SUSE Security Update: Security update for xrdp
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0927-1
Rating: important
References: #764044
Affected Products:
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
The XRDP service was changed so that the default crypto
level in XRDP was changed from "low" to "high".
This switches from using a 40 bit encryption to a 128 bit
two-way encryption.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-xrdp-6511
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-xrdp-6511
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-xrdp-6511
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):
xrdp-0.4.1-28.19.1
- SUSE Linux Enterprise Server 11 SP2 (i586 x86_64):
xrdp-0.4.1-28.19.1
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):
xrdp-0.4.1-28.19.1
References:
https://bugzilla.novell.com/764044http://download.novell.com/patch/finder/?keywords=2ce52b092c823f641524602d7…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: xulrunner to 14.0.1
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0924-1
Rating: critical
References: #771583
Cross-References: CVE-2012-1948 CVE-2012-1949 CVE-2012-1950
CVE-2012-1951 CVE-2012-1952 CVE-2012-1953
CVE-2012-1954 CVE-2012-1955 CVE-2012-1957
CVE-2012-1958 CVE-2012-1959 CVE-2012-1960
CVE-2012-1961 CVE-2012-1962 CVE-2012-1963
CVE-2012-1965 CVE-2012-1966 CVE-2012-1967
Affected Products:
openSUSE 12.1
______________________________________________________________________________
An update that fixes 18 vulnerabilities is now available.
Description:
Mozilla XULRunner was updated to 14.0.1, fixing bugs and
security issues:
Following security issues were fixed: MFSA 2012-42: Mozilla
developers identified and fixed several memory safety bugs
in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence
of memory corruption under certain circumstances, and we
presume that with enough effort at least some of these
could be exploited to run arbitrary code.
CVE-2012-1949: Brian Smith, Gary Kwong, Christian Holler,
Jesse Ruderman, Christoph Diehl, Chris Jones, Brad Lassey,
and Kyle Huey reported memory safety problems and crashes
that affect Firefox 13.
CVE-2012-1948: Benoit Jacob, Jesse Ruderman, Christian
Holler, and Bill McCloskey reported memory safety problems
and crashes that affect Firefox ESR 10 and Firefox 13.
MFSA 2012-43 / CVE-2012-1950: Security researcher Mario
Gomes andresearch firm Code Audit Labs reported a mechanism
to short-circuit page loads through drag and drop to the
addressbar by canceling the page load. This causes the
address of the previously site entered to be displayed in
the addressbar instead of the currently loaded page. This
could lead to potential phishing attacks on users.
MFSA 2012-44
Google security researcher Abhishek Arya used the Address
Sanitizer tool to uncover four issues: two use-after-free
problems, one out of bounds read bug, and a bad cast. The
first use-after-free problem is caused when an array of
nsSMILTimeValueSpec objects is destroyed but attempts are
made to call into objects in this array later. The second
use-after-free problem is in nsDocument::AdoptNode when it
adopts into an empty document and then adopts into another
document, emptying the first one. The heap buffer overflow
is in ElementAnimations when data is read off of end of an
array and then pointers are dereferenced. The bad cast
happens when nsTableFrame::InsertFrames is called with
frames in aFrameList that are a mix of row group frames and
column group frames. AppendFrames is not able to handle
this mix.
All four of these issues are potentially exploitable.
CVE-2012-1951: Heap-use-after-free in
nsSMILTimeValueSpec::IsEventBased CVE-2012-1954:
Heap-use-after-free in nsDocument::AdoptNode CVE-2012-1953:
Out of bounds read in ElementAnimations::EnsureStyleRuleFor
CVE-2012-1952: Bad cast in nsTableFrame::InsertFrames
MFSA 2012-45 / CVE-2012-1955: Security researcher Mariusz
Mlynski reported an issue with spoofing of the location
property. In this issue, calls to history.forward and
history.back are used to navigate to a site while
displaying the previous site in the addressbar but changing
the baseURI to the newer site. This can be used for
phishing by allowing the user input form or other data on
the newer, attacking, site while appearing to be on the
older, displayed site.
MFSA 2012-46 / CVE-2012-1966: Mozilla security researcher
moz_bug_r_a4 reported a cross-site scripting (XSS) attack
through the context menu using a data: URL. In this issue,
context menu functionality ("View Image", "Show only this
frame", and "View background image") are disallowed in a
javascript: URL but allowed in a data: URL, allowing for
XSS. This can lead to arbitrary code execution.
MFSA 2012-47 / CVE-2012-1957: Security researcher Mario
Heiderich reported that javascript could be executed in the
HTML feed-view using tag within the RSS . This problem is
due to tags not being filtered out during parsing and can
lead to a potential cross-site scripting (XSS) attack. The
flaw existed in a parser utility class and could affect
other parts of the browser or add-ons which rely on that
class to sanitize untrusted input.
MFSA 2012-48 / CVE-2012-1958: Security researcher Arthur
Gerkis used the Address Sanitizer tool to find a
use-after-free in nsGlobalWindow::PageHidden when
mFocusedContent is released and oldFocusedContent is used
afterwards. This use-after-free could possibly allow for
remote code execution.
MFSA 2012-49 / CVE-2012-1959: Mozilla developer Bobby
Holley found that same-compartment security wrappers (SCSW)
can be bypassed by passing them to another compartment.
Cross-compartment wrappers often do not go through SCSW,
but have a filtering policy built into them. When an object
is wrapped cross-compartment, the SCSW is stripped off and,
when the object is read read back, it is not known that
SCSW was previously present, resulting in a bypassing of
SCSW. This could result in untrusted content having access
to the XBL that implements browser functionality.
MFSA 2012-50 / CVE-2012-1960: Google developer Tony Payne
reported an out of bounds (OOB) read in QCMS, Mozilla’s
color management library. With a carefully crafted color
profile portions of a user's memory could be incorporated
into a transformed image and possibly deciphered.
MFSA 2012-51 / CVE-2012-1961: Bugzilla developer Frédéric
Buclin reported that the "X-Frame-Options header is ignored
when the value is duplicated, for example X-Frame-Options:
SAMEORIGIN, SAMEORIGIN. This duplication occurs for unknown
reasons on some websites and when it occurs results in
Mozilla browsers not being protected against possible
clickjacking attacks on those pages.
MFSA 2012-52 / CVE-2012-1962: Security researcher Bill
Keese reported a memory corruption. This is caused by
JSDependentString::undepend changing a dependent string
into a fixed string when there are additional dependent
strings relying on the same base. When the undepend occurs
during conversion, the base data is freed, leaving other
dependent strings with dangling pointers. This can lead to
a potentially exploitable crash.
MFSA 2012-53 / CVE-2012-1963: Security researcher
Karthikeyan Bhargavan of Prosecco at INRIA reported Content
Security Policy (CSP) 1.0 implementation errors. CSP
violation reports generated by Firefox and sent to the
"report-uri" location include sensitive data within the
"blocked-uri" parameter. These include fragment components
and query strings even if the "blocked-uri" parameter has a
different origin than the protected resource. This can be
used to retrieve a user's OAuth 2.0 access tokens and
OpenID credentials by malicious sites.
MFSA 2012-54 / CVE-2012-1964: Security Researcher Matt
McCutchen reported that a clickjacking attack using the
certificate warning page. A man-in-the-middle (MITM)
attacker can use an iframe to display its own certificate
error warning page (about:certerror) with the "Add
Exception" button of a real warning page from a malicious
site. This can mislead users to adding a certificate
exception for a different site than the perceived one. This
can lead to compromised communications with the user
perceived site through the MITM attack once the certificate
exception has been added.
MFSA 2012-55 / CVE-2012-1965: Security researchers Mario
Gomes and Soroush Dalili reported that since Mozilla allows
the pseudo-protocol feed: to prefix any valid URL, it is
possible to construct feed:javascript: URLs that will
execute scripts in some contexts. On some sites it may be
possible to use this to evade output filtering that would
otherwise strip javascript: URLs and thus contribute to
cross-site scripting (XSS) problems on these sites.
MFSA 2012-56 / CVE-2012-1967: Mozilla security researcher
moz_bug_r_a4 reported a arbitrary code execution attack
using a javascript: URL. The Gecko engine features a
JavaScript sandbox utility that allows the browser or
add-ons to safely execute script in the context of a web
page. In certain cases, javascript: URLs are executed in
such a sandbox with insufficient context that can allow
those scripts to escape from the sandbox and run with
elevated privilege. This can lead to arbitrary code
execution.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2012-465
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.1 (i586 x86_64):
mozilla-js-14.0.1-2.32.2
mozilla-js-debuginfo-14.0.1-2.32.2
xulrunner-14.0.1-2.32.2
xulrunner-buildsymbols-14.0.1-2.32.2
xulrunner-debuginfo-14.0.1-2.32.2
xulrunner-debugsource-14.0.1-2.32.2
xulrunner-devel-14.0.1-2.32.2
xulrunner-devel-debuginfo-14.0.1-2.32.2
- openSUSE 12.1 (x86_64):
mozilla-js-32bit-14.0.1-2.32.2
mozilla-js-debuginfo-32bit-14.0.1-2.32.2
xulrunner-32bit-14.0.1-2.32.2
xulrunner-debuginfo-32bit-14.0.1-2.32.2
- openSUSE 12.1 (ia64):
mozilla-js-debuginfo-x86-14.0.1-2.32.2
mozilla-js-x86-14.0.1-2.32.2
xulrunner-debuginfo-x86-14.0.1-2.32.2
xulrunner-x86-14.0.1-2.32.2
References:
http://support.novell.com/security/cve/CVE-2012-1948.htmlhttp://support.novell.com/security/cve/CVE-2012-1949.htmlhttp://support.novell.com/security/cve/CVE-2012-1950.htmlhttp://support.novell.com/security/cve/CVE-2012-1951.htmlhttp://support.novell.com/security/cve/CVE-2012-1952.htmlhttp://support.novell.com/security/cve/CVE-2012-1953.htmlhttp://support.novell.com/security/cve/CVE-2012-1954.htmlhttp://support.novell.com/security/cve/CVE-2012-1955.htmlhttp://support.novell.com/security/cve/CVE-2012-1957.htmlhttp://support.novell.com/security/cve/CVE-2012-1958.htmlhttp://support.novell.com/security/cve/CVE-2012-1959.htmlhttp://support.novell.com/security/cve/CVE-2012-1960.htmlhttp://support.novell.com/security/cve/CVE-2012-1961.htmlhttp://support.novell.com/security/cve/CVE-2012-1962.htmlhttp://support.novell.com/security/cve/CVE-2012-1963.htmlhttp://support.novell.com/security/cve/CVE-2012-1965.htmlhttp://support.novell.com/security/cve/CVE-2012-1966.htmlhttp://support.novell.com/security/cve/CVE-2012-1967.htmlhttps://bugzilla.novell.com/771583
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for libexif
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0903-1
Rating: important
References: #771229
Cross-References: CVE-2012-2812 CVE-2012-2813 CVE-2012-2814
CVE-2012-2836 CVE-2012-2837 CVE-2012-2840
CVE-2012-2841
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________
An update that fixes 7 vulnerabilities is now available.
Description:
Various overflows and other security related bugs in
libexif were found by the Google Security team and fixed
by the libexif developers.
