Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[security-announce] openSUSE-SU-2016:0309-1: important: Security update for the MozillaFirefox, mozilla-nss and mozilla-nspr

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

openSUSE Security Update: Security update for the MozillaFirefox, mozilla-nss and mozilla-nspr

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2016:0309-1

Rating: important

References: #963633 #963634 #963635 #963637 #963641 #963643

#963644 #963645 #963731

Cross-References: CVE-2015-7208 CVE-2016-1930 CVE-2016-1931

CVE-2016-1933 CVE-2016-1935 CVE-2016-1937

CVE-2016-1938 CVE-2016-1939 CVE-2016-1942

CVE-2016-1943 CVE-2016-1944 CVE-2016-1945

CVE-2016-1946 CVE-2016-1947

Affected Products:

openSUSE Leap 42.1

openSUSE 13.2

______________________________________________________________________________

 

An update that fixes 14 vulnerabilities is now available.

 

Description:

 

This update to MozillaFirefox fixes several security issues and bugs.

 

Mozilla Firefox was updated to 44.0. Mozilla NSS was updated to 3.21

Mozilla NSPR was updated to 4.11.

 

The following vulnerabilities were fixed:

 

* CVE-2016-1930/CVE-2016-1931: Miscellaneous memory safety hazards

(boo#963633)

* CVE-2016-1933: Out of Memory crash when parsing GIF format images

(boo#963634)

* CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation

(boo#963635)

* CVE-2015-7208/CVE-2016-1939: Firefox allows for control characters to be

set in cookie names (boo#963637)

* CVE-2016-1937: Missing delay following user click events in protocol

handler dialog (boo#963641)

* CVE-2016-1938: Errors in mp_div and mp_exptmod cryptographic functions

in NSS (boo#963731)

* CVE-2016-1942/CVE-2016-1943: Addressbar spoofing attacks (boo#963643)

* CVE-2016-1944/CVE-2016-1945/CVE-2016-1946: Unsafe memory manipulation

found through code inspection (boo#963644)

* CVE-2016-1947: Application Reputation service disabled in Firefox 43

(boo#963645)

 

The following change from Mozilla Firefox 43.0.4 is included:

 

* Re-enable SHA-1 certificates to prevent outdated man-in-the-middle

security devices from interfering with properly secured SSL/TLS

connections

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE Leap 42.1:

 

zypper in -t patch openSUSE-2016-128=1

 

- openSUSE 13.2:

 

zypper in -t patch openSUSE-2016-128=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE Leap 42.1 (i586 x86_64):

 

MozillaFirefox-44.0-12.2

MozillaFirefox-branding-upstream-44.0-12.2

MozillaFirefox-buildsymbols-44.0-12.2

MozillaFirefox-devel-44.0-12.2

MozillaFirefox-translations-common-44.0-12.2

MozillaFirefox-translations-other-44.0-12.2

libfreebl3-3.21-9.1

libfreebl3-debuginfo-3.21-9.1

libsoftokn3-3.21-9.1

libsoftokn3-debuginfo-3.21-9.1

mozilla-nspr-4.11-7.1

mozilla-nspr-debuginfo-4.11-7.1

mozilla-nspr-debugsource-4.11-7.1

mozilla-nspr-devel-4.11-7.1

mozilla-nss-3.21-9.1

mozilla-nss-certs-3.21-9.1

mozilla-nss-certs-debuginfo-3.21-9.1

mozilla-nss-debuginfo-3.21-9.1

mozilla-nss-debugsource-3.21-9.1

mozilla-nss-devel-3.21-9.1

mozilla-nss-sysinit-3.21-9.1

mozilla-nss-sysinit-debuginfo-3.21-9.1

mozilla-nss-tools-3.21-9.1

mozilla-nss-tools-debuginfo-3.21-9.1

 

- openSUSE Leap 42.1 (x86_64):

 

