openSUSE Security Update: seamonkey: 2.17 update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0875-1 Rating: moderate References: #813026 #814101 Cross-References: CVE-2013-0788 CVE-2013-0789 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 Affected Products: openSUSE 12.3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: Seamonkey was updated to the 2.17 release, fixing bugs and security issues: - update to SeaMonkey 2.17 (bnc#813026) * requires NSPR 4.9.5 and NSS 3.14.3 * mozilla-webrtc-ppc.patch included upstream * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-37/CVE-2013-0794 (bmo#626775) Bypass of tab-modal dialog origin disclosure * MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site scripting (XSS) using timed history navigations * MFSA 2013-39/CVE-2013-0792 (bmo#722831) Memory corruption while rendering grayscale PNG images - use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch) - revert to use GStreamer 0.10 on 12.3 (bnc#814101) (remove mozilla-gstreamer-1.patch) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-400 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): seamonkey-2.17-1.8.4 seamonkey-debuginfo-2.17-1.8.4 seamonkey-debugsource-2.17-1.8.4 seamonkey-dom-inspector-2.17-1.8.4 seamonkey-irc-2.17-1.8.4 seamonkey-translations-common-2.17-1.8.4 seamonkey-translations-other-2.17-1.8.4 seamonkey-venkman-2.17-1.8.4 References: http://support.novell.com/security/cve/CVE-2013-0788.html http://support.novell.com/security/cve/CVE-2013-0789.html http://support.novell.com/security/cve/CVE-2013-0792.html http://support.novell.com/security/cve/CVE-2013-0793.html http://support.novell.com/security/cve/CVE-2013-0794.html http://support.novell.com/security/cve/CVE-2013-0795.html http://support.novell.com/security/cve/CVE-2013-0796.html http://support.novell.com/security/cve/CVE-2013-0800.html https://bugzilla.novell.com/813026 https://bugzilla.novell.com/814101