Security Issue references:
* CVE-2012-2812
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812
>
* CVE-2012-2813
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813
>
* CVE-2012-2814
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814
>
* CVE-2012-2836
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836
>
* CVE-2012-2837
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837
>
* CVE-2012-2840
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840
>
* CVE-2012-2841
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp1-libexif-6568
- SUSE Linux Enterprise Software Development Kit 11 SP1:
zypper in -t patch sdksp1-libexif-6568
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp1-libexif-6568
- SUSE Linux Enterprise Server 11 SP1 for VMware:
zypper in -t patch slessp1-libexif-6568
- SUSE Linux Enterprise Server 11 SP1:
zypper in -t patch slessp1-libexif-6568
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp1-libexif-6568
- SUSE Linux Enterprise Desktop 11 SP1:
zypper in -t patch sledsp1-libexif-6568
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):
libexif-devel-0.6.17-2.14.1
- SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64):
libexif-devel-0.6.17-2.14.1
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64):
libexif-0.6.17-2.14.1
- SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64):
libexif-32bit-0.6.17-2.14.1
- SUSE Linux Enterprise Server 11 SP2 (ia64):
libexif-x86-0.6.17-2.14.1
- SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64):
libexif-0.6.17-2.14.1
- SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64):
libexif-32bit-0.6.17-2.14.1
- SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64):
libexif-0.6.17-2.14.1
- SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64):
libexif-32bit-0.6.17-2.14.1
- SUSE Linux Enterprise Server 11 SP1 (ia64):
libexif-x86-0.6.17-2.14.1
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):
libexif-0.6.17-2.14.1
- SUSE Linux Enterprise Desktop 11 SP2 (x86_64):
libexif-32bit-0.6.17-2.14.1
- SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64):
libexif-0.6.17-2.14.1
- SUSE Linux Enterprise Desktop 11 SP1 (x86_64):
libexif-32bit-0.6.17-2.14.1
References:
http://support.novell.com/security/cve/CVE-2012-2812.htmlhttp://support.novell.com/security/cve/CVE-2012-2813.htmlhttp://support.novell.com/security/cve/CVE-2012-2814.htmlhttp://support.novell.com/security/cve/CVE-2012-2836.htmlhttp://support.novell.com/security/cve/CVE-2012-2837.htmlhttp://support.novell.com/security/cve/CVE-2012-2840.htmlhttp://support.novell.com/security/cve/CVE-2012-2841.htmlhttps://bugzilla.novell.com/771229http://download.novell.com/patch/finder/?keywords=795efea468ff4df45b9a7a62e…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
openSUSE Security Update: MozillaFirefox to 14.0.1
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0899-1
Rating: critical
References: #771583
Cross-References: CVE-2012-1948 CVE-2012-1949 CVE-2012-1950
CVE-2012-1951 CVE-2012-1952 CVE-2012-1953
CVE-2012-1954 CVE-2012-1955 CVE-2012-1957
CVE-2012-1958 CVE-2012-1959 CVE-2012-1961
CVE-2012-1962 CVE-2012-1963 CVE-2012-1964
CVE-2012-1965 CVE-2012-1966 CVE-2012-1967
Affected Products:
openSUSE 12.1
openSUSE 11.4
______________________________________________________________________________
An update that fixes 18 vulnerabilities is now available.
Description:
MozillaFirefox was updated to 14.0.1 to fix various bugs
and security issues.
Following security issues were fixed: MFSA 2012-42: Mozilla
developers identified and fixed several memory safety bugs
in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence
of memory corruption under certain circumstances, and we
presume that with enough effort at least some of these
could be exploited to run arbitrary code.
CVE-2012-1949: Brian Smith, Gary Kwong, Christian Holler,
Jesse Ruderman, Christoph Diehl, Chris Jones, Brad Lassey,
and Kyle Huey reported memory safety problems and crashes
that affect Firefox 13.
CVE-2012-1948: Benoit Jacob, Jesse Ruderman, Christian
Holler, and Bill McCloskey reported memory safety problems
and crashes that affect Firefox ESR 10 and Firefox 13.
MFSA 2012-43 / CVE-2012-1950: Security researcher Mario
Gomes andresearch firm Code Audit Labs reported a mechanism
to short-circuit page loads through drag and drop to the
addressbar by canceling the page load. This causes the
address of the previously site entered to be displayed in
the addressbar instead of the currently loaded page. This
could lead to potential phishing attacks on users.
MFSA 2012-44 Google security researcher Abhishek Arya used
the Address Sanitizer tool to uncover four issues: two
use-after-free problems, one out of bounds read bug, and a
bad cast. The first use-after-free problem is caused when
an array of nsSMILTimeValueSpec objects is destroyed but
attempts are made to call into objects in this array later.
The second use-after-free problem is in
nsDocument::AdoptNode when it adopts into an empty document
and then adopts into another document, emptying the first
one. The heap buffer overflow is in ElementAnimations when
data is read off of end of an array and then pointers are
dereferenced. The bad cast happens when
nsTableFrame::InsertFrames is called with frames in
aFrameList that are a mix of row group frames and column
group frames. AppendFrames is not able to handle this mix.
All four of these issues are potentially exploitable.
CVE-2012-1951: Heap-use-after-free in
nsSMILTimeValueSpec::IsEventBased CVE-2012-1954:
Heap-use-after-free in nsDocument::AdoptNode CVE-2012-1953:
Out of bounds read in ElementAnimations::EnsureStyleRuleFor
CVE-2012-1952: Bad cast in nsTableFrame::InsertFrames
MFSA 2012-45 / CVE-2012-1955: Security researcher Mariusz
Mlynski reported an issue with spoofing of the location
property. In this issue, calls to history.forward and
history.back are used to navigate to a site while
displaying the previous site in the addressbar but changing
the baseURI to the newer site. This can be used for
phishing by allowing the user input form or other data on
the newer, attacking, site while appearing to be on the
older, displayed site.
MFSA 2012-46 / CVE-2012-1966: Mozilla security researcher
moz_bug_r_a4 reported a cross-site scripting (XSS) attack
through the context menu using a data: URL. In this issue,
context menu functionality ("View Image", "Show only this
frame", and "View background image") are disallowed in a
javascript: URL but allowed in a data: URL, allowing for
XSS. This can lead to arbitrary code execution.
MFSA 2012-47 / CVE-2012-1957: Security researcher Mario
Heiderich reported that javascript could be executed in the
HTML feed-view using <embed> tag within the RSS
<description>. This problem is due to <embed> tags not
being filtered out during parsing and can lead to a
potential cross-site scripting (XSS) attack. The flaw
existed in a parser utility class and could affect other
parts of the browser or add-ons which rely on that class to
sanitize untrusted input.
MFSA 2012-48 / CVE-2012-1958: Security researcher Arthur
Gerkis used the Address Sanitizer tool to find a
use-after-free in nsGlobalWindow::PageHidden when
mFocusedContent is released and oldFocusedContent is used
afterwards. This use-after-free could possibly allow for
remote code execution.
