Mailinglist Archive: opensuse-security-announce (16 mails)

< Previous Next >
[security-announce] SUSE-SU-2013:1919-1: important: Security update for Mozilla Firefox
SUSE Security Update: Security update for Mozilla Firefox
______________________________________________________________________________

Announcement ID: SUSE-SU-2013:1919-1
Rating: important
References: #854367 #854370
Cross-References: CVE-2013-5609 CVE-2013-5610 CVE-2013-5611
CVE-2013-5612 CVE-2013-5613 CVE-2013-5614
CVE-2013-5615 CVE-2013-5616 CVE-2013-5618
CVE-2013-5619 CVE-2013-6671 CVE-2013-6672
CVE-2013-6673
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________

An update that fixes 13 vulnerabilities is now available.
It includes two new package versions.

Description:


MozillaFirefox has been updated to the 24.2.0 ESR security
release.

This is a major upgrade from the 17 ESR release branch.

Security issues fixed:

* CVE-2013-5611 Application Installation doorhanger
persists on navigation (MFSA 2013-105)
* CVE-2013-5609 Miscellaneous memory safety hazards
(rv:24.2) (MFSA 2013-104)
* CVE-2013-5610 Miscellaneous memory safety hazards
(rv:26.0) (MFSA 2013-104)
* CVE-2013-5612 Character encoding cross-origin XSS
attack (MFSA 2013-106)
* CVE-2013-5614 Sandbox restrictions not applied to
nested object elements (MFSA 2013-107)
* CVE-2013-5616 Use-after-free in event listeners (MFSA
2013-108)
* CVE-2013-5619 Potential overflow in JavaScript binary
search algorithms (MFSA 2013-110)
* CVE-2013-6671 Segmentation violation when replacing
ordered list elements (MFSA 2013-111)
* CVE-2013-6673 Trust settings for built-in roots
ignored during EV certificate validation (MFSA 2013-113)
* CVE-2013-5613 Use-after-free in synthetic mouse
movement (MFSA 2013-114)
* CVE-2013-5615 GetElementIC typed array stubs can be
generated outside observed typesets (MFSA 2013-115)
* CVE-2013-6672 Linux clipboard information disclosure
though selection paste (MFSA 2013-112)
* CVE-2013-5618 Use-after-free during Table Editing
(MFSA 2013-109)

Security Issue references:

* CVE-2013-5609
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609
>
* CVE-2013-5610
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5610
>
* CVE-2013-5611
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5611
>
* CVE-2013-5612
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612
>
* CVE-2013-5613
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613
>
* CVE-2013-5614
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5614
>
* CVE-2013-5615
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5615
>
* CVE-2013-5616
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616
>
* CVE-2013-5618
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618
>
* CVE-2013-5619
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5619
>
* CVE-2013-6671
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671
>
* CVE-2013-6672
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6672
>
* CVE-2013-6673
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6673
>


Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Software Development Kit 11 SP3:

zypper in -t patch sdksp3-firefox24-201312-8657

- SUSE Linux Enterprise Server 11 SP3 for VMware:

zypper in -t patch slessp3-firefox24-201312-8657

- SUSE Linux Enterprise Server 11 SP3:

zypper in -t patch slessp3-firefox24-201312-8657

- SUSE Linux Enterprise Desktop 11 SP3:

zypper in -t patch sledsp3-firefox24-201312-8657

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64
s390x x86_64) [New Version: 3.15.3.1]:

MozillaFirefox-devel-24.2.0esr-0.7.1
mozilla-nss-devel-3.15.3.1-0.7.1

- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version:
24.2.0esr and 3.15.3.1]:

MozillaFirefox-24.2.0esr-0.7.1
MozillaFirefox-translations-24.2.0esr-0.7.1
libfreebl3-3.15.3.1-0.7.1
libsoftokn3-3.15.3.1-0.7.1
mozilla-nss-3.15.3.1-0.7.1
mozilla-nss-tools-3.15.3.1-0.7.1

- SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version:
3.15.3.1]:

libfreebl3-32bit-3.15.3.1-0.7.1
libsoftokn3-32bit-3.15.3.1-0.7.1
mozilla-nss-32bit-3.15.3.1-0.7.1

- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New
Version: 24.2.0esr and 3.15.3.1]:

MozillaFirefox-24.2.0esr-0.7.1
MozillaFirefox-branding-SLED-24-0.7.4
MozillaFirefox-translations-24.2.0esr-0.7.1
libfreebl3-3.15.3.1-0.7.1
libsoftokn3-3.15.3.1-0.7.1
mozilla-nss-3.15.3.1-0.7.1
mozilla-nss-tools-3.15.3.1-0.7.1

- SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version:
3.15.3.1]:

libfreebl3-32bit-3.15.3.1-0.7.1
libsoftokn3-32bit-3.15.3.1-0.7.1
mozilla-nss-32bit-3.15.3.1-0.7.1

- SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 3.15.3.1]:

libfreebl3-x86-3.15.3.1-0.7.1
libsoftokn3-x86-3.15.3.1-0.7.1
mozilla-nss-x86-3.15.3.1-0.7.1

- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 24.2.0esr
and 3.15.3.1]:

MozillaFirefox-24.2.0esr-0.7.1
MozillaFirefox-branding-SLED-24-0.7.4
MozillaFirefox-translations-24.2.0esr-0.7.1
libfreebl3-3.15.3.1-0.7.1
libsoftokn3-3.15.3.1-0.7.1
mozilla-nss-3.15.3.1-0.7.1
mozilla-nss-tools-3.15.3.1-0.7.1

- SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.15.3.1]:

libfreebl3-32bit-3.15.3.1-0.7.1
libsoftokn3-32bit-3.15.3.1-0.7.1
mozilla-nss-32bit-3.15.3.1-0.7.1


References:

http://support.novell.com/security/cve/CVE-2013-5609.html
http://support.novell.com/security/cve/CVE-2013-5610.html
http://support.novell.com/security/cve/CVE-2013-5611.html
http://support.novell.com/security/cve/CVE-2013-5612.html
http://support.novell.com/security/cve/CVE-2013-5613.html
http://support.novell.com/security/cve/CVE-2013-5614.html
http://support.novell.com/security/cve/CVE-2013-5615.html
http://support.novell.com/security/cve/CVE-2013-5616.html
http://support.novell.com/security/cve/CVE-2013-5618.html
http://support.novell.com/security/cve/CVE-2013-5619.html
http://support.novell.com/security/cve/CVE-2013-6671.html
http://support.novell.com/security/cve/CVE-2013-6672.html
http://support.novell.com/security/cve/CVE-2013-6673.html
https://bugzilla.novell.com/854367
https://bugzilla.novell.com/854370

http://download.novell.com/patch/finder/?keywords=b65ba217110f17441675bc6fc74570d4

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages