Mailinglist Archive: opensuse-updates (98 mails)

< Previous Next >
openSUSE-SU-2015:0570-1: moderate: Security update for seamonkey
openSUSE Security Update: Security update for seamonkey
______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:0570-1
Rating: moderate
References: #917597
Cross-References: 2015-0819 2015-0820 2015-0821 2015-0822 2015-0823
2015-0824 2015-0825 2015-0826 2015-0827 2015-0828
2015-0829 2015-0830 2015-0831 2015-0832 2015-0833
2015-0834 2015-0835 2015-0836
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________

An update that fixes 18 vulnerabilities is now available.

Description:


SeaMonkey was updated to 2.33 (bnc#917597)

* MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 Miscellaneous memory safety
hazards
* MFSA 2015-12/CVE-2015-0833 (bmo#945192) Invoking Mozilla updater will
load locally stored DLL files (Windows only)
* MFSA 2015-13/CVE-2015-0832 (bmo#1065909) Appended period to hostnames
can bypass HPKP and HSTS protections
* MFSA 2015-14/CVE-2015-0830 (bmo#1110488) Malicious WebGL content crash
when writing strings
* MFSA 2015-15/CVE-2015-0834 (bmo#1098314) TLS TURN and STUN connections
silently fail to simple TCP connections
* MFSA 2015-16/CVE-2015-0831 (bmo#1130514) Use-after-free in IndexedDB
* MFSA 2015-17/CVE-2015-0829 (bmo#1128939) Buffer overflow in
libstagefright during MP4 video playback
* MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675) Double-free when
using non-default memory allocators with a zero-length XHR
* MFSA 2015-19/CVE-2015-0827 (bmo#1117304) Out-of-bounds read and write
while rendering SVG content
* MFSA 2015-20/CVE-2015-0826 (bmo#1092363) Buffer overflow during CSS
restyling
* MFSA 2015-21/CVE-2015-0825 (bmo#1092370) Buffer underflow during MP3
playback
* MFSA 2015-22/CVE-2015-0824 (bmo#1095925) Crash using DrawTarget in Cairo
graphics library
* MFSA 2015-23/CVE-2015-0823 (bmo#1098497) Use-after-free in Developer
Console date with OpenType Sanitiser
* MFSA 2015-24/CVE-2015-0822 (bmo#1110557) Reading of local files through
manipulation of form autocomplete
* MFSA 2015-25/CVE-2015-0821 (bmo#1111960) Local files or privileged URLs
in pages can be opened into new tabs
* MFSA 2015-26/CVE-2015-0819 (bmo#1079554) UI Tour whitelisted sites in
background tab can spoof foreground tabs
* MFSA 2015-27CVE-2015-0820 (bmo#1125398) Caja Compiler JavaScript sandbox
bypass

Update to SeaMonkey 2.32.1
* fixed MailNews feeds not updating
* fixed selected profile in Profile Manager not remembered
* fixed opening a bookmark folder in tabs on Linux
* fixed Troubleshooting Information (about:support) with the Modern theme


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-250=1

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-250=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.2 (i586 x86_64):

seamonkey-2.33-12.1
seamonkey-debuginfo-2.33-12.1
seamonkey-debugsource-2.33-12.1
seamonkey-dom-inspector-2.33-12.1
seamonkey-irc-2.33-12.1
seamonkey-translations-common-2.33-12.1
seamonkey-translations-other-2.33-12.1

- openSUSE 13.1 (i586 x86_64):

seamonkey-2.33-48.1
seamonkey-debuginfo-2.33-48.1
seamonkey-debugsource-2.33-48.1
seamonkey-dom-inspector-2.33-48.1
seamonkey-irc-2.33-48.1
seamonkey-translations-common-2.33-48.1
seamonkey-translations-other-2.33-48.1


References:

http://support.novell.com/security/cve/2015-0819.html
http://support.novell.com/security/cve/2015-0820.html
http://support.novell.com/security/cve/2015-0821.html
http://support.novell.com/security/cve/2015-0822.html
http://support.novell.com/security/cve/2015-0823.html
http://support.novell.com/security/cve/2015-0824.html
http://support.novell.com/security/cve/2015-0825.html
http://support.novell.com/security/cve/2015-0826.html
http://support.novell.com/security/cve/2015-0827.html
http://support.novell.com/security/cve/2015-0828.html
http://support.novell.com/security/cve/2015-0829.html
http://support.novell.com/security/cve/2015-0830.html
http://support.novell.com/security/cve/2015-0831.html
http://support.novell.com/security/cve/2015-0832.html
http://support.novell.com/security/cve/2015-0833.html
http://support.novell.com/security/cve/2015-0834.html
http://support.novell.com/security/cve/2015-0835.html
http://support.novell.com/security/cve/2015-0836.html
https://bugzilla.suse.com/917597


< Previous Next >
This Thread
  • No further messages