MFSA 2012-49 / CVE-2012-1959: Mozilla developer Bobby
Holley found that same-compartment security wrappers (SCSW)
can be bypassed by passing them to another compartment.
Cross-compartment wrappers often do not go through SCSW,
but have a filtering policy built into them. When an object
is wrapped cross-compartment, the SCSW is stripped off and,
when the object is read read back, it is not known that
SCSW was previously present, resulting in a bypassing of
SCSW. This could result in untrusted content having access
to the XBL that implements browser functionality.
MFSA 2012-50 / CVE-2012-1960: Google developer Tony Payne
reported an out of bounds (OOB) read in QCMS, Mozilla’s
color management library. With a carefully crafted color
profile portions of a user's memory could be incorporated
into a transformed image and possibly deciphered.
MFSA 2012-51 / CVE-2012-1961: Bugzilla developer Frédéric
Buclin reported that the "X-Frame-Options header is ignored
when the value is duplicated, for example X-Frame-Options:
SAMEORIGIN, SAMEORIGIN. This duplication occurs for unknown
reasons on some websites and when it occurs results in
Mozilla browsers not being protected against possible
clickjacking attacks on those pages.
MFSA 2012-52 / CVE-2012-1962: Security researcher Bill
Keese reported a memory corruption. This is caused by
JSDependentString::undepend changing a dependent string
into a fixed string when there are additional dependent
strings relying on the same base. When the undepend occurs
during conversion, the base data is freed, leaving other
dependent strings with dangling pointers. This can lead to
a potentially exploitable crash.
MFSA 2012-53 / CVE-2012-1963: Security researcher
Karthikeyan Bhargavan of Prosecco at INRIA reported Content
Security Policy (CSP) 1.0 implementation errors. CSP
violation reports generated by Firefox and sent to the
"report-uri" location include sensitive data within the
"blocked-uri" parameter. These include fragment components
and query strings even if the "blocked-uri" parameter has a
different origin than the protected resource. This can be
used to retrieve a user's OAuth 2.0 access tokens and
OpenID credentials by malicious sites.
MFSA 2012-54 / CVE-2012-1964: Security Researcher Matt
McCutchen reported that a clickjacking attack using the
certificate warning page. A man-in-the-middle (MITM)
attacker can use an iframe to display its own certificate
error warning page (about:certerror) with the "Add
Exception" button of a real warning page from a malicious
site. This can mislead users to adding a certificate
exception for a different site than the perceived one. This
can lead to compromised communications with the user
perceived site through the MITM attack once the certificate
exception has been added.
MFSA 2012-55 / CVE-2012-1965: Security researchers Mario
Gomes and Soroush Dalili reported that since Mozilla allows
the pseudo-protocol feed: to prefix any valid URL, it is
possible to construct feed:javascript: URLs that will
execute scripts in some contexts. On some sites it may be
possible to use this to evade output filtering that would
otherwise strip javascript: URLs and thus contribute to
cross-site scripting (XSS) problems on these sites.
MFSA 2012-56 / CVE-2012-1967: Mozilla security researcher
moz_bug_r_a4 reported a arbitrary code execution attack
using a javascript: URL. The Gecko engine features a
JavaScript sandbox utility that allows the browser or
add-ons to safely execute script in the context of a web
page. In certain cases, javascript: URLs are executed in
such a sandbox with insufficient context that can allow
those scripts to escape from the sandbox and run with
elevated privilege. This can lead to arbitrary code
execution.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2012-410
- openSUSE 11.4:
zypper in -t patch openSUSE-2012-410
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.1 (i586 x86_64):
MozillaFirefox-14.0.1-2.33.1
MozillaFirefox-branding-upstream-14.0.1-2.33.1
MozillaFirefox-buildsymbols-14.0.1-2.33.1
MozillaFirefox-debuginfo-14.0.1-2.33.1
MozillaFirefox-debugsource-14.0.1-2.33.1
MozillaFirefox-devel-14.0.1-2.33.1
MozillaFirefox-translations-common-14.0.1-2.33.1
MozillaFirefox-translations-other-14.0.1-2.33.1
- openSUSE 11.4 (i586 x86_64):
MozillaFirefox-14.0.1-28.1
MozillaFirefox-branding-upstream-14.0.1-28.1
MozillaFirefox-buildsymbols-14.0.1-28.1
MozillaFirefox-debuginfo-14.0.1-28.1
MozillaFirefox-debugsource-14.0.1-28.1
MozillaFirefox-devel-14.0.1-28.1
MozillaFirefox-translations-common-14.0.1-28.1
MozillaFirefox-translations-other-14.0.1-28.1
References:
http://support.novell.com/security/cve/CVE-2012-1948.htmlhttp://support.novell.com/security/cve/CVE-2012-1949.htmlhttp://support.novell.com/security/cve/CVE-2012-1950.htmlhttp://support.novell.com/security/cve/CVE-2012-1951.htmlhttp://support.novell.com/security/cve/CVE-2012-1952.htmlhttp://support.novell.com/security/cve/CVE-2012-1953.htmlhttp://support.novell.com/security/cve/CVE-2012-1954.htmlhttp://support.novell.com/security/cve/CVE-2012-1955.htmlhttp://support.novell.com/security/cve/CVE-2012-1957.htmlhttp://support.novell.com/security/cve/CVE-2012-1958.htmlhttp://support.novell.com/security/cve/CVE-2012-1959.htmlhttp://support.novell.com/security/cve/CVE-2012-1961.htmlhttp://support.novell.com/security/cve/CVE-2012-1962.htmlhttp://support.novell.com/security/cve/CVE-2012-1963.htmlhttp://support.novell.com/security/cve/CVE-2012-1964.htmlhttp://support.novell.com/security/cve/CVE-2012-1965.htmlhttp://support.novell.com/security/cve/CVE-2012-1966.htmlhttp://support.novell.com/security/cve/CVE-2012-1967.htmlhttps://bugzilla.novell.com/771583
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for Mozilla Firefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0896-1
Rating: important
References: #771583
Cross-References: CVE-2012-1948 CVE-2012-1949 CVE-2012-1950
CVE-2012-1951 CVE-2012-1952 CVE-2012-1953
CVE-2012-1954 CVE-2012-1955 CVE-2012-1957
CVE-2012-1958 CVE-2012-1959 CVE-2012-1961
CVE-2012-1962 CVE-2012-1963 CVE-2012-1964
CVE-2012-1965 CVE-2012-1966 CVE-2012-1967
Affected Products:
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________
An update that fixes 18 vulnerabilities is now available.
