openSUSE Security Update: MozillaFirefox to Firefox 32 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:1099-1 Rating: moderate References: #894201 #894370 Cross-References: CVE-2014-1553 CVE-2014-1562 CVE-2014-1563 CVE-2014-1564 CVE-2014-1565 CVE-2014-1567 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: Mozilla Firefox was updated to Firefox 32 fixing security issues and bugs. Security issues fixed: MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. MFSA 2014-70 / CVE-2014-1565: Security researcher Holger Fuhrmannek discovered an out-of-bounds read during the creation of an audio timeline in Web Audio. This results in a crash and could allow for the reading of random memory values. MFSA 2014-69 / CVE-2014-1564: Google security researcher Michal Zalewski discovered that when a malformated GIF image is rendered in certain circumstances, memory is not properly initialized before use. The resulting image then uses this memory during rendering. This could allow for the a script in web content to access this unitialized memory using the <canvas> feature. MFSA 2014-68 / CVE-2014-1563: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free during cycle collection. This was found in interactions with the SVG content through the document object model (DOM) with animating SVG content. This leads to a potentially exploitable crash. MFSA 2014-67: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jan de Mooij reported a memory safety problem that affects Firefox ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562) Christian Holler, Jan de Mooij, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman, and JW Wang reported memory safety problems and crashes that affect Firefox ESR 31 and Firefox 31. (CVE-2014-1553) Gary Kwong, Christian Holler, and David Weir reported memory safety problems and crashes that affect Firefox 31. (CVE-2014-1554) Mozilla NSS was updated to 3.16.4: Notable Changes: * The following 1024-bit root CA certificate was restored to allow more time to develop a better transition strategy for affected sites. It was removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy forum led to the decision to keep this root included longer in order to give website administrators more time to update their web servers. - CN = GTE CyberTrust Global Root * In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit intermediate CA certificate has been included, without explicit trust. The intention is to mitigate the effects of the previous removal of the 1024-bit Entrust.net root certificate, because many public Internet sites still use the "USERTrust Legacy Secure Server CA" intermediate certificate that is signed by the 1024-bit Entrust.net root certificate. The inclusion of the intermediate certificate is a temporary measure to allow those sites to function, by allowing them to find a trust path to another 2048-bit root CA certificate. The temporarily included intermediate certificate expires November 1, 2015. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-530 - openSUSE 12.3: zypper in -t patch openSUSE-2014-530 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): MozillaFirefox-31.1.0-42.1 MozillaFirefox-branding-upstream-31.1.0-42.1 MozillaFirefox-buildsymbols-31.1.0-42.1 MozillaFirefox-debuginfo-31.1.0-42.1 MozillaFirefox-debugsource-31.1.0-42.1 MozillaFirefox-devel-31.1.0-42.1 MozillaFirefox-translations-common-31.1.0-42.1 MozillaFirefox-translations-other-31.1.0-42.1 libfreebl3-3.16.4-35.1 libfreebl3-debuginfo-3.16.4-35.1 libsoftokn3-3.16.4-35.1 libsoftokn3-debuginfo-3.16.4-35.1 mozilla-nss-3.16.4-35.1 mozilla-nss-certs-3.16.4-35.1 mozilla-nss-certs-debuginfo-3.16.4-35.1 mozilla-nss-debuginfo-3.16.4-35.1 mozilla-nss-debugsource-3.16.4-35.1 mozilla-nss-devel-3.16.4-35.1 mozilla-nss-sysinit-3.16.4-35.1 mozilla-nss-sysinit-debuginfo-3.16.4-35.1 mozilla-nss-tools-3.16.4-35.1 mozilla-nss-tools-debuginfo-3.16.4-35.1 - openSUSE 13.1 (x86_64): libfreebl3-32bit-3.16.4-35.1 libfreebl3-debuginfo-32bit-3.16.4-35.1 libsoftokn3-32bit-3.16.4-35.1 libsoftokn3-debuginfo-32bit-3.16.4-35.1 mozilla-nss-32bit-3.16.4-35.1 mozilla-nss-certs-32bit-3.16.4-35.1 mozilla-nss-certs-debuginfo-32bit-3.16.4-35.1 mozilla-nss-debuginfo-32bit-3.16.4-35.1 mozilla-nss-sysinit-32bit-3.16.4-35.1 mozilla-nss-sysinit-debuginfo-32bit-3.16.4-35.1 - openSUSE 12.3 (i586 x86_64): MozillaFirefox-31.1.0-1.86.1 MozillaFirefox-branding-upstream-31.1.0-1.86.1 MozillaFirefox-buildsymbols-31.1.0-1.86.1 MozillaFirefox-debuginfo-31.1.0-1.86.1 MozillaFirefox-debugsource-31.1.0-1.86.1 MozillaFirefox-devel-31.1.0-1.86.1 MozillaFirefox-translations-common-31.1.0-1.86.1 MozillaFirefox-translations-other-31.1.0-1.86.1 libfreebl3-3.16.4-1.51.1 libfreebl3-debuginfo-3.16.4-1.51.1 libsoftokn3-3.16.4-1.51.1 libsoftokn3-debuginfo-3.16.4-1.51.1 mozilla-nss-3.16.4-1.51.1 mozilla-nss-certs-3.16.4-1.51.1 mozilla-nss-certs-debuginfo-3.16.4-1.51.1 mozilla-nss-debuginfo-3.16.4-1.51.1 mozilla-nss-debugsource-3.16.4-1.51.1 mozilla-nss-devel-3.16.4-1.51.1 mozilla-nss-sysinit-3.16.4-1.51.1 mozilla-nss-sysinit-debuginfo-3.16.4-1.51.1 mozilla-nss-tools-3.16.4-1.51.1 mozilla-nss-tools-debuginfo-3.16.4-1.51.1 - openSUSE 12.3 (x86_64): libfreebl3-32bit-3.16.4-1.51.1 libfreebl3-debuginfo-32bit-3.16.4-1.51.1 libsoftokn3-32bit-3.16.4-1.51.1 libsoftokn3-debuginfo-32bit-3.16.4-1.51.1 mozilla-nss-32bit-3.16.4-1.51.1 mozilla-nss-certs-32bit-3.16.4-1.51.1 mozilla-nss-certs-debuginfo-32bit-3.16.4-1.51.1 mozilla-nss-debuginfo-32bit-3.16.4-1.51.1 mozilla-nss-sysinit-32bit-3.16.4-1.51.1 mozilla-nss-sysinit-debuginfo-32bit-3.16.4-1.51.1 References: http://support.novell.com/security/cve/CVE-2014-1553.html http://support.novell.com/security/cve/CVE-2014-1562.html http://support.novell.com/security/cve/CVE-2014-1563.html http://support.novell.com/security/cve/CVE-2014-1564.html http://support.novell.com/security/cve/CVE-2014-1565.html http://support.novell.com/security/cve/CVE-2014-1567.html https://bugzilla.novell.com/894201 https://bugzilla.novell.com/894370