Mailinglist Archive: opensuse-updates (37 mails)

< Previous Next >
openSUSE-SU-2015:1454-1: moderate: Security update for MozillaThunderbird
openSUSE Security Update: Security update for MozillaThunderbird
______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:1454-1
Rating: moderate
References: #940806
Cross-References: CVE-2015-4473 CVE-2015-4475 CVE-2015-4478
CVE-2015-4479 CVE-2015-4480 CVE-2015-4481
CVE-2015-4482 CVE-2015-4484 CVE-2015-4485
CVE-2015-4486 CVE-2015-4487 CVE-2015-4488
CVE-2015-4489 CVE-2015-4491 CVE-2015-4492
CVE-2015-4493
Affected Products:
openSUSE 13.1
______________________________________________________________________________

An update that fixes 16 vulnerabilities is now available.

Description:


This update to Thunderbird 38.2.0 fixes the following issues (bnc#940806):

* MFSA 2015-79/CVE-2015-4473 Miscellaneous memory safety hazards
* MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with
malformed MP3 file
* MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of
non-configurable JavaScript object properties
* MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues
in libstagefright
* MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting
through Mozilla Maintenance Service with hard links (only affected
Windows)
* MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with
Updater and malicious MAR file (does not affect openSUSE RPM packages
which do not ship the updater)
* MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared
memory in JavaScript
* MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf
when scaling bitmap images
* MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
Buffer overflows on Libvpx when decoding WebM video
* MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities
found through code inspection
* MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in
XMLHttpRequest with shared workers


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-558=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i586 x86_64):

MozillaThunderbird-38.2.0-70.60.2
MozillaThunderbird-buildsymbols-38.2.0-70.60.2
MozillaThunderbird-debuginfo-38.2.0-70.60.2
MozillaThunderbird-debugsource-38.2.0-70.60.2
MozillaThunderbird-devel-38.2.0-70.60.2
MozillaThunderbird-translations-common-38.2.0-70.60.2
MozillaThunderbird-translations-other-38.2.0-70.60.2


References:

https://www.suse.com/security/cve/CVE-2015-4473.html
https://www.suse.com/security/cve/CVE-2015-4475.html
https://www.suse.com/security/cve/CVE-2015-4478.html
https://www.suse.com/security/cve/CVE-2015-4479.html
https://www.suse.com/security/cve/CVE-2015-4480.html
https://www.suse.com/security/cve/CVE-2015-4481.html
https://www.suse.com/security/cve/CVE-2015-4482.html
https://www.suse.com/security/cve/CVE-2015-4484.html
https://www.suse.com/security/cve/CVE-2015-4485.html
https://www.suse.com/security/cve/CVE-2015-4486.html
https://www.suse.com/security/cve/CVE-2015-4487.html
https://www.suse.com/security/cve/CVE-2015-4488.html
https://www.suse.com/security/cve/CVE-2015-4489.html
https://www.suse.com/security/cve/CVE-2015-4491.html
https://www.suse.com/security/cve/CVE-2015-4492.html
https://www.suse.com/security/cve/CVE-2015-4493.html
https://bugzilla.suse.com/940806


< Previous Next >
This Thread
  • No further messages