It includes two new package versions.
Description:
MozillaFirefox has been updated to the 10.0.6ESR security
release fixing various bugs and several security issues,
some critical.
The following security issues have been fixed:
*
MFSA 2012-42: Mozilla developers identified and fixed
several memory safety bugs in the browser engine used in
Firefox and other Mozilla-based products. Some of these
bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code.
*
CVE-2012-1948: Benoit Jacob, Jesse Ruderman,
Christian Holler, and Bill McCloskey reported memory safety
problems and crashes that affect Firefox ESR 10 and Firefox
13.
*
MFSA 2012-43 / CVE-2012-1950: Security researcher
Mario Gomes andresearch firm Code Audit Labs reported a
mechanism to short-circuit page loads through drag and drop
to the addressbar by canceling the page load. This causes
the address of the previously site entered to be displayed
in the addressbar instead of the currently loaded page.
This could lead to potential phishing attacks on users.
*
MFSA 2012-44 Google security researcher Abhishek Arya
used the Address Sanitizer tool to uncover four issues: two
use-after-free problems, one out of bounds read bug, and a
bad cast. The first use-afte.r-free problem is caused when
an array of nsSMILTimeValueSpec objects is destroyed but
attempts are made to call into objects in this array later.
The second use-after-free problem is in
nsDocument::AdoptNode when it adopts into an empty document
and then adopts into another document, emptying the first
one. The heap buffer overflow is in ElementAnimations when
data is read off of end of an array and then pointers are
dereferenced. The bad cast happens when
nsTableFrame::InsertFrames is called with frames in
aFrameList that are a mix of row group frames and column
group frames. AppendFrames is not able to handle this mix.
All four of these issues are potentially exploitable.
o CVE-2012-1951: Heap-use-after-free in
nsSMILTimeValueSpec::IsEventBased o CVE-2012-1954:
Heap-use-after-free in nsDocument::AdoptNode o
CVE-2012-1953: Out of bounds read in
ElementAnimations::EnsureStyleRuleFor o CVE-2012-1952: Bad
cast in nsTableFrame::InsertFrames
*
MFSA 2012-45 / CVE-2012-1955: Security researcher
Mariusz Mlynski reported an issue with spoofing of the
location property. In this issue, calls to history.forward
and history.back are used to navigate to a site while
displaying the previous site in the addressbar but changing
the baseURI to the newer site. This can be used for
phishing by allowing the user input form or other data on
the newer, attacking, site while appearing to be on the
older, displayed site.
*
MFSA 2012-46 / CVE-2012-1966: Mozilla security
researcher moz_bug_r_a4 reported a cross-site scripting
(XSS) attack through the context menu using a data: URL. In
this issue, context menu functionality ("View Image", "Show
only this frame", and "View background image") are
disallowed in a javascript: URL but allowed in a data: URL,
allowing for XSS. This can lead to arbitrary code execution.
*
MFSA 2012-47 / CVE-2012-1957: Security researcher
Mario Heiderich reported that javascript could be executed
in the HTML feed-view using tag within the RSS . This
problem is due to tags not being filtered out during
parsing and can lead to a potential cross-site scripting
(XSS) attack. The flaw existed in a parser utility class
and could affect other parts of the browser or add-ons
which rely on that class to sanitize untrusted input.
*
MFSA 2012-48 / CVE-2012-1958: Security researcher
Arthur Gerkis used the Address Sanitizer tool to find a
use-after-free in nsGlobalWindow::PageHidden when
mFocusedContent is released and oldFocusedContent is used
afterwards. This use-after-free could possibly allow for
remote code execution.
*
MFSA 2012-49 / CVE-2012-1959: Mozilla developer Bobby
Holley found that same-compartment security wrappers (SCSW)
can be bypassed by passing them to another compartment.
Cross-compartment wrappers often do not go through SCSW,
but have a filtering policy built into them. When an object
is wrapped cross-compartment, the SCSW is stripped off and,
when the object is read read back, it is not known that
SCSW was previously present, resulting in a bypassing of
SCSW. This could result in untrusted content having access
to the XBL that implements browser functionality.
*
MFSA 2012-50 / CVE-2012-1960: Google developer Tony
Payne reported an out of bounds (OOB) read in QCMS,
Mozilla's color management library. With a carefully
crafted color profile portions of a user's memory could be
incorporated into a transformed image and possibly
deciphered.
*
MFSA 2012-51 / CVE-2012-1961: Bugzilla developer
Frederic Buclin reported that the "X-Frame-Options header
is ignored when the value is duplicated, for example
X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This duplication
occurs for unknown reasons on some websites and when it
occurs results in Mozilla browsers not being protected
against possible clickjacking attacks on those pages.
*
MFSA 2012-52 / CVE-2012-1962: Security researcher
Bill Keese reported a memory corruption. This is caused by
JSDependentString::undepend changing a dependent string
into a fixed string when there are additional dependent
strings relying on the same base. When the undepend occurs
during conversion, the base data is freed, leaving other
dependent strings with dangling pointers. This can lead to
a potentially exploitable crash.
*
MFSA 2012-53 / CVE-2012-1963: Security researcher
Karthikeyan Bhargavan of Prosecco at INRIA reported Content
Security Policy (CSP) 1.0 implementation errors. CSP
violation reports generated by Firefox and sent to the
"report-uri" location include sensitive data within the
"blocked-uri" parameter. These include fragment components
and query strings even if the "blocked-uri" parameter has a
different origin than the protected resource. This can be
used to retrieve a user's OAuth 2.0 access tokens and
OpenID credentials by malicious sites.
