Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[security-announce] openSUSE-SU-2012:0760-1: important: MozillaFirefox, MozillaThunderbird, mozilla-nss, seamonkey, xulrunner: June

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

openSUSE Security Update: MozillaFirefox, MozillaThunderbird, mozilla-nss, seamonkey, xulrunner: June

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2012:0760-1

Rating: important

References: #765204

Cross-References: CVE-2011-3101 CVE-2012-0441 CVE-2012-1937

CVE-2012-1938 CVE-2012-1940 CVE-2012-1941

CVE-2012-1944 CVE-2012-1945 CVE-2012-1946

CVE-2012-1947

Affected Products:

openSUSE 12.1

openSUSE 11.4

______________________________________________________________________________

 

An update that fixes 10 vulnerabilities is now available.

 

Description:

 

Changes in MozillaFirefox:

- update to Firefox 13.0 (bnc#765204)

* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101

Miscellaneous memory safety hazards

* MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content

Security Policy inline-script bypass

* MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information

disclosure though Windows file shares and shortcut files

* MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free

while replacing/inserting a node in a document

* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941

Buffer overflow and use-after-free issues found using

Address Sanitizer

- require NSS 3.13.4

* MFSA 2012-39/CVE-2012-0441 (bmo#715073)

- fix sound notifications when filename/path contains a

whitespace (bmo#749739)

 

- fix build on arm

 

- reenabled crashreporter for Factory/12.2 (fix in

mozilla-gcc47.patch)

 

Changes in MozillaThunderbird:

- update to Thunderbird 13.0 (bnc#765204)

* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101

Miscellaneous memory safety hazards

* MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content

Security Policy inline-script bypass

* MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information

disclosure though Windows file shares and shortcut files

* MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free

while replacing/inserting a node in a document

* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941

Buffer overflow and use-after-free issues found using

Address Sanitizer

- require NSS 3.13.4

* MFSA 2012-39/CVE-2012-0441 (bmo#715073)

- fix build with system NSPR (mozilla-system-nspr.patch)

- add dependentlibs.list for improved XRE startup

- update enigmail to 1.4.2

 

- reenabled crashreporter for Factory/12.2 (fix in

mozilla-gcc47.patch)

 

- update to Thunderbird 12.0.1

* fix regressions

- POP3 filters (bmo#748090)

- Message Body not loaded when using "Fetch Headers

Only" (bmo#748865)

- Received messages contain parts of other messages

with movemail account (bmo#748726)

- New mail notification issue (bmo#748997)

- crash in nsMsgDatabase::MatchDbName (bmo#748432)

 

- fixed build with gcc 4.7

 

Changes in seamonkey:

- update to Seamonkey 2.10 (bnc#765204)

* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101

Miscellaneous memory safety hazards

* MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content

Security Policy inline-script bypass

* MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information

disclosure though Windows file shares and shortcut files

* MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free

while replacing/inserting a node in a document

* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941

Buffer overflow and use-after-free issues found using

Address Sanitizer

- requires NSS 3.13.4

* MFSA 2012-39/CVE-2012-0441 (bmo#715073)

 

- update to Seamonkey 2.9.1

* fix regressions

- POP3 filters (bmo#748090)

- Message Body not loaded when using "Fetch Headers

Only" (bmo#748865)

- Received messages contain parts of other messages

with movemail account (bmo#748726)

- New mail notification issue (bmo#748997)

- crash in nsMsgDatabase::MatchDbName (bmo#748432)

 

- fixed build with gcc 4.7

 

Changes in mozilla-nss:

- update to 3.13.5 RTM

 

- update to 3.13.4 RTM

* fixed some bugs

* fixed cert verification regression in PKIX mode

(bmo#737802) introduced in 3.13.2

 

Changes in xulrunner:

- update to 13.0 (bnc#765204)

* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101

Miscellaneous memory safety hazards

* MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content

Security Policy inline-script bypass

* MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information

disclosure though Windows file shares and shortcut files

* MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free

while replacing/inserting a node in a document

* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941

Buffer overflow and use-after-free issues found using

Address Sanitizer

- require NSS 3.13.4

* MFSA 2012-39/CVE-2012-0441 (bmo#715073)

- reenabled crashreporter for Factory/12.2 (fixed in

mozilla-gcc47.patch)

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE 12.1:

 

zypper in -t patch openSUSE-2012-333

 

- openSUSE 11.4:

 

zypper in -t patch openSUSE-2012-333

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE 12.1 (i586 ia64 x86_64):

 

mozilla-nss-debugsource-3.13.5-9.16.1

xulrunner-debugsource-13.0-2.29.2

 

- openSUSE 12.1 (i586 x86_64):

 

