Mailinglist Archive: opensuse-updates (67 mails)

< Previous Next >
openSUSE-SU-2012:0567-1: moderate: update for MozillaFirefox, MozillaThunderbird, seamonkey, xulrunner
openSUSE Security Update: update for MozillaFirefox, MozillaThunderbird,
seamonkey, xulrunner
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0567-1
Rating: moderate
References: #712224 #714931 #720264 #726758 #728520 #732898
#733002 #744275 #746616 #747328 #749440 #750044
#755060 #758408
Cross-References: CVE-2011-1187 CVE-2011-2985 CVE-2011-2986
CVE-2011-2987 CVE-2011-2988 CVE-2011-2989
CVE-2011-2991 CVE-2011-2992 CVE-2011-3005
CVE-2011-3062 CVE-2011-3232 CVE-2011-3651
CVE-2011-3652 CVE-2011-3654 CVE-2011-3655
CVE-2011-3658 CVE-2011-3660 CVE-2011-3661
CVE-2011-3663 CVE-2012-0445 CVE-2012-0446
CVE-2012-0447 CVE-2012-0451 CVE-2012-0452
CVE-2012-0459 CVE-2012-0460 CVE-2012-0467
CVE-2012-0468 CVE-2012-0469 CVE-2012-0470
CVE-2012-0471 CVE-2012-0472 CVE-2012-0473
CVE-2012-0474 CVE-2012-0475 CVE-2012-0477
CVE-2012-0478 CVE-2012-0479
Affected Products:
openSUSE 12.1
openSUSE 11.4
______________________________________________________________________________

An update that fixes 38 vulnerabilities is now available.

Description:

Changes in xulrunner:
- update to 12.0 (bnc#758408)
* rebased patches
* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous
memory safety hazards
* MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free
in IDBKeyRange
* MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees
causes heap corruption in gfxImageSurface
* MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS
via multibyte content processing errors
* MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential
memory corruption during font rendering using
cairo-dwrite
* MFSA 2012-26/CVE-2012-0473 (bmo#743475)
WebGL.drawElements may read illegal video memory due to
FindMaxUshortElement error
* MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
Page load short-circuit can lead to XSS
* MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6
in Origin headers may bypass webserver access
restrictions
* MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS
through ISO-2022-KR/ISO-2022-CN decoding issues
* MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with
WebGL content using textImage2D
* MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one
error in OpenType Sanitizer
* MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP
Redirections and remote content can be read by
javascript errors
* MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site
identity spoofing when loading RSS and Atom feeds
- added mozilla-libnotify.patch to allow fallback from
libnotify to xul based events if no notification-daemon
is running
- gcc 4.7 fixes
* mozilla-gcc47.patch
* disabled crashreporter temporarily for Factory

Changes in MozillaFirefox:
- update to Firefox 12.0 (bnc#758408)
* rebased patches
* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous
memory safety hazards
* MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free
in IDBKeyRange
* MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees
causes heap corruption in gfxImageSurface
* MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS
via multibyte content processing errors
* MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential
memory corruption during font rendering using
cairo-dwrite
* MFSA 2012-26/CVE-2012-0473 (bmo#743475)
WebGL.drawElements may read illegal video memory due to
FindMaxUshortElement error
* MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
Page load short-circuit can lead to XSS
* MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6
in Origin headers may bypass webserver access
restrictions
* MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS
through ISO-2022-KR/ISO-2022-CN decoding issues
* MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with
WebGL content using textImage2D
* MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one
error in OpenType Sanitizer
* MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP
Redirections and remote content can be read by
javascript errors
* MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site
identity spoofing when loading RSS and Atom feeds
- added mozilla-libnotify.patch to allow fallback from
libnotify to xul based events if no notification-daemon
is running
- gcc 4.7 fixes
* mozilla-gcc47.patch
* disabled crashreporter temporarily for Factory
- recommend libcanberra0 for proper sound notifications