*
MFSA 2012-54 / CVE-2012-1964: Security Researcher
Matt McCutchen reported that a clickjacking attack using
the certificate warning page. A man-in-the-middle (MITM)
attacker can use an iframe to display its own certificate
error warning page (about:certerror) with the "Add
Exception" button of a real warning page from a malicious
site. This can mislead users to adding a certificate
exception for a different site than the perceived one. This
can lead to compromised communications with the user
perceived site through the MITM attack once the certificate
exception has been added.
*
MFSA 2012-55 / CVE-2012-1965: Security researchers
Mario Gomes and Soroush Dalili reported that since Mozilla
allows the pseudo-protocol feed: to prefix any valid URL,
it is possible to construct feed:javascript: URLs that will
execute scripts in some contexts. On some sites it may be
possible to use this to evade output filtering that would
otherwise strip javascript: URLs and thus contribute to
cross-site scripting (XSS) problems on these sites.
*
MFSA 2012-56 / CVE-2012-1967: Mozilla security
researcher moz_bug_r_a4 reported a arbitrary code execution
attack using a javascript: URL. The Gecko engine features a
JavaScript sandbox utility that allows the browser or
add-ons to safely execute script in the context of a web
page. In certain cases, javascript: URLs are executed in
such a sandbox with insufficient context that can allow
those scripts to escape from the sandbox and run with
elevated privilege. This can lead to arbitrary code
execution.
Security Issue references:
* CVE-2012-1967
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967
>
* CVE-2012-1948
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948
>
* CVE-2012-1949
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1949
>
* CVE-2012-1951
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951
>
* CVE-2012-1952
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952
>
* CVE-2012-1953
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953
>
* CVE-2012-1954
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954
>
* CVE-2012-1966
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1966
>
* CVE-2012-1958
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958
>
* CVE-2012-1959
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959
>
* CVE-2012-1962
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962
>
* CVE-2012-1950
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950
>
* CVE-2012-1955
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955
>
* CVE-2012-1957
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957
>
* CVE-2012-1961
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961
>
* CVE-2012-1963
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963
>
* CVE-2012-1964
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964
>
* CVE-2012-1965
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1965
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp1-firefox-201207-6574
- SUSE Linux Enterprise Server 11 SP1 for VMware:
zypper in -t patch slessp1-firefox-201207-6574
- SUSE Linux Enterprise Server 11 SP1:
zypper in -t patch slessp1-firefox-201207-6574
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp1-firefox-201207-6574
- SUSE Linux Enterprise Desktop 11 SP1:
zypper in -t patch sledsp1-firefox-201207-6574
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.6 and 7]:
MozillaFirefox-10.0.6-0.4.1
MozillaFirefox-branding-SLED-7-0.6.7.70
MozillaFirefox-translations-10.0.6-0.4.1
- SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 10.0.6]:
MozillaFirefox-10.0.6-0.4.1
MozillaFirefox-translations-10.0.6-0.4.1
- SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.6 and 7]:
MozillaFirefox-10.0.6-0.4.1
MozillaFirefox-branding-SLED-7-0.6.7.70
MozillaFirefox-translations-10.0.6-0.4.1
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 10.0.6 and 7]:
MozillaFirefox-10.0.6-0.4.1
MozillaFirefox-branding-SLED-7-0.6.7.70
MozillaFirefox-translations-10.0.6-0.4.1
- SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 10.0.6 and 7]:
MozillaFirefox-10.0.6-0.4.1
MozillaFirefox-branding-SLED-7-0.6.7.70
MozillaFirefox-translations-10.0.6-0.4.1
References:
http://support.novell.com/security/cve/CVE-2012-1948.htmlhttp://support.novell.com/security/cve/CVE-2012-1949.htmlhttp://support.novell.com/security/cve/CVE-2012-1950.htmlhttp://support.novell.com/security/cve/CVE-2012-1951.htmlhttp://support.novell.com/security/cve/CVE-2012-1952.htmlhttp://support.novell.com/security/cve/CVE-2012-1953.htmlhttp://support.novell.com/security/cve/CVE-2012-1954.htmlhttp://support.novell.com/security/cve/CVE-2012-1955.htmlhttp://support.novell.com/security/cve/CVE-2012-1957.htmlhttp://support.novell.com/security/cve/CVE-2012-1958.htmlhttp://support.novell.com/security/cve/CVE-2012-1959.htmlhttp://support.novell.com/security/cve/CVE-2012-1961.htmlhttp://support.novell.com/security/cve/CVE-2012-1962.htmlhttp://support.novell.com/security/cve/CVE-2012-1963.htmlhttp://support.novell.com/security/cve/CVE-2012-1964.htmlhttp://support.novell.com/security/cve/CVE-2012-1965.htmlhttp://support.novell.com/security/cve/CVE-2012-1966.htmlhttp://support.novell.com/security/cve/CVE-2012-1967.htmlhttps://bugzilla.novell.com/771583http://download.novell.com/patch/finder/?keywords=0b1471bd5af6e54566551a32a…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for Mozilla Firefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0895-1
Rating: important
References: #712248 #771583
Cross-References: CVE-2012-1948 CVE-2012-1949 CVE-2012-1950
CVE-2012-1951 CVE-2012-1952 CVE-2012-1953
CVE-2012-1954 CVE-2012-1955 CVE-2012-1957
CVE-2012-1958 CVE-2012-1959 CVE-2012-1961
CVE-2012-1962 CVE-2012-1963 CVE-2012-1964
CVE-2012-1965 CVE-2012-1966 CVE-2012-1967
Affected Products:
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
______________________________________________________________________________
An update that fixes 18 vulnerabilities is now available.
It includes one version update.
Description:
MozillaFirefox have been updated to the 10.0.6ESR security
release fixing various bugs and several security issues,
some critical.
The ollowing security issues have been fixed:
*
MFSA 2012-42: Mozilla developers identified and fixed
several memory safety bugs in the browser engine used in
Firefox and other Mozilla-based products. Some of these
bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code.
*
CVE-2012-1948: Benoit Jacob, Jesse Ruderman,
Christian Holler, and Bill McCloskey reported memory safety
problems and crashes that affect Firefox ESR 10 and Firefox
13.