MozillaFirefox-debuginfo-44.0-12.2

MozillaFirefox-debugsource-44.0-12.2

libfreebl3-32bit-3.21-9.1

libfreebl3-debuginfo-32bit-3.21-9.1

libsoftokn3-32bit-3.21-9.1

libsoftokn3-debuginfo-32bit-3.21-9.1

mozilla-nspr-32bit-4.11-7.1

mozilla-nspr-debuginfo-32bit-4.11-7.1

mozilla-nss-32bit-3.21-9.1

mozilla-nss-certs-32bit-3.21-9.1

mozilla-nss-certs-debuginfo-32bit-3.21-9.1

mozilla-nss-debuginfo-32bit-3.21-9.1

mozilla-nss-sysinit-32bit-3.21-9.1

mozilla-nss-sysinit-debuginfo-32bit-3.21-9.1

 

- openSUSE 13.2 (i586 x86_64):

 

MozillaFirefox-44.0-59.1

MozillaFirefox-branding-upstream-44.0-59.1

MozillaFirefox-buildsymbols-44.0-59.1

MozillaFirefox-devel-44.0-59.1

MozillaFirefox-translations-common-44.0-59.1

MozillaFirefox-translations-other-44.0-59.1

libfreebl3-3.21-25.1

libfreebl3-debuginfo-3.21-25.1

libsoftokn3-3.21-25.1

libsoftokn3-debuginfo-3.21-25.1

mozilla-nspr-4.11-12.1

mozilla-nspr-debuginfo-4.11-12.1

mozilla-nspr-debugsource-4.11-12.1

mozilla-nspr-devel-4.11-12.1

mozilla-nss-3.21-25.1

mozilla-nss-certs-3.21-25.1

mozilla-nss-certs-debuginfo-3.21-25.1

mozilla-nss-debuginfo-3.21-25.1

mozilla-nss-debugsource-3.21-25.1

mozilla-nss-devel-3.21-25.1

mozilla-nss-sysinit-3.21-25.1

mozilla-nss-sysinit-debuginfo-3.21-25.1

mozilla-nss-tools-3.21-25.1

mozilla-nss-tools-debuginfo-3.21-25.1

 

- openSUSE 13.2 (x86_64):

 

libfreebl3-32bit-3.21-25.1

libfreebl3-debuginfo-32bit-3.21-25.1

libsoftokn3-32bit-3.21-25.1

libsoftokn3-debuginfo-32bit-3.21-25.1

mozilla-nspr-32bit-4.11-12.1

mozilla-nspr-debuginfo-32bit-4.11-12.1

mozilla-nss-32bit-3.21-25.1

mozilla-nss-certs-32bit-3.21-25.1

mozilla-nss-certs-debuginfo-32bit-3.21-25.1

mozilla-nss-debuginfo-32bit-3.21-25.1

mozilla-nss-sysinit-32bit-3.21-25.1

mozilla-nss-sysinit-debuginfo-32bit-3.21-25.1

 

- openSUSE 13.2 (i586):

 

MozillaFirefox-debuginfo-44.0-59.1

MozillaFirefox-debugsource-44.0-59.1

 

 

References:

 

https://www.suse.com/security/cve/CVE-2015-7208.html

https://www.suse.com/security/cve/CVE-2016-1930.html

https://www.suse.com/security/cve/CVE-2016-1931.html

https://www.suse.com/security/cve/CVE-2016-1933.html

https://www.suse.com/security/cve/CVE-2016-1935.html

https://www.suse.com/security/cve/CVE-2016-1937.html

https://www.suse.com/security/cve/CVE-2016-1938.html

https://www.suse.com/security/cve/CVE-2016-1939.html

https://www.suse.com/security/cve/CVE-2016-1942.html

https://www.suse.com/security/cve/CVE-2016-1943.html

https://www.suse.com/security/cve/CVE-2016-1944.html

https://www.suse.com/security/cve/CVE-2016-1945.html

https://www.suse.com/security/cve/CVE-2016-1946.html

https://www.suse.com/security/cve/CVE-2016-1947.html

https://bugzilla.suse.com/963633

https://bugzilla.suse.com/963634

https://bugzilla.suse.com/963635

https://bugzilla.suse.com/963637

https://bugzilla.suse.com/963641

https://bugzilla.suse.com/963643

https://bugzilla.suse.com/963644

https://bugzilla.suse.com/963645

https://bugzilla.suse.com/963731

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×