openSUSE Security Update: update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:1346-1 Rating: moderate References: #900941 Cross-References: CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1585 CVE-2014-1586 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: - update to Thunderbird 31.2.0 (bnc#900941) * MFSA 2014-74/CVE-2014-1574 Miscellaneous memory safety hazards * MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation * MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms * MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video * MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-613 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): MozillaThunderbird-31.2.0-70.35.2 MozillaThunderbird-buildsymbols-31.2.0-70.35.2 MozillaThunderbird-debuginfo-31.2.0-70.35.2 MozillaThunderbird-debugsource-31.2.0-70.35.2 MozillaThunderbird-devel-31.2.0-70.35.2 MozillaThunderbird-translations-common-31.2.0-70.35.2 MozillaThunderbird-translations-other-31.2.0-70.35.2 References: http://support.novell.com/security/cve/CVE-2014-1574.html http://support.novell.com/security/cve/CVE-2014-1576.html http://support.novell.com/security/cve/CVE-2014-1577.html http://support.novell.com/security/cve/CVE-2014-1578.html http://support.novell.com/security/cve/CVE-2014-1581.html http://support.novell.com/security/cve/CVE-2014-1585.html http://support.novell.com/security/cve/CVE-2014-1586.html https://bugzilla.suse.com/show_bug.cgi?id=900941