*
MFSA 2012-43 / CVE-2012-1950: Security researcher
Mario Gomes andresearch firm Code Audit Labs reported a
mechanism to short-circuit page loads through drag and drop
to the addressbar by canceling the page load. This causes
the address of the previously site entered to be displayed
in the addressbar instead of the currently loaded page.
This could lead to potential phishing attacks on users.
*
MFSA 2012-44 Google security researcher Abhishek Arya
used the Address Sanitizer tool to uncover four issues: two
use-after-free problems, one out of bounds read bug, and a
bad cast. The first use-afte.r-free problem is caused when
an array of nsSMILTimeValueSpec objects is destroyed but
attempts are made to call into objects in this array later.
The second use-after-free problem is in
nsDocument::AdoptNode when it adopts into an empty document
and then adopts into another document, emptying the first
one. The heap buffer overflow is in ElementAnimations when
data is read off of end of an array and then pointers are
dereferenced. The bad cast happens when
nsTableFrame::InsertFrames is called with frames in
aFrameList that are a mix of row group frames and column
group frames. AppendFrames is not able to handle this mix.
All four of these issues are potentially exploitable.
o CVE-2012-1951: Heap-use-after-free in
nsSMILTimeValueSpec::IsEventBased o CVE-2012-1954:
Heap-use-after-free in nsDocument::AdoptNode o
CVE-2012-1953: Out of bounds read in
ElementAnimations::EnsureStyleRuleFor o CVE-2012-1952: Bad
cast in nsTableFrame::InsertFrames
*
MFSA 2012-45 / CVE-2012-1955: Security researcher
Mariusz Mlynski reported an issue with spoofing of the
location property. In this issue, calls to history.forward
and history.back are used to navigate to a site while
displaying the previous site in the addressbar but changing
the baseURI to the newer site. This can be used for
phishing by allowing the user input form or other data on
the newer, attacking, site while appearing to be on the
older, displayed site.
*
MFSA 2012-46 / CVE-2012-1966: Mozilla security
researcher moz_bug_r_a4 reported a cross-site scripting
(XSS) attack through the context menu using a data: URL. In
this issue, context menu functionality ("View Image", "Show
only this frame", and "View background image") are
disallowed in a javascript: URL but allowed in a data: URL,
allowing for XSS. This can lead to arbitrary code execution.
*
MFSA 2012-47 / CVE-2012-1957: Security researcher
Mario Heiderich reported that javascript could be executed
in the HTML feed-view using tag within the RSS . This
problem is due to tags not being filtered out during
parsing and can lead to a potential cross-site scripting
(XSS) attack. The flaw existed in a parser utility class
and could affect other parts of the browser or add-ons
which rely on that class to sanitize untrusted input.
*
MFSA 2012-48 / CVE-2012-1958: Security researcher
Arthur Gerkis used the Address Sanitizer tool to find a
use-after-free in nsGlobalWindow::PageHidden when
mFocusedContent is released and oldFocusedContent is used
afterwards. This use-after-free could possibly allow for
remote code execution.
*
MFSA 2012-49 / CVE-2012-1959: Mozilla developer Bobby
Holley found that same-compartment security wrappers (SCSW)
can be bypassed by passing them to another compartment.
Cross-compartment wrappers often do not go through SCSW,
but have a filtering policy built into them. When an object
is wrapped cross-compartment, the SCSW is stripped off and,
when the object is read read back, it is not known that
SCSW was previously present, resulting in a bypassing of
SCSW. This could result in untrusted content having access
to the XBL that implements browser functionality.
*
MFSA 2012-50 / CVE-2012-1960: Google developer Tony
Payne reported an out of bounds (OOB) read in QCMS,
Mozilla's color management library. With a carefully
crafted color profile portions of a user's memory could be
incorporated into a transformed image and possibly
deciphered.
*
MFSA 2012-51 / CVE-2012-1961: Bugzilla developer
Frederic Buclin reported that the "X-Frame-Options header
is ignored when the value is duplicated, for example
X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This duplication
occurs for unknown reasons on some websites and when it
occurs results in Mozilla browsers not being protected
against possible clickjacking attacks on those pages.
*
MFSA 2012-52 / CVE-2012-1962: Security researcher
Bill Keese reported a memory corruption. This is caused by
JSDependentString::undepend changing a dependent string
into a fixed string when there are additional dependent
strings relying on the same base. When the undepend occurs
during conversion, the base data is freed, leaving other
dependent strings with dangling pointers. This can lead to
a potentially exploitable crash.
*
MFSA 2012-53 / CVE-2012-1963: Security researcher
Karthikeyan Bhargavan of Prosecco at INRIA reported Content
Security Policy (CSP) 1.0 implementation errors. CSP
violation reports generated by Firefox and sent to the
"report-uri" location include sensitive data within the
"blocked-uri" parameter. These include fragment components
and query strings even if the "blocked-uri" parameter has a
different origin than the protected resource. This can be
used to retrieve a user's OAuth 2.0 access tokens and
OpenID credentials by malicious sites.
*
MFSA 2012-54 / CVE-2012-1964: Security Researcher
Matt McCutchen reported that a clickjacking attack using
the certificate warning page. A man-in-the-middle (MITM)
attacker can use an iframe to display its own certificate
error warning page (about:certerror) with the "Add
Exception" button of a real warning page from a malicious
site. This can mislead users to adding a certificate
exception for a different site than the perceived one. This
can lead to compromised communications with the user
perceived site through the MITM attack once the certificate
exception has been added.
*
MFSA 2012-55 / CVE-2012-1965: Security researchers
Mario Gomes and Soroush Dalili reported that since Mozilla
allows the pseudo-protocol feed: to prefix any valid URL,
it is possible to construct feed:javascript: URLs that will
execute scripts in some contexts. On some sites it may be
possible to use this to evade output filtering that would
otherwise strip javascript: URLs and thus contribute to
cross-site scripting (XSS) problems on these sites.
*
MFSA 2012-56 / CVE-2012-1967: Mozilla security
researcher moz_bug_r_a4 reported a arbitrary code execution
attack using a javascript: URL. The Gecko engine features a
JavaScript sandbox utility that allows the browser or
add-ons to safely execute script in the context of a web
page. In certain cases, javascript: URLs are executed in
such a sandbox with insufficient context that can allow
those scripts to escape from the sandbox and run with
elevated privilege. This can lead to arbitrary code
execution.
