Mailinglist Archive: opensuse-updates (33 mails)

< Previous Next >
openSUSE-SU-2012:0760-1: important: MozillaFirefox, MozillaThunderbird, mozilla-nss, seamonkey, xulrunner: June
openSUSE Security Update: MozillaFirefox, MozillaThunderbird, mozilla-nss,
seamonkey, xulrunner: June
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0760-1
Rating: important
References: #765204
Cross-References: CVE-2011-3101 CVE-2012-0441 CVE-2012-1937
CVE-2012-1938 CVE-2012-1940 CVE-2012-1941
CVE-2012-1944 CVE-2012-1945 CVE-2012-1946
CVE-2012-1947
Affected Products:
openSUSE 12.1
openSUSE 11.4
______________________________________________________________________________

An update that fixes 10 vulnerabilities is now available.

Description:

Changes in MozillaFirefox:
- update to Firefox 13.0 (bnc#765204)
* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards
* MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content
Security Policy inline-script bypass
* MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information
disclosure though Windows file shares and shortcut files
* MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free
while replacing/inserting a node in a document
* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using
Address Sanitizer
- require NSS 3.13.4
* MFSA 2012-39/CVE-2012-0441 (bmo#715073)
- fix sound notifications when filename/path contains a
whitespace (bmo#749739)

- fix build on arm

- reenabled crashreporter for Factory/12.2 (fix in
mozilla-gcc47.patch)

Changes in MozillaThunderbird:
- update to Thunderbird 13.0 (bnc#765204)
* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards
* MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content
Security Policy inline-script bypass
* MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information
disclosure though Windows file shares and shortcut files
* MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free
while replacing/inserting a node in a document
* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using
Address Sanitizer
- require NSS 3.13.4
* MFSA 2012-39/CVE-2012-0441 (bmo#715073)
- fix build with system NSPR (mozilla-system-nspr.patch)
- add dependentlibs.list for improved XRE startup
- update enigmail to 1.4.2

- reenabled crashreporter for Factory/12.2 (fix in
mozilla-gcc47.patch)

- update to Thunderbird 12.0.1
* fix regressions
- POP3 filters (bmo#748090)
- Message Body not loaded when using "Fetch Headers
Only" (bmo#748865)
- Received messages contain parts of other messages
with movemail account (bmo#748726)
- New mail notification issue (bmo#748997)
- crash in nsMsgDatabase::MatchDbName (bmo#748432)

- fixed build with gcc 4.7

Changes in seamonkey:
- update to Seamonkey 2.10 (bnc#765204)
* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards
* MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content
Security Policy inline-script bypass
* MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information
disclosure though Windows file shares and shortcut files
* MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free
while replacing/inserting a node in a document
* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using
Address Sanitizer
- requires NSS 3.13.4
* MFSA 2012-39/CVE-2012-0441 (bmo#715073)

- update to Seamonkey 2.9.1
* fix regressions
- POP3 filters (bmo#748090)
- Message Body not loaded when using "Fetch Headers
Only" (bmo#748865)
- Received messages contain parts of other messages
with movemail account (bmo#748726)
- New mail notification issue (bmo#748997)
- crash in nsMsgDatabase::MatchDbName (bmo#748432)

- fixed build with gcc 4.7

Changes in mozilla-nss:
- update to 3.13.5 RTM

- update to 3.13.4 RTM
* fixed some bugs
* fixed cert verification regression in PKIX mode
(bmo#737802) introduced in 3.13.2

Changes in xulrunner:
- update to 13.0 (bnc#765204)
* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards
* MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content
Security Policy inline-script bypass
* MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information
disclosure though Windows file shares and shortcut files
* MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free
while replacing/inserting a node in a document
* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using
Address Sanitizer
- require NSS 3.13.4
* MFSA 2012-39/CVE-2012-0441 (bmo#715073)
- reenabled crashreporter for Factory/12.2 (fixed in
mozilla-gcc47.patch)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-333

- openSUSE 11.4:

zypper in -t patch openSUSE-2012-333

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.1 (i586 ia64 x86_64):

mozilla-nss-debugsource-3.13.5-9.16.1
xulrunner-debugsource-13.0-2.29.2

- openSUSE 12.1 (i586 x86_64):

