SB2024091057 - SUSE update for MozillaThunderbird
Published: September 10, 2024
Security Bulletin ID
SB2024091057
Severity
High
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2024-34703)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing X.509 certificates. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
2) Arbitrary code execution (CVE-ID: CVE-2016-0913)
The vulnerability allows a remote user to cause arbitrary code execution on the target language.The weakness is caused by insufficient validation of input. Under the guise of Replication Manager (RM) server attackers can link to the target RM user and trick the victim to load from an SMB share a specially crafted file containing arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Remediation
Install update from vendor's website.