Security Vulnerabilities fixed in libevent RHSA-2017:1201

Description

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.1.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5429, CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459, CVE-2017-5466, CVE-2017-5432, CVE-2017-5434, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5454, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5467, CVE-2016-10197) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Petr Cerny, Nils, Ivan Fratric (Google Project Zero), Takeshi Terada, Heather Miller (Google Skia team), Chun Han Hsiao, Chamal De Silva, Nicolas Grgoire, Holger Fuhrmannek, Atte Kettunen, Haik Aftandilian, and Jordi Chancel as the original reporters.

Affected Applications

libevent

CVE References

CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5459 CVE-2017-5460 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469

Other References

https://access.redhat.com/errata/RHSA-2017:1201