MozillaFirefox-13.0-2.30.1
MozillaFirefox-branding-upstream-13.0-2.30.1
MozillaFirefox-buildsymbols-13.0-2.30.1
MozillaFirefox-debuginfo-13.0-2.30.1
MozillaFirefox-debugsource-13.0-2.30.1
MozillaFirefox-devel-13.0-2.30.1
MozillaFirefox-translations-common-13.0-2.30.1
MozillaFirefox-translations-other-13.0-2.30.1
MozillaThunderbird-13.0-33.23.2
MozillaThunderbird-buildsymbols-13.0-33.23.2
MozillaThunderbird-debuginfo-13.0-33.23.2
MozillaThunderbird-debugsource-13.0-33.23.2
MozillaThunderbird-devel-13.0-33.23.2
MozillaThunderbird-translations-common-13.0-33.23.2
MozillaThunderbird-translations-other-13.0-33.23.2
chmsee-1.99.08-2.18.3
chmsee-debuginfo-1.99.08-2.18.3
chmsee-debugsource-1.99.08-2.18.3
enigmail-1.4.2+13.0-33.23.2
enigmail-debuginfo-1.4.2+13.0-33.23.2
libfreebl3-3.13.5-9.16.1
libfreebl3-debuginfo-3.13.5-9.16.1
libsoftokn3-3.13.5-9.16.1
libsoftokn3-debuginfo-3.13.5-9.16.1
mozilla-js-13.0-2.29.2
mozilla-js-debuginfo-13.0-2.29.2
mozilla-nss-3.13.5-9.16.1
mozilla-nss-certs-3.13.5-9.16.1
mozilla-nss-certs-debuginfo-3.13.5-9.16.1
mozilla-nss-debuginfo-3.13.5-9.16.1
mozilla-nss-devel-3.13.5-9.16.1
mozilla-nss-sysinit-3.13.5-9.16.1
mozilla-nss-sysinit-debuginfo-3.13.5-9.16.1
mozilla-nss-tools-3.13.5-9.16.1
mozilla-nss-tools-debuginfo-3.13.5-9.16.1
seamonkey-2.10-2.21.2
seamonkey-debuginfo-2.10-2.21.2
seamonkey-debugsource-2.10-2.21.2
seamonkey-dom-inspector-2.10-2.21.2
seamonkey-irc-2.10-2.21.2
seamonkey-translations-common-2.10-2.21.2
seamonkey-translations-other-2.10-2.21.2
seamonkey-venkman-2.10-2.21.2
xulrunner-13.0-2.29.2
xulrunner-buildsymbols-13.0-2.29.2
xulrunner-debuginfo-13.0-2.29.2
xulrunner-devel-13.0-2.29.2
xulrunner-devel-debuginfo-13.0-2.29.2

- openSUSE 12.1 (x86_64):

libfreebl3-32bit-3.13.5-9.16.1
libfreebl3-debuginfo-32bit-3.13.5-9.16.1
libsoftokn3-32bit-3.13.5-9.16.1
libsoftokn3-debuginfo-32bit-3.13.5-9.16.1
mozilla-js-32bit-13.0-2.29.2
mozilla-js-debuginfo-32bit-13.0-2.29.2
mozilla-nss-32bit-3.13.5-9.16.1
mozilla-nss-certs-32bit-3.13.5-9.16.1
mozilla-nss-certs-debuginfo-32bit-3.13.5-9.16.1
mozilla-nss-debuginfo-32bit-3.13.5-9.16.1
mozilla-nss-sysinit-32bit-3.13.5-9.16.1
mozilla-nss-sysinit-debuginfo-32bit-3.13.5-9.16.1
xulrunner-32bit-13.0-2.29.2
xulrunner-debuginfo-32bit-13.0-2.29.2

- openSUSE 12.1 (ia64):

libfreebl3-debuginfo-x86-3.13.5-9.16.1
libfreebl3-debuginfo-x86-debuginfo-3.13.5-9.16.1
libfreebl3-x86-3.13.5-9.16.1
libsoftokn3-debuginfo-x86-3.13.5-9.16.1
libsoftokn3-debuginfo-x86-debuginfo-3.13.5-9.16.1
libsoftokn3-x86-3.13.5-9.16.1
mozilla-js-debuginfo-x86-13.0-2.29.2
mozilla-js-debuginfo-x86-debuginfo-13.0-2.29.2
mozilla-js-x86-13.0-2.29.2
mozilla-nss-certs-debuginfo-x86-3.13.5-9.16.1
mozilla-nss-certs-debuginfo-x86-debuginfo-3.13.5-9.16.1
mozilla-nss-certs-x86-3.13.5-9.16.1
mozilla-nss-debuginfo-x86-3.13.5-9.16.1
mozilla-nss-debuginfo-x86-debuginfo-3.13.5-9.16.1
mozilla-nss-sysinit-debuginfo-x86-3.13.5-9.16.1
mozilla-nss-sysinit-debuginfo-x86-debuginfo-3.13.5-9.16.1
mozilla-nss-sysinit-x86-3.13.5-9.16.1
mozilla-nss-x86-3.13.5-9.16.1
xulrunner-debuginfo-x86-13.0-2.29.2
xulrunner-debuginfo-x86-debuginfo-13.0-2.29.2
xulrunner-x86-13.0-2.29.2

