Mailinglist Archive: opensuse-updates (108 mails)

< Previous Next >
openSUSE-SU-2014:0008-1: moderate: update for seamonkey
openSUSE Security Update: update for seamonkey
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:0008-1
Rating: moderate
References: #854370
Cross-References: CVE-2013-5609 CVE-2013-5610 CVE-2013-5611
CVE-2013-5612 CVE-2013-5613 CVE-2013-5614
CVE-2013-5615 CVE-2013-5616 CVE-2013-5618
CVE-2013-5619 CVE-2013-6629 CVE-2013-6630
CVE-2013-6671 CVE-2013-6672 CVE-2013-6673

Affected Products:
openSUSE 13.1
openSUSE 12.3
openSUSE 12.2
______________________________________________________________________________

An update that fixes 15 vulnerabilities is now available.

Description:

This update fixes the following security issues with
SeaMonkey:

- update to SeaMonkey 2.23 (bnc#854370))
* requires NSPR 4.10.2 and NSS 3.15.3.1
* MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous
memory safety hazards
* MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application
Installation doorhanger persists on navigation
* MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character
encoding cross-origin XSS attack
* MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox
restrictions not applied to nested object elements
* MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free
in event listeners
* MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free
during Table Editing
* MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential
overflow in JavaScript binary search algorithms
* MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation
violation when replacing ordered list elements
* MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux
clipboard information disclosure though selection paste
* MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings
for built-in roots ignored during EV certificate
validation
* MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)
Use-after-free in synthetic mouse movement
* MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC
typed array stubs can be generated outside observed
typesets
* MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)
JPEG information leak
* MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI
certificate (fixed via NSS 3.15.3.1)
- rebased patches:
* mozilla-nongnome-proxies.patch
* mozilla-shared-nss-db.patch


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-2

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-2

- openSUSE 12.2:

zypper in -t patch openSUSE-2014-2

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i586 x86_64):

seamonkey-2.23-4.3
seamonkey-debuginfo-2.23-4.3
seamonkey-debugsource-2.23-4.3
seamonkey-dom-inspector-2.23-4.3
seamonkey-irc-2.23-4.3
seamonkey-translations-common-2.23-4.3
seamonkey-translations-other-2.23-4.3
seamonkey-venkman-2.23-4.3

- openSUSE 12.3 (i586 x86_64):

seamonkey-2.23-1.29.2
seamonkey-debuginfo-2.23-1.29.2
seamonkey-debugsource-2.23-1.29.2
seamonkey-dom-inspector-2.23-1.29.2
seamonkey-irc-2.23-1.29.2
seamonkey-translations-common-2.23-1.29.2
seamonkey-translations-other-2.23-1.29.2
seamonkey-venkman-2.23-1.29.2

- openSUSE 12.2 (i586 x86_64):

seamonkey-2.23-2.58.2
seamonkey-debuginfo-2.23-2.58.2
seamonkey-debugsource-2.23-2.58.2
seamonkey-dom-inspector-2.23-2.58.2
seamonkey-irc-2.23-2.58.2
seamonkey-translations-common-2.23-2.58.2
seamonkey-translations-other-2.23-2.58.2
seamonkey-venkman-2.23-2.58.2


References:

http://support.novell.com/security/cve/CVE-2013-5609.html
http://support.novell.com/security/cve/CVE-2013-5610.html
http://support.novell.com/security/cve/CVE-2013-5611.html
http://support.novell.com/security/cve/CVE-2013-5612.html
http://support.novell.com/security/cve/CVE-2013-5613.html
http://support.novell.com/security/cve/CVE-2013-5614.html
http://support.novell.com/security/cve/CVE-2013-5615.html
http://support.novell.com/security/cve/CVE-2013-5616.html
http://support.novell.com/security/cve/CVE-2013-5618.html
http://support.novell.com/security/cve/CVE-2013-5619.html
http://support.novell.com/security/cve/CVE-2013-6629.html
http://support.novell.com/security/cve/CVE-2013-6630.html
http://support.novell.com/security/cve/CVE-2013-6671.html
http://support.novell.com/security/cve/CVE-2013-6672.html
http://support.novell.com/security/cve/CVE-2013-6673.html
https://bugzilla.novell.com/854370


< Previous Next >
This Thread
  • No further messages