MozillaThunderbird-115.12.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14095-1 Final 1 1 2024-07-04T00:00:00Z current 2024-07-04T00:00:00Z 2024-07-04T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z MozillaThunderbird-115.12.2-1.1 on GA media These are all security issues fixed in the MozillaThunderbird-115.12.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14095 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-34703/ SUSE CVE CVE-2024-34703 page openSUSE Tumbleweed MozillaThunderbird-115.12.2-1.1 MozillaThunderbird-openpgp-librnp-115.12.2-1.1 MozillaThunderbird-translations-common-115.12.2-1.1 MozillaThunderbird-translations-other-115.12.2-1.1 MozillaThunderbird-115.12.2-1.1 as a component of openSUSE Tumbleweed MozillaThunderbird-openpgp-librnp-115.12.2-1.1 as a component of openSUSE Tumbleweed MozillaThunderbird-translations-common-115.12.2-1.1 as a component of openSUSE Tumbleweed MozillaThunderbird-translations-other-115.12.2-1.1 as a component of openSUSE Tumbleweed Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan. CVE-2024-34703 openSUSE Tumbleweed:MozillaThunderbird-115.12.2-1.1 openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.12.2-1.1 openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.12.2-1.1 openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.12.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-34703.html CVE-2024-34703 https://bugzilla.suse.com/1227238 SUSE Bug 1227238