MozillaFirefox-13.0-2.30.1

MozillaFirefox-branding-upstream-13.0-2.30.1

MozillaFirefox-buildsymbols-13.0-2.30.1

MozillaFirefox-debuginfo-13.0-2.30.1

MozillaFirefox-debugsource-13.0-2.30.1

MozillaFirefox-devel-13.0-2.30.1

MozillaFirefox-translations-common-13.0-2.30.1

MozillaFirefox-translations-other-13.0-2.30.1

MozillaThunderbird-13.0-33.23.2

MozillaThunderbird-buildsymbols-13.0-33.23.2

MozillaThunderbird-debuginfo-13.0-33.23.2

MozillaThunderbird-debugsource-13.0-33.23.2

MozillaThunderbird-devel-13.0-33.23.2

MozillaThunderbird-translations-common-13.0-33.23.2

MozillaThunderbird-translations-other-13.0-33.23.2

chmsee-1.99.08-2.18.3

chmsee-debuginfo-1.99.08-2.18.3

chmsee-debugsource-1.99.08-2.18.3

enigmail-1.4.2+13.0-33.23.2

enigmail-debuginfo-1.4.2+13.0-33.23.2

libfreebl3-3.13.5-9.16.1

libfreebl3-debuginfo-3.13.5-9.16.1

libsoftokn3-3.13.5-9.16.1

libsoftokn3-debuginfo-3.13.5-9.16.1

mozilla-js-13.0-2.29.2

mozilla-js-debuginfo-13.0-2.29.2

mozilla-nss-3.13.5-9.16.1

mozilla-nss-certs-3.13.5-9.16.1

mozilla-nss-certs-debuginfo-3.13.5-9.16.1

mozilla-nss-debuginfo-3.13.5-9.16.1

mozilla-nss-devel-3.13.5-9.16.1

mozilla-nss-sysinit-3.13.5-9.16.1

mozilla-nss-sysinit-debuginfo-3.13.5-9.16.1

mozilla-nss-tools-3.13.5-9.16.1

mozilla-nss-tools-debuginfo-3.13.5-9.16.1

seamonkey-2.10-2.21.2

seamonkey-debuginfo-2.10-2.21.2

seamonkey-debugsource-2.10-2.21.2

seamonkey-dom-inspector-2.10-2.21.2

seamonkey-irc-2.10-2.21.2

seamonkey-translations-common-2.10-2.21.2

seamonkey-translations-other-2.10-2.21.2

seamonkey-venkman-2.10-2.21.2

xulrunner-13.0-2.29.2

xulrunner-buildsymbols-13.0-2.29.2

xulrunner-debuginfo-13.0-2.29.2

xulrunner-devel-13.0-2.29.2

xulrunner-devel-debuginfo-13.0-2.29.2

 

- openSUSE 12.1 (x86_64):

 

libfreebl3-32bit-3.13.5-9.16.1

libfreebl3-debuginfo-32bit-3.13.5-9.16.1

libsoftokn3-32bit-3.13.5-9.16.1

libsoftokn3-debuginfo-32bit-3.13.5-9.16.1

mozilla-js-32bit-13.0-2.29.2

mozilla-js-debuginfo-32bit-13.0-2.29.2

mozilla-nss-32bit-3.13.5-9.16.1

mozilla-nss-certs-32bit-3.13.5-9.16.1

mozilla-nss-certs-debuginfo-32bit-3.13.5-9.16.1

mozilla-nss-debuginfo-32bit-3.13.5-9.16.1

mozilla-nss-sysinit-32bit-3.13.5-9.16.1

mozilla-nss-sysinit-debuginfo-32bit-3.13.5-9.16.1

xulrunner-32bit-13.0-2.29.2

xulrunner-debuginfo-32bit-13.0-2.29.2

 

- openSUSE 12.1 (ia64):

 

libfreebl3-debuginfo-x86-3.13.5-9.16.1

libfreebl3-debuginfo-x86-debuginfo-3.13.5-9.16.1

libfreebl3-x86-3.13.5-9.16.1

libsoftokn3-debuginfo-x86-3.13.5-9.16.1

libsoftokn3-debuginfo-x86-debuginfo-3.13.5-9.16.1

libsoftokn3-x86-3.13.5-9.16.1

mozilla-js-debuginfo-x86-13.0-2.29.2

mozilla-js-debuginfo-x86-debuginfo-13.0-2.29.2

mozilla-js-x86-13.0-2.29.2

mozilla-nss-certs-debuginfo-x86-3.13.5-9.16.1

mozilla-nss-certs-debuginfo-x86-debuginfo-3.13.5-9.16.1

mozilla-nss-certs-x86-3.13.5-9.16.1

mozilla-nss-debuginfo-x86-3.13.5-9.16.1

mozilla-nss-debuginfo-x86-debuginfo-3.13.5-9.16.1

mozilla-nss-sysinit-debuginfo-x86-3.13.5-9.16.1

mozilla-nss-sysinit-debuginfo-x86-debuginfo-3.13.5-9.16.1

mozilla-nss-sysinit-x86-3.13.5-9.16.1

mozilla-nss-x86-3.13.5-9.16.1

xulrunner-debuginfo-x86-13.0-2.29.2

xulrunner-debuginfo-x86-debuginfo-13.0-2.29.2

xulrunner-x86-13.0-2.29.2

 

