Mailinglist Archive: opensuse-updates (50 mails)

< Previous Next >
openSUSE-SU-2015:0934-1: moderate: Security update for MozillaFirefox
openSUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:0934-1
Rating: moderate
References: #930622
Cross-References: CVE-2011-3079 CVE-2015-2708 CVE-2015-2709
CVE-2015-2710 CVE-2015-2711 CVE-2015-2712
CVE-2015-2713 CVE-2015-2715 CVE-2015-2716
CVE-2015-2717 CVE-2015-2718
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________

An update that fixes 11 vulnerabilities is now available.

Description:

The Mozilla Firefox web browser was updated to version 38.0.1 to fix
several security and non-security issues. This update also includes a
Mozilla Network Security Services (NSS) update to version 3.18.1.

The following vulnerabilities and issues were fixed:

Changes in Mozilla Firefox:
- update to Firefox 38.0.1 stability and regression fixes
* Systems with first generation NVidia Optimus graphics cards may crash
on start-up
* Users who import cookies from Google Chrome can end up with broken
websites
* Large animated images may fail to play and may stop other images from
loading
- update to Firefox 38.0 (bnc#930622)
* New tab-based preferences
* Ruby annotation support
* more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
security fixes:
* MFSA 2015-46/CVE-2015-2708/CVE-2015-2709 Miscellaneous memory safety
hazards
* MFSA 2015-47/VE-2015-0797 (bmo#1080995) Buffer overflow parsing H.264
video with Linux Gstreamer
* MFSA 2015-48/CVE-2015-2710 (bmo#1149542) Buffer overflow with SVG
content and CSS
* MFSA 2015-49/CVE-2015-2711 (bmo#1113431) Referrer policy ignored when
links opened by middle-click and context menu
* MFSA 2015-50/CVE-2015-2712 (bmo#1152280) Out-of-bounds read and write
in asm.js validation
* MFSA 2015-51/CVE-2015-2713 (bmo#1153478) Use-after-free during text
processing with vertical text enabled
* MFSA 2015-53/CVE-2015-2715 (bmo#988698) Use-after-free due to Media
Decoder Thread creation during shutdown
* MFSA 2015-54/CVE-2015-2716 (bmo#1140537) Buffer overflow when parsing
compressed XML
* MFSA 2015-55/CVE-2015-2717 (bmo#1154683) Buffer overflow and
out-of-bounds read while parsing MP4 video metadata
* MFSA 2015-56/CVE-2015-2718 (bmo#1146724) Untrusted site hosting
trusted page can intercept webchannel responses
* MFSA 2015-57/CVE-2011-3079 (bmo#1087565) Privilege escalation through
IPC channel messages

Changes in Mozilla NSS:
- update to 3.18.1
* Firefox target release 38
* No new functionality is introduced in this release. Notable Changes:
* The following CA certificate had the Websites and Code Signing trust
bits restored to their original state to allow more time to develop a
better transition strategy for affected sites:
- OU = Equifax Secure Certificate Authority
* The following CA certificate was removed:
- CN = e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
* The following intermediate CA certificate has been added as actively
distrusted because it was mis-used to issue certificates for domain
names the holder did not own or control:
- CN=MCSHOLDING TEST, O=MCSHOLDING, C=EG
* The version number of the updated root CA list has been set to 2.4
- update to 3.18
* Firefox target release 38 New functionality:
* When importing certificates and keys from a PKCS#12 source, it's now
possible to override the nicknames, prior to importing them into the
NSS database, using new API SEC_PKCS12DecoderRenameCertNicknames.
* The tstclnt test utility program has new command-line options
-C, -D, -b and -R. Use -C one, two or three times to print information
about the certificates received from a server, and information about
the locally found and trusted issuer certificates, to diagnose server
side configuration issues. It is possible to run tstclnt


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-375=1

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-375=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.2 (i586 x86_64):

