58f7373cb16f2591a107d83f54689d0c76fe54bf2e2696232c759c2aaeba
noarch
tigervnc-license-1.13.1-2.el8_9.4.alma.1.noarch.rpm
d1b88b82a2301c43f08f89caf27f4a1553b0de32d78a82579153dd969c7da383
ppc64le
tigervnc-server-minimal-1.13.1-2.el8_9.4.alma.1.ppc64le.rpm
33c7a1cf4bd08a922380223a4854e4db42bc82b0bf5eb36009e8dde7d3bccc1c
ppc64le
tigervnc-server-1.13.1-2.el8_9.4.alma.1.ppc64le.rpm
3dff57405f90cf061c7d356cd6404579ef8deb026aa8f3500a82425e57636cfd
ppc64le
tigervnc-server-module-1.13.1-2.el8_9.4.alma.1.ppc64le.rpm
ac29bbfdc3dda1509c3c823c08dc2a734ef30b9d6d4ef85d8ad987924aad4720
ppc64le
tigervnc-1.13.1-2.el8_9.4.alma.1.ppc64le.rpm
b353641929724b76bfbae2ba134871b75f0f2df9e126552c88b46d523b7d296e
s390x
tigervnc-1.13.1-2.el8_9.4.alma.1.s390x.rpm
443559787fa5dbd445a9d4d1b7bcafd31018b2565e30f99d7d112c6cae555e3e
s390x
tigervnc-server-module-1.13.1-2.el8_9.4.alma.1.s390x.rpm
7f008e99b0366ff16c7747bf97953cc96903e365f9a1f903c18879eebcc59872
s390x
tigervnc-server-1.13.1-2.el8_9.4.alma.1.s390x.rpm
b72596691cfc2239573adc7c3e78c163b8d89f0c6ee21284e75b2caaf065b568
s390x
tigervnc-server-minimal-1.13.1-2.el8_9.4.alma.1.s390x.rpm
f0972475aeb1fe490d0188fcae2e1882cbc5f831fad9c46347cf7ec4c94d72fd
x86_64
tigervnc-server-module-1.13.1-2.el8_9.4.alma.1.x86_64.rpm
a8b63577a0c07a8edc8585668d15f3dcff259e58adc1f585d5b0ecd3a5a87608
x86_64
tigervnc-1.13.1-2.el8_9.4.alma.1.x86_64.rpm
afd30aed59455c52d6b229354bfdc532fa65fc4936124a7f3117f40f69408cf7
x86_64
tigervnc-server-1.13.1-2.el8_9.4.alma.1.x86_64.rpm
c05d43096980541c54565a385f49e5fa964b88256b82cb1e6f460348d10c23fa
x86_64
tigervnc-server-minimal-1.13.1-2.el8_9.4.alma.1.x86_64.rpm
fe13cbcbba35f940dbfd2c27b1e17d349a4a788377bb783046cc577e31407a00
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ID:
ALSA-2024:0025
Title:
ALSA-2024:0025 Important: firefox security update
Type:
security
Severity:
important
Release date:
2024-01-03
Description
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.6.0 ESR.