Security Issue references:
* CVE-2012-1967
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967
>
* CVE-2012-1948
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1948
>
* CVE-2012-1949
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1949
>
* CVE-2012-1951
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951
>
* CVE-2012-1952
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1952
>
* CVE-2012-1953
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1953
>
* CVE-2012-1954
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1954
>
* CVE-2012-1966
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1966
>
* CVE-2012-1958
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958
>
* CVE-2012-1959
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959
>
* CVE-2012-1962
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962
>
* CVE-2012-1950
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1950
>
* CVE-2012-1955
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955
>
* CVE-2012-1957
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957
>
* CVE-2012-1961
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961
>
* CVE-2012-1963
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963
>
* CVE-2012-1964
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964
>
* CVE-2012-1965
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1965
>
Package List:
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):
firefox3-gtk2-2.10.6-0.12.1
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x) [New Version: 7]:
MozillaFirefox-10.0.6-0.6.1
MozillaFirefox-branding-SLED-7-0.8.25
MozillaFirefox-translations-10.0.6-0.6.1
- SUSE Linux Enterprise Server 10 SP4 (s390x x86_64):
firefox3-gtk2-32bit-2.10.6-0.12.1
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
firefox3-gtk2-2.10.6-0.12.1
- SUSE Linux Enterprise Desktop 10 SP4 (x86_64):
firefox3-gtk2-32bit-2.10.6-0.12.1
- SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 7]:
MozillaFirefox-10.0.6-0.6.1
MozillaFirefox-branding-SLED-7-0.8.25
MozillaFirefox-translations-10.0.6-0.6.1
- SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):
firefox3-gtk2-devel-2.10.6-0.12.1
firefox3-gtk2-doc-2.10.6-0.12.1
- SLE SDK 10 SP4 (i586 ia64 ppc s390x):
MozillaFirefox-branding-upstream-10.0.6-0.6.1
References:
http://support.novell.com/security/cve/CVE-2012-1948.htmlhttp://support.novell.com/security/cve/CVE-2012-1949.htmlhttp://support.novell.com/security/cve/CVE-2012-1950.htmlhttp://support.novell.com/security/cve/CVE-2012-1951.htmlhttp://support.novell.com/security/cve/CVE-2012-1952.htmlhttp://support.novell.com/security/cve/CVE-2012-1953.htmlhttp://support.novell.com/security/cve/CVE-2012-1954.htmlhttp://support.novell.com/security/cve/CVE-2012-1955.htmlhttp://support.novell.com/security/cve/CVE-2012-1957.htmlhttp://support.novell.com/security/cve/CVE-2012-1958.htmlhttp://support.novell.com/security/cve/CVE-2012-1959.htmlhttp://support.novell.com/security/cve/CVE-2012-1961.htmlhttp://support.novell.com/security/cve/CVE-2012-1962.htmlhttp://support.novell.com/security/cve/CVE-2012-1963.htmlhttp://support.novell.com/security/cve/CVE-2012-1964.htmlhttp://support.novell.com/security/cve/CVE-2012-1965.htmlhttp://support.novell.com/security/cve/CVE-2012-1966.htmlhttp://support.novell.com/security/cve/CVE-2012-1967.htmlhttps://bugzilla.novell.com/712248https://bugzilla.novell.com/771583http://download.novell.com/patch/finder/?keywords=96da6f10cbe978aeccb3ac8d9…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
SUSE Security Update: Security update for pidgin, finch and libpurple
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0890-1
Rating: important
References: #770304
Cross-References: CVE-2012-3374
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update of pidgin fixes a stack-based buffer overflow
in the MXit protocol which could have potentially been
exploited by remote attackers to execute arbitrary code in
the context of the user running pidgin (CVE-2012-3374).
Security Issue reference:
* CVE-2012-3374
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3374
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp1-finch-6534
- SUSE Linux Enterprise Software Development Kit 11 SP1:
zypper in -t patch sdksp1-finch-6534
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp1-finch-6534
- SUSE Linux Enterprise Desktop 11 SP1:
zypper in -t patch sledsp1-finch-6534
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):
finch-2.6.6-0.17.1
finch-devel-2.6.6-0.17.1
libpurple-2.6.6-0.17.1
libpurple-devel-2.6.6-0.17.1
libpurple-lang-2.6.6-0.17.1
pidgin-2.6.6-0.17.1
pidgin-devel-2.6.6-0.17.1
- SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64):
finch-2.6.6-0.17.1
finch-devel-2.6.6-0.17.1
libpurple-2.6.6-0.17.1
libpurple-devel-2.6.6-0.17.1
libpurple-lang-2.6.6-0.17.1
pidgin-2.6.6-0.17.1
pidgin-devel-2.6.6-0.17.1
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):
finch-2.6.6-0.17.1
libpurple-2.6.6-0.17.1
libpurple-lang-2.6.6-0.17.1
libpurple-meanwhile-2.6.6-0.17.1
libpurple-tcl-2.6.6-0.17.1
pidgin-2.6.6-0.17.1
- SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64):
finch-2.6.6-0.17.1
libpurple-2.6.6-0.17.1
libpurple-lang-2.6.6-0.17.1
libpurple-meanwhile-2.6.6-0.17.1
libpurple-tcl-2.6.6-0.17.1
pidgin-2.6.6-0.17.1
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
finch-2.6.6-0.18.1
libpurple-2.6.6-0.18.1
pidgin-2.6.6-0.18.1
- SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):
finch-2.6.6-0.18.1
finch-devel-2.6.6-0.18.1
libpurple-2.6.6-0.18.1
libpurple-devel-2.6.6-0.18.1
pidgin-2.6.6-0.18.1
pidgin-devel-2.6.6-0.18.1
References:
http://support.novell.com/security/cve/CVE-2012-3374.htmlhttps://bugzilla.novell.com/770304http://download.novell.com/patch/finder/?keywords=6cdbffccfb7e818b850e497dc…http://download.novell.com/patch/finder/?keywords=a738afec13eba5d4d2ab0d2b9…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org