Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Tech ARP] Sony Announces VAIO Issues With Windows 10 Rev. 3.0

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

SUSE Security Update: Security update for Mozilla Firefox

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2015:2081-1

Rating: important

References: #908275 #940806 #943557 #943558 #943608 #947003

#952810

Cross-References: CVE-2015-4473 CVE-2015-4474 CVE-2015-4475

CVE-2015-4478 CVE-2015-4479 CVE-2015-4484

CVE-2015-4485 CVE-2015-4486 CVE-2015-4487

CVE-2015-4488 CVE-2015-4489 CVE-2015-4491

CVE-2015-4492 CVE-2015-4497 CVE-2015-4498

CVE-2015-4500 CVE-2015-4501 CVE-2015-4506

CVE-2015-4509 CVE-2015-4511 CVE-2015-4513

CVE-2015-4517 CVE-2015-4519 CVE-2015-4520

CVE-2015-4521 CVE-2015-4522 CVE-2015-7174

CVE-2015-7175 CVE-2015-7176 CVE-2015-7177

CVE-2015-7180 CVE-2015-7181 CVE-2015-7182

CVE-2015-7183 CVE-2015-7188 CVE-2015-7189

CVE-2015-7193 CVE-2015-7194 CVE-2015-7196

CVE-2015-7197 CVE-2015-7198 CVE-2015-7199

CVE-2015-7200

Affected Products:

SUSE Linux Enterprise Server 10 SP4 LTSS

______________________________________________________________________________

 

An update that fixes 43 vulnerabilities is now available.

It includes three new package versions.

 

Description:

 

 

MozillaFirefox ESR was updated to version 38.4.0ESR to fix multiple

security issues.

 

* MFSA 2015-116/CVE-2015-4513 Miscellaneous memory safety hazards

(rv:42.0 / rv:38.4)

* MFSA 2015-122/CVE-2015-7188 Trailing whitespace in IP address

hostnames can bypass same-origin policy

* MFSA 2015-123/CVE-2015-7189 Buffer overflow during image

interactions in canvas

* MFSA 2015-127/CVE-2015-7193 CORS preflight is bypassed when

non-standard Content-Type headers are received

* MFSA 2015-128/CVE-2015-7194 Memory corruption in libjar through zip

files

* MFSA 2015-130/CVE-2015-7196 JavaScript garbage collection crash with

Java applet

* MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200

Vulnerabilities found through code inspection

* MFSA 2015-132/CVE-2015-7197 Mixed content WebSocket policy bypass

through workers

* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 NSS and NSPR

memory corruption issues

 

It also includes fixes from 38.3.0ESR:

 

* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety

hazards (rv:41.0 / rv:38.3)

* MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing

vp9 format video

* MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video

* MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML

media content

* MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes

final URL after redirects

* MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight

request headers

* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522

CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177

CVE-2015-7180 Vulnerabilities found through code inspection

 

It also includes fixes from the Firefox 38.2.1ESR release:

 

* MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing

canvas element during restyling

* MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass

through data URLs

 

It also includes fixes from the Firefox 38.2.0ESR release:

 

* MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety

hazards (rv:40.0 / rv:38.2)

* MFSA 2015-80/CVE-2015-4475 Out-of-bounds read with malformed MP3 file

* MFSA 2015-82/CVE-2015-4478 Redefinition of non-configurable

JavaScript object properties

* MFSA 2015-83/CVE-2015-4479 Overflow issues in libstagefright

* MFSA 2015-87/CVE-2015-4484 Crash when using shared memory in

JavaScript

* MFSA 2015-88/CVE-2015-4491 Heap overflow in gdk-pixbuf when scaling

bitmap images

* MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 Buffer overflows on Libvpx

when decoding WebM video

* MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489

Vulnerabilities found through code inspection

* MFSA 2015-92/CVE-2015-4492 Use-after-free in XMLHttpRequest with

shared workers

 

Security Issues:

 

* CVE-2015-4473

 

* CVE-2015-4474

 

* CVE-2015-4475

 

* CVE-2015-4478

 

* CVE-2015-4479

 

* CVE-2015-4484

 

* CVE-2015-4485

 

* CVE-2015-4486

 

* CVE-2015-4487

 

* CVE-2015-4488

 

* CVE-2015-4489

 

* CVE-2015-4491

 

* CVE-2015-4492

 

* CVE-2015-4497

 

* CVE-2015-4498

 

* CVE-2015-4500

 

* CVE-2015-4501

 

* CVE-2015-4506

 

* CVE-2015-4509

 

* CVE-2015-4511

 

* CVE-2015-4513

 

* CVE-2015-4517

 

* CVE-2015-4519

 

* CVE-2015-4520

 