Security Fix(es):
* Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (CVE-2023-6856)
* Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)
* Mozilla: Potential exposure of uninitialized data in EncryptingOutputStream (CVE-2023-6865)
* Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)
* Mozilla: Heap buffer overflow in nsTextFragment (CVE-2023-6858)
* Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)
* Mozilla: Potential sandbox escape due to VideoBridge lack of texture validation (CVE-2023-6860)
* Mozilla: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (CVE-2023-6861)
* Mozilla: Use-after-free in nsDNSService (CVE-2023-6862)
* Mozilla: Clickjacking permission prompts using the popup transition (CVE-2023-6867)
* Mozilla: Undefined behavior in ShutdownObserver() (CVE-2023-6863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
CVE-2023-6865
CVE-2023-6867
RHSA-2024:0025
ALSA-2024:0025
Updated packages listed below:
Architecture
Package
Checksum
aarch64
firefox-x11-115.6.0-1.el9_3.alma.aarch64.rpm
acfe81643e43f736ea87a4427167ce0239c2f1ea9f77065307424c507ded0fd9
aarch64
firefox-115.6.0-1.el9_3.alma.aarch64.rpm
b435afd895aeaa90a6ebf88861f2ad05f04dd6a2b017df77ee9335cd25ba2599
ppc64le
firefox-x11-115.6.0-1.el9_3.alma.ppc64le.rpm
70b26c4982f41ff934183e618b33b0527cf6fa8bd064b3b37eb05c96039c0010
ppc64le
firefox-115.6.0-1.el9_3.alma.ppc64le.rpm
cbf9e97cfc478924bd9733b1b764b9e47cc7974e0a88b87732174ef443d54e67
s390x
firefox-115.6.0-1.el9_3.alma.s390x.rpm
a84e655a1f8277d5728c7123dd8e6e68f1f341a5879043d8efb430de6f2bd60a
s390x
firefox-x11-115.6.0-1.el9_3.alma.s390x.rpm
bf21182d18c786589b2db6c94ae979ddc6f1d0a4041cd1bb0228324c25e104de
x86_64
firefox-115.6.0-1.el9_3.alma.x86_64.rpm
48a6e6e4048864be1a27cdc564b2bfeb2f0f9cbfb2aec1162574ed5e8a4091b7
x86_64
firefox-x11-115.6.0-1.el9_3.alma.x86_64.rpm
6c5ed6ae4f6a1ca9cad39c660904cc191adbdd366e68c667ff90fbbd4eb2a5e7
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0001 Important: thunderbird security update
ALSA-2024:0003 Important: thunderbird security update
ALSA-2024:0010 Important: tigervnc security update
ALSA-2024:0012 Important: firefox security update
ALSA-2024:0018 Important: tigervnc security update
ALSA-2024:0025 Important: firefox security update
ALSA-2024:0001 Important: thunderbird security update
ID:
ALSA-2024:0001
Title:
ALSA-2024:0001 Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2024-01-03
Description
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.6.0.
Security Fix(es):
* Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (CVE-2023-6856)
* Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)
* Mozilla: S/MIME signature accepted despite mismatching message date (CVE-2023-50761)
* Mozilla: Truncated signed text was shown with a valid OpenPGP signature (CVE-2023-50762)
* Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)
* Mozilla: Heap buffer overflow in nsTextFragment (CVE-2023-6858)
* Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)
* Mozilla: Potential sandbox escape due to VideoBridge lack of texture validation (CVE-2023-6860)
* Mozilla: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (CVE-2023-6861)
* Mozilla: Use-after-free in nsDNSService (CVE-2023-6862)
* Mozilla: Undefined behavior in ShutdownObserver() (CVE-2023-6863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-50761
CVE-2023-50762
CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
RHSA-2024:0001
ALSA-2024:0001
Updated packages listed below:
Architecture
Package
Checksum
aarch64
thunderbird-115.6.0-1.el9_3.alma.aarch64.rpm
a50d290eedeb8747e153efe4dbe8ed0b5bf604c908f40a91761ef47a09708354
aarch64
thunderbird-115.6.0-1.el9_3.alma.plus.aarch64.rpm
c24e7120a2efa065aecd2a7b50be3dde1f2d1fcbb23b57c73f1e2d5d041c5cdd
ppc64le
thunderbird-115.6.0-1.el9_3.alma.plus.ppc64le.rpm
3a00dacfee1e3a5b736d762789fb5ba8d10c00fa08dc597246de0096e25d208e
ppc64le
thunderbird-115.6.0-1.el9_3.alma.ppc64le.rpm
6975f1d22e72f11ac459f1fa1f2706e67b0862fd812b4b56a58c12783de4e7e4
s390x
thunderbird-115.6.0-1.el9_3.alma.plus.s390x.rpm
24fb9dc5207f9d73d32e1f8405b687bd361d40922a6fc1365641e156b0d4b6a8
s390x
thunderbird-115.6.0-1.el9_3.alma.s390x.rpm
e5cc9d50f0d3a997a88461ab422eff1f8a6b606237de698c08fca6b1bcebed9b
x86_64
thunderbird-115.6.0-1.el9_3.alma.x86_64.rpm
2db5559c11bd68ec549bc96385ea9681632b3c20c876faf9c0ef9499e5f64d6f
x86_64
thunderbird-115.6.0-1.el9_3.alma.plus.x86_64.rpm
72ba006f1f91c8db907193a6c169196a8a263cf924024eed10122099dc43ae0b
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0001 Important: thunderbird security update
ALSA-2024:0003 Important: thunderbird security update
ID:
ALSA-2024:0003
Title:
ALSA-2024:0003 Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2024-01-04
Description
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.6.0.