Changes in MozillaThunderbird:
- update to Thunderbird 12.0 (bnc#758408)
* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous
memory safety hazards
* MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free
in IDBKeyRange
* MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees
causes heap corruption in gfxImageSurface
* MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS
via multibyte content processing errors
* MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential
memory corruption during font rendering using
cairo-dwrite
* MFSA 2012-26/CVE-2012-0473 (bmo#743475)
WebGL.drawElements may read illegal video memory due to
FindMaxUshortElement error
* MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
Page load short-circuit can lead to XSS
* MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6
in Origin headers may bypass webserver access
restrictions
* MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS
through ISO-2022-KR/ISO-2022-CN decoding issues
* MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with
WebGL content using textImage2D
* MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one
error in OpenType Sanitizer
* MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP
Redirections and remote content can be read by
javascript errors
* MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site
identity spoofing when loading RSS and Atom feeds
- update Enigmail to 1.4.1
- added mozilla-revert_621446.patch
- added mozilla-libnotify.patch (bmo#737646)
- added mailnew-showalert.patch (bmo#739146)
- added mozilla-gcc47.patch and mailnews-literals.patch to
fix compilation issues with recent gcc 4.7
- disabled crashreporter temporarily for Factory (gcc 4.7
issue)

Changes in seamonkey:
- update to Seamonkey 2.9 (bnc#758408)
* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous
memory safety hazards
* MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free
in IDBKeyRange
* MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees
causes heap corruption in gfxImageSurface
* MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS
via multibyte content processing errors
* MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential
memory corruption during font rendering using
cairo-dwrite
* MFSA 2012-26/CVE-2012-0473 (bmo#743475)
WebGL.drawElements may read illegal video memory due to
FindMaxUshortElement error
* MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
Page load short-circuit can lead to XSS
* MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6
in Origin headers may bypass webserver access
restrictions
* MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS
through ISO-2022-KR/ISO-2022-CN decoding issues
* MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with
WebGL content using textImage2D
* MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one
error in OpenType Sanitizer
* MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP
Redirections and remote content can be read by
javascript errors
* MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site
identity spoofing when loading RSS and Atom feeds

- update to 2.9b4
- added mozilla-sle11.patch and add exceptions to be able
to build for SLE11/11.1
- exclude broken gl locale from build
- fixed build on 11.2-x86_64 by adding
mozilla-revert_621446.patch
- added mozilla-gcc47.patch and mailnews-literals.patch to
fix compilation issues with recent gcc 4.7


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-254

- openSUSE 11.4:

zypper in -t patch openSUSE-2012-254

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.1 (i586 x86_64):

MozillaFirefox-12.0-2.26.1
MozillaFirefox-branding-upstream-12.0-2.26.1
MozillaFirefox-buildsymbols-12.0-2.26.1
MozillaFirefox-debuginfo-12.0-2.26.1
MozillaFirefox-debugsource-12.0-2.26.1
MozillaFirefox-devel-12.0-2.26.1
MozillaFirefox-translations-common-12.0-2.26.1
MozillaFirefox-translations-other-12.0-2.26.1
MozillaThunderbird-12.0-33.20.1
MozillaThunderbird-buildsymbols-12.0-33.20.1
MozillaThunderbird-debuginfo-12.0-33.20.1
MozillaThunderbird-debugsource-12.0-33.20.1
MozillaThunderbird-devel-12.0-33.20.1
MozillaThunderbird-translations-common-12.0-33.20.1
MozillaThunderbird-translations-other-12.0-33.20.1
enigmail-1.4.1+12.0-33.20.1
enigmail-debuginfo-1.4.1+12.0-33.20.1
mozilla-js-12.0-2.26.1
mozilla-js-debuginfo-12.0-2.26.1
seamonkey-2.9-2.18.1
seamonkey-debuginfo-2.9-2.18.1
seamonkey-debugsource-2.9-2.18.1
seamonkey-dom-inspector-2.9-2.18.1
seamonkey-irc-2.9-2.18.1
seamonkey-translations-common-2.9-2.18.1
seamonkey-translations-other-2.9-2.18.1
seamonkey-venkman-2.9-2.18.1
xulrunner-12.0-2.26.1
xulrunner-buildsymbols-12.0-2.26.1
xulrunner-debuginfo-12.0-2.26.1
xulrunner-debugsource-12.0-2.26.1
xulrunner-devel-12.0-2.26.1
xulrunner-devel-debuginfo-12.0-2.26.1

- openSUSE 12.1 (x86_64):

mozilla-js-32bit-12.0-2.26.1
mozilla-js-debuginfo-32bit-12.0-2.26.1
xulrunner-32bit-12.0-2.26.1
xulrunner-debuginfo-32bit-12.0-2.26.1

- openSUSE 12.1 (ia64):

mozilla-js-debuginfo-x86-12.0-2.26.1
mozilla-js-x86-12.0-2.26.1
xulrunner-debuginfo-x86-12.0-2.26.1
xulrunner-x86-12.0-2.26.1