* CVE-2015-4521

 

* CVE-2015-4522

 

* CVE-2015-7174

 

* CVE-2015-7175

 

* CVE-2015-7176

 

* CVE-2015-7177

 

* CVE-2015-7180

 

* CVE-2015-7181

 

* CVE-2015-7182

 

* CVE-2015-7183

 

* CVE-2015-7188

 

* CVE-2015-7189

 

* CVE-2015-7193

 

* CVE-2015-7194

 

* CVE-2015-7196

 

* CVE-2015-7197

 

* CVE-2015-7198

 

* CVE-2015-7199

 

* CVE-2015-7200

 

 

 

 

Package List:

 

- SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 3.19.2.1 and 4.10.10]:

 

mozilla-nspr-4.10.10-0.5.1

mozilla-nspr-devel-4.10.10-0.5.1

mozilla-nss-3.19.2.1-0.5.1

mozilla-nss-devel-3.19.2.1-0.5.1

mozilla-nss-tools-3.19.2.1-0.5.1

 

- SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64) [New Version: 3.19.2.1 and 4.10.10]:

 

mozilla-nspr-32bit-4.10.10-0.5.1

mozilla-nss-32bit-3.19.2.1-0.5.1

 

- SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x) [New Version: 38]:

 

MozillaFirefox-38.4.0esr-0.7.1

MozillaFirefox-branding-SLED-38-0.5.3

MozillaFirefox-translations-38.4.0esr-0.7.1

 

 

References:

 

https://www.suse.com/security/cve/CVE-2015-4473.html

https://www.suse.com/security/cve/CVE-2015-4474.html

https://www.suse.com/security/cve/CVE-2015-4475.html

https://www.suse.com/security/cve/CVE-2015-4478.html

https://www.suse.com/security/cve/CVE-2015-4479.html

https://www.suse.com/security/cve/CVE-2015-4484.html

https://www.suse.com/security/cve/CVE-2015-4485.html

https://www.suse.com/security/cve/CVE-2015-4486.html

https://www.suse.com/security/cve/CVE-2015-4487.html

https://www.suse.com/security/cve/CVE-2015-4488.html

https://www.suse.com/security/cve/CVE-2015-4489.html

https://www.suse.com/security/cve/CVE-2015-4491.html

https://www.suse.com/security/cve/CVE-2015-4492.html

https://www.suse.com/security/cve/CVE-2015-4497.html

https://www.suse.com/security/cve/CVE-2015-4498.html

https://www.suse.com/security/cve/CVE-2015-4500.html

https://www.suse.com/security/cve/CVE-2015-4501.html

https://www.suse.com/security/cve/CVE-2015-4506.html

https://www.suse.com/security/cve/CVE-2015-4509.html

https://www.suse.com/security/cve/CVE-2015-4511.html

https://www.suse.com/security/cve/CVE-2015-4513.html

https://www.suse.com/security/cve/CVE-2015-4517.html

https://www.suse.com/security/cve/CVE-2015-4519.html

https://www.suse.com/security/cve/CVE-2015-4520.html

https://www.suse.com/security/cve/CVE-2015-4521.html

https://www.suse.com/security/cve/CVE-2015-4522.html

https://www.suse.com/security/cve/CVE-2015-7174.html

https://www.suse.com/security/cve/CVE-2015-7175.html

https://www.suse.com/security/cve/CVE-2015-7176.html

https://www.suse.com/security/cve/CVE-2015-7177.html

https://www.suse.com/security/cve/CVE-2015-7180.html

https://www.suse.com/security/cve/CVE-2015-7181.html

https://www.suse.com/security/cve/CVE-2015-7182.html

https://www.suse.com/security/cve/CVE-2015-7183.html

https://www.suse.com/security/cve/CVE-2015-7188.html

https://www.suse.com/security/cve/CVE-2015-7189.html

https://www.suse.com/security/cve/CVE-2015-7193.html

https://www.suse.com/security/cve/CVE-2015-7194.html

https://www.suse.com/security/cve/CVE-2015-7196.html

https://www.suse.com/security/cve/CVE-2015-7197.html

https://www.suse.com/security/cve/CVE-2015-7198.html

https://www.suse.com/security/cve/CVE-2015-7199.html

https://www.suse.com/security/cve/CVE-2015-7200.html

https://bugzilla.suse.com/908275

https://bugzilla.suse.com/940806

https://bugzilla.suse.com/943557

https://bugzilla.suse.com/943558

https://bugzilla.suse.com/943608

https://bugzilla.suse.com/947003

https://bugzilla.suse.com/952810

https://download.suse.com/patch/finder/?keywords=bb006e2ed6738badb2b7f4f52e5c1b2a

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×