- openSUSE 11.4 (i586 ia64 x86_64):

 

mozilla-nss-debugsource-3.13.5-44.1

 

- openSUSE 11.4 (i586 x86_64):

 

MozillaFirefox-13.0-25.2

MozillaFirefox-branding-upstream-13.0-25.2

MozillaFirefox-buildsymbols-13.0-25.2

MozillaFirefox-debuginfo-13.0-25.2

MozillaFirefox-debugsource-13.0-25.2

MozillaFirefox-devel-13.0-25.2

MozillaFirefox-translations-common-13.0-25.2

MozillaFirefox-translations-other-13.0-25.2

MozillaThunderbird-13.0-21.2

MozillaThunderbird-buildsymbols-13.0-21.2

MozillaThunderbird-debuginfo-13.0-21.2

MozillaThunderbird-debugsource-13.0-21.2

MozillaThunderbird-devel-13.0-21.2

MozillaThunderbird-translations-common-13.0-21.2

MozillaThunderbird-translations-other-13.0-21.2

enigmail-1.4.2+13.0-21.2

enigmail-debuginfo-1.4.2+13.0-21.2

libfreebl3-3.13.5-44.1

libfreebl3-debuginfo-3.13.5-44.1

libsoftokn3-3.13.5-44.1

libsoftokn3-debuginfo-3.13.5-44.1

mozilla-nss-3.13.5-44.1

mozilla-nss-certs-3.13.5-44.1

mozilla-nss-certs-debuginfo-3.13.5-44.1

mozilla-nss-debuginfo-3.13.5-44.1

mozilla-nss-devel-3.13.5-44.1

mozilla-nss-sysinit-3.13.5-44.1

mozilla-nss-sysinit-debuginfo-3.13.5-44.1

mozilla-nss-tools-3.13.5-44.1

mozilla-nss-tools-debuginfo-3.13.5-44.1

seamonkey-2.10-21.2

seamonkey-debuginfo-2.10-21.2

seamonkey-debugsource-2.10-21.2

seamonkey-dom-inspector-2.10-21.2

seamonkey-irc-2.10-21.2

seamonkey-translations-common-2.10-21.2

seamonkey-translations-other-2.10-21.2

seamonkey-venkman-2.10-21.2

 

- openSUSE 11.4 (x86_64):

 

libfreebl3-32bit-3.13.5-44.1

libfreebl3-debuginfo-32bit-3.13.5-44.1

libsoftokn3-32bit-3.13.5-44.1

libsoftokn3-debuginfo-32bit-3.13.5-44.1

mozilla-nss-32bit-3.13.5-44.1

mozilla-nss-certs-32bit-3.13.5-44.1

mozilla-nss-certs-debuginfo-32bit-3.13.5-44.1

mozilla-nss-debuginfo-32bit-3.13.5-44.1

mozilla-nss-sysinit-32bit-3.13.5-44.1

mozilla-nss-sysinit-debuginfo-32bit-3.13.5-44.1

 

- openSUSE 11.4 (ia64):

 

libfreebl3-debuginfo-x86-3.13.5-44.1

libfreebl3-debuginfo-x86-debuginfo-3.13.5-44.1

libfreebl3-x86-3.13.5-44.1

libsoftokn3-debuginfo-x86-3.13.5-44.1

libsoftokn3-debuginfo-x86-debuginfo-3.13.5-44.1

libsoftokn3-x86-3.13.5-44.1

mozilla-nss-certs-debuginfo-x86-3.13.5-44.1

mozilla-nss-certs-debuginfo-x86-debuginfo-3.13.5-44.1

mozilla-nss-certs-x86-3.13.5-44.1

mozilla-nss-debuginfo-x86-3.13.5-44.1

mozilla-nss-debuginfo-x86-debuginfo-3.13.5-44.1

mozilla-nss-sysinit-debuginfo-x86-3.13.5-44.1

mozilla-nss-sysinit-debuginfo-x86-debuginfo-3.13.5-44.1

mozilla-nss-sysinit-x86-3.13.5-44.1

mozilla-nss-x86-3.13.5-44.1

 

 

References:

 

http://support.novell.com/security/cve/CVE-2011-3101.html

http://support.novell.com/security/cve/CVE-2012-0441.html

http://support.novell.com/security/cve/CVE-2012-1937.html

http://support.novell.com/security/cve/CVE-2012-1938.html

http://support.novell.com/security/cve/CVE-2012-1940.html

http://support.novell.com/security/cve/CVE-2012-1941.html

http://support.novell.com/security/cve/CVE-2012-1944.html

http://support.novell.com/security/cve/CVE-2012-1945.html

http://support.novell.com/security/cve/CVE-2012-1946.html

http://support.novell.com/security/cve/CVE-2012-1947.html

https://bugzilla.novell.com/765204

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×