- openSUSE 11.4 (i586 x86_64):

MozillaFirefox-12.0-18.1
MozillaFirefox-branding-upstream-12.0-18.1
MozillaFirefox-buildsymbols-12.0-18.1
MozillaFirefox-debuginfo-12.0-18.1
MozillaFirefox-debugsource-12.0-18.1
MozillaFirefox-devel-12.0-18.1
MozillaFirefox-translations-common-12.0-18.1
MozillaFirefox-translations-other-12.0-18.1
MozillaThunderbird-12.0-18.1
MozillaThunderbird-buildsymbols-12.0-18.1
MozillaThunderbird-debuginfo-12.0-18.1
MozillaThunderbird-debugsource-12.0-18.1
MozillaThunderbird-devel-12.0-18.1
MozillaThunderbird-translations-common-12.0-18.1
MozillaThunderbird-translations-other-12.0-18.1
enigmail-1.4.1+12.0-18.1
enigmail-debuginfo-1.4.1+12.0-18.1
seamonkey-2.9-18.1
seamonkey-debuginfo-2.9-18.1
seamonkey-debugsource-2.9-18.1
seamonkey-dom-inspector-2.9-18.1
seamonkey-irc-2.9-18.1
seamonkey-translations-common-2.9-18.1
seamonkey-translations-other-2.9-18.1
seamonkey-venkman-2.9-18.1


References:

http://support.novell.com/security/cve/CVE-2011-1187.html
http://support.novell.com/security/cve/CVE-2011-2985.html
http://support.novell.com/security/cve/CVE-2011-2986.html
http://support.novell.com/security/cve/CVE-2011-2987.html
http://support.novell.com/security/cve/CVE-2011-2988.html
http://support.novell.com/security/cve/CVE-2011-2989.html
http://support.novell.com/security/cve/CVE-2011-2991.html
http://support.novell.com/security/cve/CVE-2011-2992.html
http://support.novell.com/security/cve/CVE-2011-3005.html
http://support.novell.com/security/cve/CVE-2011-3062.html
http://support.novell.com/security/cve/CVE-2011-3232.html
http://support.novell.com/security/cve/CVE-2011-3651.html
http://support.novell.com/security/cve/CVE-2011-3652.html
http://support.novell.com/security/cve/CVE-2011-3654.html
http://support.novell.com/security/cve/CVE-2011-3655.html
http://support.novell.com/security/cve/CVE-2011-3658.html
http://support.novell.com/security/cve/CVE-2011-3660.html
http://support.novell.com/security/cve/CVE-2011-3661.html
http://support.novell.com/security/cve/CVE-2011-3663.html
http://support.novell.com/security/cve/CVE-2012-0445.html
http://support.novell.com/security/cve/CVE-2012-0446.html
http://support.novell.com/security/cve/CVE-2012-0447.html
http://support.novell.com/security/cve/CVE-2012-0451.html
http://support.novell.com/security/cve/CVE-2012-0452.html
http://support.novell.com/security/cve/CVE-2012-0459.html
http://support.novell.com/security/cve/CVE-2012-0460.html
http://support.novell.com/security/cve/CVE-2012-0467.html
http://support.novell.com/security/cve/CVE-2012-0468.html
http://support.novell.com/security/cve/CVE-2012-0469.html
http://support.novell.com/security/cve/CVE-2012-0470.html
http://support.novell.com/security/cve/CVE-2012-0471.html
http://support.novell.com/security/cve/CVE-2012-0472.html
http://support.novell.com/security/cve/CVE-2012-0473.html
http://support.novell.com/security/cve/CVE-2012-0474.html
http://support.novell.com/security/cve/CVE-2012-0475.html
http://support.novell.com/security/cve/CVE-2012-0477.html
http://support.novell.com/security/cve/CVE-2012-0478.html
http://support.novell.com/security/cve/CVE-2012-0479.html
https://bugzilla.novell.com/712224
https://bugzilla.novell.com/714931
https://bugzilla.novell.com/720264
https://bugzilla.novell.com/726758
https://bugzilla.novell.com/728520
https://bugzilla.novell.com/732898
https://bugzilla.novell.com/733002
https://bugzilla.novell.com/744275
https://bugzilla.novell.com/746616
https://bugzilla.novell.com/747328
https://bugzilla.novell.com/749440
https://bugzilla.novell.com/750044
https://bugzilla.novell.com/755060
https://bugzilla.novell.com/758408


< Previous Next >
List Navigation
This Thread
  • No further messages