Security Fix(es):
* Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (CVE-2023-6856)
* Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)
* Mozilla: S/MIME signature accepted despite mismatching message date (CVE-2023-50761)
* Mozilla: Truncated signed text was shown with a valid OpenPGP signature (CVE-2023-50762)
* Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)
* Mozilla: Heap buffer overflow in nsTextFragment (CVE-2023-6858)
* Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)
* Mozilla: Potential sandbox escape due to VideoBridge lack of texture validation (CVE-2023-6860)
* Mozilla: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (CVE-2023-6861)
* Mozilla: Use-after-free in nsDNSService (CVE-2023-6862)
* Mozilla: Undefined behavior in ShutdownObserver() (CVE-2023-6863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-50761
CVE-2023-50762
CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
RHSA-2024:0003
ALSA-2024:0003
Updated packages listed below:
Architecture
Package
Checksum
aarch64
thunderbird-115.6.0-1.el8_9.alma.aarch64.rpm
52ab44e10c27cf308767a056b5fe1477a7df25ff7d1be0b6e91e9c8d840c9fb1
aarch64
thunderbird-115.6.0-1.el8_9.alma.plus.aarch64.rpm
8dfdf13ae492a13ef8a37bf63e9e498fc7c9d61a4b5885ed65ec3194e4bb0028
ppc64le
thunderbird-115.6.0-1.el8_9.alma.plus.ppc64le.rpm
1e90725f4217e28d3743f61c14c4be0daca6cbd3faec71998ba27693914da717
ppc64le
thunderbird-115.6.0-1.el8_9.alma.ppc64le.rpm
65b9379baf4371d9d248a7a7d3aced2859696aa1bd0062c12d9c342b3d93f6b0
s390x
thunderbird-115.6.0-1.el8_9.alma.plus.s390x.rpm
6a7bde9a01d3d9b59a78dcea650b60e258e82e602203810af0d088e3cc449b39
s390x
thunderbird-115.6.0-1.el8_9.alma.s390x.rpm
945cbb209ae31ad5efd3c063ffa1ded75197f1a14aef568a1b9f973ba9d51d26
x86_64
thunderbird-115.6.0-1.el8_9.alma.x86_64.rpm
981deb0d5acab4983bf120938899261b5090e49c2ef02b289f2706f85696df89
x86_64
thunderbird-115.6.0-1.el8_9.alma.plus.x86_64.rpm
daba7bd9623a3e02de556d5d4f765ebef27db8cba2eb774ba6d1b92a609432a0
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0003 Important: thunderbird security update
ALSA-2024:0010 Important: tigervnc security update
ID:
ALSA-2024:0010
Title:
ALSA-2024:0010 Important: tigervnc security update
Type:
security
Severity:
important
Release date:
2024-01-03
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
* xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367)
* xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377)
* xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-5367
CVE-2023-6377
CVE-2023-6478
RHSA-2024:0010
ALSA-2024:0010
Updated packages listed below:
Architecture
Package
Checksum
aarch64
tigervnc-server-minimal-1.13.1-3.el9_3.3.alma.1.aarch64.rpm
