Mailinglist Archive: opensuse-updates (130 mails)

< Previous Next >
openSUSE-SU-2013:1871-1: important: Mozilla updates 2013/12
openSUSE Security Update: Mozilla updates 2013/12
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1871-1
Rating: important
References: #854367 #854370
Cross-References: CVE-2013-5609 CVE-2013-5610 CVE-2013-5613
CVE-2013-5615 CVE-2013-5616 CVE-2013-5618
CVE-2013-6629 CVE-2013-6630 CVE-2013-6671
CVE-2013-6673
Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that fixes 10 vulnerabilities is now available.

Description:

This patch contains
* mozilla-nss 3.15.3.1 which includes a certstore update
(1.95) to explicitely revoke AC DG Tresor SSL
intermediate CA which was misused.
* Firefox 24.2esr
* Thunderbird 24.2
* Seamonkey 2.23

These updates fix several security issues:

* CVE-2013-5611 Mozilla: Application Installation
doorhanger persists on navigation (MFSA 2013-105)
* CVE-2013-5609 Mozilla: Miscellaneous memory safety
hazards (rv:24.2) (MFSA 2013-104)
* CVE-2013-5610 Mozilla: Miscellaneous memory safety
hazards (rv:26.0) (MFSA 2013-104)
* CVE-2013-5612 Mozilla: Character encoding cross-origin
XSS attack (MFSA 2013-106)
* CVE-2013-5614 Mozilla: Sandbox restrictions not applied
to nested object elements (MFSA 2013-107)
* CVE-2013-5616 Mozilla: Use-after-free in event listeners
(MFSA 2013-108)
* CVE-2013-5619 Mozilla: Potential overflow in JavaScript
binary search algorithms (MFSA 2013-110)
* CVE-2013-6671 Mozilla: Segmentation violation when
replacing ordered list elements (MFSA 2013-111)
* CVE-2013-6673 Mozilla: Trust settings for built-in roots
ignored during EV certificate validation (MFSA 2013-113)
* CVE-2013-5613 Mozilla: Use-after-free in synthetic mouse
movement (MFSA 2013-114)
* CVE-2013-5615 Mozilla: GetElementIC typed array stubs can
be generated outside observed typesets (MFSA 2013-115)
* CVE-2013-6672 Mozilla: Linux clipboard information
disclosure though selection paste (MFSA 2013-112)
* CVE-2013-5618 Mozilla: Use-after-free during Table
Editing (MFSA 2013-109)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch 2013-170

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (i586 x86_64):

MozillaFirefox-24.2.0-95.2
MozillaFirefox-branding-upstream-24.2.0-95.2
MozillaFirefox-buildsymbols-24.2.0-95.2
MozillaFirefox-debuginfo-24.2.0-95.2
MozillaFirefox-debugsource-24.2.0-95.2
MozillaFirefox-devel-24.2.0-95.2
MozillaFirefox-translations-common-24.2.0-95.2
MozillaFirefox-translations-other-24.2.0-95.2
MozillaThunderbird-24.2.0-81.2
MozillaThunderbird-buildsymbols-24.2.0-81.2
MozillaThunderbird-debuginfo-24.2.0-81.2
MozillaThunderbird-debugsource-24.2.0-81.2
MozillaThunderbird-devel-24.2.0-81.2
MozillaThunderbird-translations-common-24.2.0-81.2
MozillaThunderbird-translations-other-24.2.0-81.2
enigmail-1.6.0+24.2.0-81.2
libfreebl3-3.15.3.1-74.1
libfreebl3-debuginfo-3.15.3.1-74.1
libsoftokn3-3.15.3.1-74.1
libsoftokn3-debuginfo-3.15.3.1-74.1
mozilla-nss-3.15.3.1-74.1
mozilla-nss-certs-3.15.3.1-74.1
mozilla-nss-certs-debuginfo-3.15.3.1-74.1
mozilla-nss-debuginfo-3.15.3.1-74.1
mozilla-nss-debugsource-3.15.3.1-74.1
mozilla-nss-devel-3.15.3.1-74.1
mozilla-nss-sysinit-3.15.3.1-74.1
mozilla-nss-sysinit-debuginfo-3.15.3.1-74.1
mozilla-nss-tools-3.15.3.1-74.1
mozilla-nss-tools-debuginfo-3.15.3.1-74.1
seamonkey-2.23-85.1
seamonkey-debuginfo-2.23-85.1
seamonkey-debugsource-2.23-85.1
seamonkey-dom-inspector-2.23-85.1
seamonkey-irc-2.23-85.1
seamonkey-translations-common-2.23-85.1
seamonkey-translations-other-2.23-85.1
seamonkey-venkman-2.23-85.1

- openSUSE 11.4 (x86_64):

libfreebl3-32bit-3.15.3.1-74.1
libfreebl3-debuginfo-32bit-3.15.3.1-74.1
libsoftokn3-32bit-3.15.3.1-74.1
libsoftokn3-debuginfo-32bit-3.15.3.1-74.1
mozilla-nss-32bit-3.15.3.1-74.1
mozilla-nss-certs-32bit-3.15.3.1-74.1
mozilla-nss-certs-debuginfo-32bit-3.15.3.1-74.1
mozilla-nss-debuginfo-32bit-3.15.3.1-74.1
mozilla-nss-sysinit-32bit-3.15.3.1-74.1
mozilla-nss-sysinit-debuginfo-32bit-3.15.3.1-74.1

- openSUSE 11.4 (ia64):

libfreebl3-debuginfo-x86-3.15.3.1-74.1
libfreebl3-x86-3.15.3.1-74.1
libsoftokn3-debuginfo-x86-3.15.3.1-74.1
libsoftokn3-x86-3.15.3.1-74.1
mozilla-nss-certs-debuginfo-x86-3.15.3.1-74.1
mozilla-nss-certs-x86-3.15.3.1-74.1
mozilla-nss-debuginfo-x86-3.15.3.1-74.1
mozilla-nss-sysinit-debuginfo-x86-3.15.3.1-74.1
mozilla-nss-sysinit-x86-3.15.3.1-74.1
mozilla-nss-x86-3.15.3.1-74.1


References:

http://support.novell.com/security/cve/CVE-2013-5609.html
http://support.novell.com/security/cve/CVE-2013-5610.html
http://support.novell.com/security/cve/CVE-2013-5613.html
http://support.novell.com/security/cve/CVE-2013-5615.html
http://support.novell.com/security/cve/CVE-2013-5616.html
http://support.novell.com/security/cve/CVE-2013-5618.html
http://support.novell.com/security/cve/CVE-2013-6629.html
http://support.novell.com/security/cve/CVE-2013-6630.html
http://support.novell.com/security/cve/CVE-2013-6671.html
http://support.novell.com/security/cve/CVE-2013-6673.html
https://bugzilla.novell.com/854367
https://bugzilla.novell.com/854370


< Previous Next >
This Thread
  • No further messages