MozillaFirefox-38.0.1-30.1
MozillaFirefox-branding-upstream-38.0.1-30.1
MozillaFirefox-buildsymbols-38.0.1-30.1
MozillaFirefox-debuginfo-38.0.1-30.1
MozillaFirefox-debugsource-38.0.1-30.1
MozillaFirefox-devel-38.0.1-30.1
MozillaFirefox-translations-common-38.0.1-30.1
MozillaFirefox-translations-other-38.0.1-30.1
libfreebl3-3.18.1-12.1
libfreebl3-debuginfo-3.18.1-12.1
libsoftokn3-3.18.1-12.1
libsoftokn3-debuginfo-3.18.1-12.1
mozilla-nss-3.18.1-12.1
mozilla-nss-certs-3.18.1-12.1
mozilla-nss-certs-debuginfo-3.18.1-12.1
mozilla-nss-debuginfo-3.18.1-12.1
mozilla-nss-debugsource-3.18.1-12.1
mozilla-nss-devel-3.18.1-12.1
mozilla-nss-sysinit-3.18.1-12.1
mozilla-nss-sysinit-debuginfo-3.18.1-12.1
mozilla-nss-tools-3.18.1-12.1
mozilla-nss-tools-debuginfo-3.18.1-12.1

- openSUSE 13.2 (x86_64):

libfreebl3-32bit-3.18.1-12.1
libfreebl3-debuginfo-32bit-3.18.1-12.1
libsoftokn3-32bit-3.18.1-12.1
libsoftokn3-debuginfo-32bit-3.18.1-12.1
mozilla-nss-32bit-3.18.1-12.1
mozilla-nss-certs-32bit-3.18.1-12.1
mozilla-nss-certs-debuginfo-32bit-3.18.1-12.1
mozilla-nss-debuginfo-32bit-3.18.1-12.1
mozilla-nss-sysinit-32bit-3.18.1-12.1
mozilla-nss-sysinit-debuginfo-32bit-3.18.1-12.1

- openSUSE 13.1 (i586 x86_64):

MozillaFirefox-38.0.1-74.1
MozillaFirefox-branding-upstream-38.0.1-74.1
MozillaFirefox-buildsymbols-38.0.1-74.1
MozillaFirefox-debuginfo-38.0.1-74.1
MozillaFirefox-debugsource-38.0.1-74.1
MozillaFirefox-devel-38.0.1-74.1
MozillaFirefox-translations-common-38.0.1-74.1
MozillaFirefox-translations-other-38.0.1-74.1
libfreebl3-3.18.1-55.1
libfreebl3-debuginfo-3.18.1-55.1
libsoftokn3-3.18.1-55.1
libsoftokn3-debuginfo-3.18.1-55.1
mozilla-nss-3.18.1-55.1
mozilla-nss-certs-3.18.1-55.1
mozilla-nss-certs-debuginfo-3.18.1-55.1
mozilla-nss-debuginfo-3.18.1-55.1
mozilla-nss-debugsource-3.18.1-55.1
mozilla-nss-devel-3.18.1-55.1
mozilla-nss-sysinit-3.18.1-55.1
mozilla-nss-sysinit-debuginfo-3.18.1-55.1
mozilla-nss-tools-3.18.1-55.1
mozilla-nss-tools-debuginfo-3.18.1-55.1

- openSUSE 13.1 (x86_64):

libfreebl3-32bit-3.18.1-55.1
libfreebl3-debuginfo-32bit-3.18.1-55.1
libsoftokn3-32bit-3.18.1-55.1
libsoftokn3-debuginfo-32bit-3.18.1-55.1
mozilla-nss-32bit-3.18.1-55.1
mozilla-nss-certs-32bit-3.18.1-55.1
mozilla-nss-certs-debuginfo-32bit-3.18.1-55.1
mozilla-nss-debuginfo-32bit-3.18.1-55.1
mozilla-nss-sysinit-32bit-3.18.1-55.1
mozilla-nss-sysinit-debuginfo-32bit-3.18.1-55.1


References:

https://www.suse.com/security/cve/CVE-2011-3079.html
https://www.suse.com/security/cve/CVE-2015-2708.html
https://www.suse.com/security/cve/CVE-2015-2709.html
https://www.suse.com/security/cve/CVE-2015-2710.html
https://www.suse.com/security/cve/CVE-2015-2711.html
https://www.suse.com/security/cve/CVE-2015-2712.html
https://www.suse.com/security/cve/CVE-2015-2713.html
https://www.suse.com/security/cve/CVE-2015-2715.html
https://www.suse.com/security/cve/CVE-2015-2716.html
https://www.suse.com/security/cve/CVE-2015-2717.html
https://www.suse.com/security/cve/CVE-2015-2718.html
https://bugzilla.suse.com/930622


< Previous Next >
This Thread
  • No further messages