1a13b24be33bace5ad9f20da22ae391edd4bd95e4d908fc06c6e56dfcaff7398
aarch64
tigervnc-server-module-1.13.1-3.el9_3.3.alma.1.aarch64.rpm
20e4549dd959284cadc996a4e90d965c03890edf93e985e1529a017f82b54b87
aarch64
tigervnc-1.13.1-3.el9_3.3.alma.1.aarch64.rpm
2213b3427395769f98e02c9cc47e99eabc09266564c9ec5c567df6fb2519f595
aarch64
tigervnc-server-1.13.1-3.el9_3.3.alma.1.aarch64.rpm
db77ffec79a1e3b82cd269dc6af94af266b2a5a67daef9719b975bb7616abfb2
noarch
tigervnc-license-1.13.1-3.el9_3.3.alma.1.noarch.rpm
24e7c7b936310a7431a75cd4667a29a921adf4498d6b590d9d39f8bfc6b04e4d
noarch
tigervnc-icons-1.13.1-3.el9_3.3.alma.1.noarch.rpm
3a9e687b068bc354e443cf57ab3543461ec41d8cb40b8746dd3c3582b55ca406
noarch
tigervnc-selinux-1.13.1-3.el9_3.3.alma.1.noarch.rpm
ff518f13e65a4aca8f744ae459296109897598014a61b9acfb792901d7f37af7
ppc64le
tigervnc-server-minimal-1.13.1-3.el9_3.3.alma.1.ppc64le.rpm
108a58a838295bfb7f06965274bf20b21a76f40bb369005fda3ccad591b4e74e
ppc64le
tigervnc-1.13.1-3.el9_3.3.alma.1.ppc64le.rpm
22d5313b07652f10960dd6348803efc722ea41c56d45f58d9bb5081e8aad15a5
ppc64le
tigervnc-server-module-1.13.1-3.el9_3.3.alma.1.ppc64le.rpm
9247d47a335e2ad5a85451a68e541a5209234d6618c3301c704c8d96c2746fbd
ppc64le
tigervnc-server-1.13.1-3.el9_3.3.alma.1.ppc64le.rpm
9d639ff15e67755a005941668cedaae204cdee3b0059ee6411c7bb9ebfee0fdd
s390x
tigervnc-server-module-1.13.1-3.el9_3.3.alma.1.s390x.rpm
24430a8537d7b994f88520239d1b932eadba811b109399893a8cbfae5d10d213
s390x
tigervnc-server-1.13.1-3.el9_3.3.alma.1.s390x.rpm
6666f3ead3262d4e1fe03f04afd01bbc9a09885b57e1a7e5cb0dd840e45c1f65
s390x
tigervnc-1.13.1-3.el9_3.3.alma.1.s390x.rpm
9ccc182315dfc34d5a11b5fea2179cf96237a98038c069f88e8e2c9a5ab4db48
s390x
tigervnc-server-minimal-1.13.1-3.el9_3.3.alma.1.s390x.rpm
d031d1345a831a91338dd165a0989e3ee59a92419a41998506e985820283d608
x86_64
tigervnc-server-module-1.13.1-3.el9_3.3.alma.1.x86_64.rpm
9b97878d507e9efc30ed97c6fdab5ebcd27a11418765c79f5914033d5bbad642
x86_64
tigervnc-1.13.1-3.el9_3.3.alma.1.x86_64.rpm
9ed29f62f9997d7cd2323f1142e1b6ec12d5429650e5bf614acfcf0a2325893e
x86_64
tigervnc-server-minimal-1.13.1-3.el9_3.3.alma.1.x86_64.rpm
be85686d13303788cd8799efb3c3e891717591e50bd659c8ce0ca02cc0f40b09
x86_64
tigervnc-server-1.13.1-3.el9_3.3.alma.1.x86_64.rpm
f9ceef9b348942adb5aec11ea78deef2fa48a76cadc537f059eb0649ed6ca728
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0010 Important: tigervnc security update
ALSA-2024:0012 Important: firefox security update
ID:
ALSA-2024:0012
Title:
ALSA-2024:0012 Important: firefox security update
Type:
security
Severity:
important
Release date:
2024-01-04
Description
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.6.0 ESR.
