FERRAMENTAS LINUX: Critical Mozilla Thunderbird Security Update for openSUSE 15.6 (2025-01813-1)

quinta-feira, 5 de junho de 2025

Critical Mozilla Thunderbird Security Update for openSUSE 15.6 (2025-01813-1)

 

openSUSE


openSUSE 15.6 users: Patch Mozilla Thunderbird 128.10.2 immediately to fix CVE-2025-4918 (RCE) and CVE-2025-4919 (memory corruption). Step-by-step guide for SUSE Linux Enterprise, Package Hub, and Leap 15.6 systems.

Protect Your Linux Workstation: Patch These High-Risk Vulnerabilities Now

The latest Mozilla Thunderbird 128.10.2 update addresses severe security flaws affecting openSUSE Leap 15.6SUSE Linux Enterprise Workstation, and related distributions. This priority patch mitigates zero-day risks and enhances email client stability for enterprise and personal users.

Key Security Fixes in This Update

  • CVE-2025-4918: Critical out-of-bounds memory access vulnerability in Promise object resolution (Exploitable for RCE)

  • CVE-2025-4919: Linear sum optimization flaw allowing arbitrary code execution (Patched in Thunderbird 128.10.2)

  • Profile corruption fix: Resolved UNC path compatibility issues preventing message display (bmo#1966256)

  • UX upgrades: Streamlined interface and performance tweaks (bmo#1964156)

🔒 Why This Matters: Unpatched systems risk remote compromise, data theft, and malware infiltration. Enterprise users should prioritize deployment.

Step-by-Step Patch Installation Guide

For openSUSE/SUSE Linux Systems

  1. Recommended Methods:

    • Use YaST Online Update for automated patching

    • Run terminal command:

      bash
      Copy
      Download
      zypper patch

  2. Manual Installation (Product-Specific):

    bash
    Copy
    Download
    # SUSE Linux Enterprise Workstation 15 SP6/SP7  
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-1813=1  

# openSUSE Leap 15.6  
zypper in -t patch openSUSE-SLE-15.6-2025-1813=1  

# SUSE Package Hub 15 SP6/SP7  
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1813=1

Affected Packages & Architectures

DistributionPackageVersion
SUSE Linux Enterprise 15 SP6/SP7 (x86_64)MozillaThunderbird, debuginfo, translations128.10.2
openSUSE Leap 15.6 (aarch64, ppc64le, x86_64)Full Thunderbird suite128.10.2
SUSE Package Hub 15 SP6/SP7 (s390x)Core + debug packages128.10.2

Additional Resources

FAQ: Thunderbird Security Updates

Q: How urgent is this patch?
A: Critical. Both CVEs are exploitable for remote attacks.

Q: Can I delay installation?
A: Not recommended—Thunderbird is a high-risk vector for phishing/malware.

Q: Do home users need this?
A: Yes. All Thunderbird installations on openSUSE/SUSE are vulnerable.

Cezar Henrique at
Marcadores: Linux, Android, Segurança ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)