- openSUSE 11.4 (i586 ia64 x86_64):

mozilla-nss-debugsource-3.13.5-44.1

- openSUSE 11.4 (i586 x86_64):

MozillaFirefox-13.0-25.2
MozillaFirefox-branding-upstream-13.0-25.2
MozillaFirefox-buildsymbols-13.0-25.2
MozillaFirefox-debuginfo-13.0-25.2
MozillaFirefox-debugsource-13.0-25.2
MozillaFirefox-devel-13.0-25.2
MozillaFirefox-translations-common-13.0-25.2
MozillaFirefox-translations-other-13.0-25.2
MozillaThunderbird-13.0-21.2
MozillaThunderbird-buildsymbols-13.0-21.2
MozillaThunderbird-debuginfo-13.0-21.2
MozillaThunderbird-debugsource-13.0-21.2
MozillaThunderbird-devel-13.0-21.2
MozillaThunderbird-translations-common-13.0-21.2
MozillaThunderbird-translations-other-13.0-21.2
enigmail-1.4.2+13.0-21.2
enigmail-debuginfo-1.4.2+13.0-21.2
libfreebl3-3.13.5-44.1
libfreebl3-debuginfo-3.13.5-44.1
libsoftokn3-3.13.5-44.1
libsoftokn3-debuginfo-3.13.5-44.1
mozilla-nss-3.13.5-44.1
mozilla-nss-certs-3.13.5-44.1
mozilla-nss-certs-debuginfo-3.13.5-44.1
mozilla-nss-debuginfo-3.13.5-44.1
mozilla-nss-devel-3.13.5-44.1
mozilla-nss-sysinit-3.13.5-44.1
mozilla-nss-sysinit-debuginfo-3.13.5-44.1
mozilla-nss-tools-3.13.5-44.1
mozilla-nss-tools-debuginfo-3.13.5-44.1
seamonkey-2.10-21.2
seamonkey-debuginfo-2.10-21.2
seamonkey-debugsource-2.10-21.2
seamonkey-dom-inspector-2.10-21.2
seamonkey-irc-2.10-21.2
seamonkey-translations-common-2.10-21.2
seamonkey-translations-other-2.10-21.2
seamonkey-venkman-2.10-21.2

- openSUSE 11.4 (x86_64):

libfreebl3-32bit-3.13.5-44.1
libfreebl3-debuginfo-32bit-3.13.5-44.1
libsoftokn3-32bit-3.13.5-44.1
libsoftokn3-debuginfo-32bit-3.13.5-44.1
mozilla-nss-32bit-3.13.5-44.1
mozilla-nss-certs-32bit-3.13.5-44.1
mozilla-nss-certs-debuginfo-32bit-3.13.5-44.1
mozilla-nss-debuginfo-32bit-3.13.5-44.1
mozilla-nss-sysinit-32bit-3.13.5-44.1
mozilla-nss-sysinit-debuginfo-32bit-3.13.5-44.1

- openSUSE 11.4 (ia64):

libfreebl3-debuginfo-x86-3.13.5-44.1
libfreebl3-debuginfo-x86-debuginfo-3.13.5-44.1
libfreebl3-x86-3.13.5-44.1
libsoftokn3-debuginfo-x86-3.13.5-44.1
libsoftokn3-debuginfo-x86-debuginfo-3.13.5-44.1
libsoftokn3-x86-3.13.5-44.1
mozilla-nss-certs-debuginfo-x86-3.13.5-44.1
mozilla-nss-certs-debuginfo-x86-debuginfo-3.13.5-44.1
mozilla-nss-certs-x86-3.13.5-44.1
mozilla-nss-debuginfo-x86-3.13.5-44.1
mozilla-nss-debuginfo-x86-debuginfo-3.13.5-44.1
mozilla-nss-sysinit-debuginfo-x86-3.13.5-44.1
mozilla-nss-sysinit-debuginfo-x86-debuginfo-3.13.5-44.1
mozilla-nss-sysinit-x86-3.13.5-44.1
mozilla-nss-x86-3.13.5-44.1


References:

http://support.novell.com/security/cve/CVE-2011-3101.html
http://support.novell.com/security/cve/CVE-2012-0441.html
http://support.novell.com/security/cve/CVE-2012-1937.html
http://support.novell.com/security/cve/CVE-2012-1938.html
http://support.novell.com/security/cve/CVE-2012-1940.html
http://support.novell.com/security/cve/CVE-2012-1941.html
http://support.novell.com/security/cve/CVE-2012-1944.html
http://support.novell.com/security/cve/CVE-2012-1945.html
http://support.novell.com/security/cve/CVE-2012-1946.html
http://support.novell.com/security/cve/CVE-2012-1947.html
https://bugzilla.novell.com/765204


< Previous Next >
This Thread
  • No further messages