Security Fix(es):
* Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (CVE-2023-6856)
* Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)
* Mozilla: Potential exposure of uninitialized data in EncryptingOutputStream (CVE-2023-6865)
* Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)
* Mozilla: Heap buffer overflow in nsTextFragment (CVE-2023-6858)
* Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)
* Mozilla: Potential sandbox escape due to VideoBridge lack of texture validation (CVE-2023-6860)
* Mozilla: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (CVE-2023-6861)
* Mozilla: Use-after-free in nsDNSService (CVE-2023-6862)
* Mozilla: Clickjacking permission prompts using the popup transition (CVE-2023-6867)
* Mozilla: Undefined behavior in ShutdownObserver() (CVE-2023-6863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
CVE-2023-6865
CVE-2023-6867
RHSA-2024:0012
ALSA-2024:0012
Updated packages listed below:
Architecture
Package
Checksum
aarch64
firefox-115.6.0-1.el8_9.alma.aarch64.rpm
45c4419c7b8210b8fbfe75b25a73af8a90b9b0c3ce2f027c3cbc652bf29f4570
ppc64le
firefox-115.6.0-1.el8_9.alma.ppc64le.rpm
73c33819f68b913e568552bdb6cc3122b079c5dfb9a05d32fb90e98042564052
s390x
firefox-115.6.0-1.el8_9.alma.s390x.rpm
ca25974d6f14535518ceef6af1e395aafa2a8d95c3ca3453d2417f1d0573674b
x86_64
firefox-115.6.0-1.el8_9.alma.x86_64.rpm
e74079bac988d4d6e9400e71a39db579e2758386a599f40241d9bb663078c51d
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0012 Important: firefox security update
ALSA-2024:0018 Important: tigervnc security update
ID:
ALSA-2024:0018
Title:
ALSA-2024:0018 Important: tigervnc security update
Type:
security
Severity:
important
Release date:
2024-01-04
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
* xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377)
* xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-6377
CVE-2023-6478
RHSA-2024:0018
ALSA-2024:0018
Updated packages listed below:
Architecture
Package
Checksum
aarch64
tigervnc-server-minimal-1.13.1-2.el8_9.4.alma.1.aarch64.rpm
7aba89631b41ce75945d03b7ceee704f0ee100bc21bf6406c1eefe0bfe1e249a
aarch64
tigervnc-server-module-1.13.1-2.el8_9.4.alma.1.aarch64.rpm
839adb1e2c3e50dbdf4245dadcd349d5e30955c1a6fb996dd69e6384e42b3eb7
aarch64
tigervnc-server-1.13.1-2.el8_9.4.alma.1.aarch64.rpm
a44496358d2d88186a9036d7d0c559c70bf43230fe1ebc675ef9212f58d424e4
aarch64
tigervnc-1.13.1-2.el8_9.4.alma.1.aarch64.rpm
b5d636667bf92bd6324110f11d9f5480a1df0ade4e0c23ec272cd216cdcbbf82
noarch
tigervnc-icons-1.13.1-2.el8_9.4.alma.1.noarch.rpm
248685d3f55185b73ff28293031e387b74ab0265a8495b5bf0a6239b84045182
noarch
tigervnc-selinux-1.13.1-2.el8_9.4.alma.1.noarch.rpm
30ef58f7373cb16f2591a107d83f54689d0c76fe54bf2e2696232c759c2aaeba
noarch
tigervnc-license-1.13.1-2.el8_9.4.alma.1.noarch.rpm
d1b88b82a2301c43f08f89caf27f4a1553b0de32d78a82579153dd969c7da383
ppc64le
tigervnc-server-minimal-1.13.1-2.el8_9.4.alma.1.ppc64le.rpm
33c7a1cf4bd08a922380223a4854e4db42bc82b0bf5eb36009e8dde7d3bccc1c
ppc64le
tigervnc-server-1.13.1-2.el8_9.4.alma.1.ppc64le.rpm
3dff57405f90cf061c7d356cd6404579ef8deb026aa8f3500a82425e57636cfd
ppc64le
tigervnc-server-module-1.13.1-2.el8_9.4.alma.1.ppc64le.rpm
ac29bbfdc3dda1509c3c823c08dc2a734ef30b9d6d4ef85d8ad987924aad4720
ppc64le
tigervnc-1.13.1-2.el8_9.4.alma.1.ppc64le.rpm
b353641929724b76bfbae2ba134871b75f0f2df9e126552c88b46d523b7d296e
s390x
tigervnc-1.13.1-2.el8_9.4.alma.1.s390x.rpm
443559787fa5dbd445a9d4d1b7bcafd31018b2565e30f99d7d112c6cae555e3e
s390x
tigervnc-server-module-1.13.1-2.el8_9.4.alma.1.s390x.rpm
7f008e99b0366ff16c7747bf97953cc96903e365f9a1f903c18879eebcc59872
s390x
tigervnc-server-1.13.1-2.el8_9.4.alma.1.s390x.rpm
b72596691cfc2239573adc7c3e78c163b8d89f0c6ee21284e75b2caaf065b568
s390x
tigervnc-server-minimal-1.13.1-2.el8_9.4.alma.1.s390x.rpm
f0972475aeb1fe490d0188fcae2e1882cbc5f831fad9c46347cf7ec4c94d72fd
x86_64
tigervnc-server-module-1.13.1-2.el8_9.4.alma.1.x86_64.rpm
a8b63577a0c07a8edc8585668d15f3dcff259e58adc1f585d5b0ecd3a5a87608
x86_64
tigervnc-1.13.1-2.el8_9.4.alma.1.x86_64.rpm
afd30aed59455c52d6b229354bfdc532fa65fc4936124a7f3117f40f69408cf7
x86_64
tigervnc-server-1.13.1-2.el8_9.4.alma.1.x86_64.rpm
c05d43096980541c54565a385f49e5fa964b88256b82cb1e6f460348d10c23fa
x86_64
tigervnc-server-minimal-1.13.1-2.el8_9.4.alma.1.x86_64.rpm
fe13cbcbba35f940dbfd2c27b1e17d349a4a788377bb783046cc577e31407a00
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0018 Important: tigervnc security update
ALSA-2024:0025 Important: firefox security update
ID:
ALSA-2024:0025
Title:
ALSA-2024:0025 Important: firefox security update
Type:
security
Severity:
important
Release date:
2024-01-03
Description
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.6.0 ESR.
Security Fix(es):
* Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (CVE-2023-6856)
* Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)
* Mozilla: Potential exposure of uninitialized data in EncryptingOutputStream (CVE-2023-6865)
* Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)
* Mozilla: Heap buffer overflow in nsTextFragment (CVE-2023-6858)
* Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)
* Mozilla: Potential sandbox escape due to VideoBridge lack of texture validation (CVE-2023-6860)
* Mozilla: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (CVE-2023-6861)
* Mozilla: Use-after-free in nsDNSService (CVE-2023-6862)
* Mozilla: Clickjacking permission prompts using the popup transition (CVE-2023-6867)
* Mozilla: Undefined behavior in ShutdownObserver() (CVE-2023-6863)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-6856
CVE-2023-6857
CVE-2023-6858
CVE-2023-6859
CVE-2023-6860
CVE-2023-6861
CVE-2023-6862
CVE-2023-6863
CVE-2023-6864
CVE-2023-6865
CVE-2023-6867
RHSA-2024:0025
ALSA-2024:0025
Updated packages listed below:
Architecture
Package
Checksum
aarch64
firefox-x11-115.6.0-1.el9_3.alma.aarch64.rpm
acfe81643e43f736ea87a4427167ce0239c2f1ea9f77065307424c507ded0fd9
aarch64
firefox-115.6.0-1.el9_3.alma.aarch64.rpm
b435afd895aeaa90a6ebf88861f2ad05f04dd6a2b017df77ee9335cd25ba2599
ppc64le
firefox-x11-115.6.0-1.el9_3.alma.ppc64le.rpm
70b26c4982f41ff934183e618b33b0527cf6fa8bd064b3b37eb05c96039c0010
ppc64le
firefox-115.6.0-1.el9_3.alma.ppc64le.rpm
cbf9e97cfc478924bd9733b1b764b9e47cc7974e0a88b87732174ef443d54e67
s390x
firefox-115.6.0-1.el9_3.alma.s390x.rpm
a84e655a1f8277d5728c7123dd8e6e68f1f341a5879043d8efb430de6f2bd60a
s390x
firefox-x11-115.6.0-1.el9_3.alma.s390x.rpm
bf21182d18c786589b2db6c94ae979ddc6f1d0a4041cd1bb0228324c25e104de
x86_64
firefox-115.6.0-1.el9_3.alma.x86_64.rpm
48a6e6e4048864be1a27cdc564b2bfeb2f0f9cbfb2aec1162574ed5e8a4091b7
x86_64
firefox-x11-115.6.0-1.el9_3.alma.x86_64.rpm
6c5ed6ae4f6a1ca9cad39c660904cc191adbdd366e68c667ff90fbbd4eb2a5e7
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0025 Important: firefox security update
