Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[security-announce] openSUSE-SU-2013:0131-1: important: Mozilla Januarys

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

openSUSE Security Update: Mozilla Januarys

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2013:0131-1

Rating: important

References: #796628 #796895

Cross-References: CVE-2012-0759 CVE-2012-5829 CVE-2013-0743

CVE-2013-0744 CVE-2013-0745 CVE-2013-0746

CVE-2013-0747 CVE-2013-0748 CVE-2013-0749

CVE-2013-0750 CVE-2013-0751 CVE-2013-0752

CVE-2013-0753 CVE-2013-0754 CVE-2013-0755

CVE-2013-0756 CVE-2013-0757 CVE-2013-0758

CVE-2013-0760 CVE-2013-0761 CVE-2013-0762

CVE-2013-0763 CVE-2013-0764 CVE-2013-0766

CVE-2013-0767 CVE-2013-0768 CVE-2013-0769

CVE-2013-0770 CVE-2013-0771

Affected Products:

openSUSE 11.4/standard/i586/patchinfo.40

______________________________________________________________________________

 

An update that fixes 29 vulnerabilities is now available.

 

Description:

 

The Mozilla January 8th 2013 security release contains

updates:

 

Mozilla Firefox was updated to version 18.0. Mozilla

Seamonkey was updated to version 2.15. Mozilla Thunderbird

was updated to version 17.0.2.

 

* MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770

Miscellaneous memory safety hazards

* MFSA

2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0

767

CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829

Use-after-free and buffer overflow issues found using

Address Sanitizer

* MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow

in Canvas

* MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in

addressbar during page loads

* MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free

when displaying table with many columns and column groups

* MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are

shared across iframes

* MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to

handling of SSL on threads

* MFSA 2013-08/CVE-2013-0745 (bmo#794158)

AutoWrapperChanger fails to keep objects alive during

garbage collection

* MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment

mismatch with quickstubs returned values

* MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event

manipulation in plugin handler to bypass same-origin

policy

* MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space

layout leaked in XBL objects

* MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow

in Javascript string concatenation

* MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption

in XBL with XML bindings containing SVG

* MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object

Wrapper (COW) bypass through changing prototype

* MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege

escalation through plugin objects

* MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in

serializeToStream

* MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in

ListenerManager

* MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in

Vibrate

* MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in

Javascript Proxy objects

 

Mozilla NSPR was updated to 4.9.4, containing some small

bugfixes and new features.

 

Mozilla NSS was updated to 3.14.1 containing various new

features, security fix and bugfixes:

 

* MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628)

revoke mis-issued intermediate certificates from TURKTRUST

 

Cryptographic changes done:

* Support for TLS 1.1 (RFC 4346)

* Experimental support for DTLS 1.0 (RFC 4347) and

DTLS-SRTP (RFC 5764)

* Support for AES-CTR, AES-CTS, and AES-GCM

* Support for Keying Material Exporters for TLS (RFC 5705)

* Support for certificate signatures using the MD5 hash

algorithm is now disabled by default

* The NSS license has changed to MPL 2.0. Previous releases

were released under a MPL 1.1/GPL 2.0/LGPL 2.1

tri-license. For more information about MPL 2.0, please

see http://www.mozilla.org/MPL/2.0/FAQ.html. For an

additional explanation on GPL/LGPL compatibility, see

security/nss/COPYING in the source code.

* Export and DES cipher suites are disabled by default.

Non-ECC AES and Triple DES cipher suites are enabled by

default

 

Please see http://www.mozilla.org/security/announce/ for

more information.

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE 11.4/standard/i586/patchinfo.40:

 

zypper in -t patch 2013-4

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE 11.4/standard/i586/patchinfo.40 (i586 x86_64):

 

MozillaFirefox-18.0-57.1

MozillaFirefox-branding-upstream-18.0-57.1

MozillaFirefox-buildsymbols-18.0-57.1

MozillaFirefox-debuginfo-18.0-57.1

MozillaFirefox-debugsource-18.0-57.1

MozillaFirefox-devel-18.0-57.1

MozillaFirefox-translations-common-18.0-57.1

MozillaFirefox-translations-other-18.0-57.1

MozillaThunderbird-17.0.2-45.1

MozillaThunderbird-buildsymbols-17.0.2-45.1

MozillaThunderbird-debuginfo-17.0.2-45.1

MozillaThunderbird-debugsource-17.0.2-45.1

MozillaThunderbird-devel-17.0.2-45.1

MozillaThunderbird-devel-debuginfo-17.0.2-45.1

MozillaThunderbird-translations-common-17.0.2-45.1

MozillaThunderbird-translations-other-17.0.2-45.1

enigmail-1.5.0+17.0.2-45.1

enigmail-debuginfo-1.5.0+17.0.2-45.1

libfreebl3-3.14.1-51.1

libfreebl3-debuginfo-3.14.1-51.1

libsoftokn3-3.14.1-51.1

libsoftokn3-debuginfo-3.14.1-51.1

mozilla-nspr-4.9.4-20.1

mozilla-nspr-debuginfo-4.9.4-20.1

mozilla-nspr-debugsource-4.9.4-20.1

mozilla-nspr-devel-4.9.4-20.1

mozilla-nss-3.14.1-51.1

mozilla-nss-certs-3.14.1-51.1

mozilla-nss-certs-debuginfo-3.14.1-51.1

mozilla-nss-debuginfo-3.14.1-51.1

mozilla-nss-debugsource-3.14.1-51.1

mozilla-nss-devel-3.14.1-51.1

mozilla-nss-sysinit-3.14.1-51.1

mozilla-nss-sysinit-debuginfo-3.14.1-51.1

mozilla-nss-tools-3.14.1-51.1

mozilla-nss-tools-debuginfo-3.14.1-51.1

seamonkey-2.15-49.1

seamonkey-debuginfo-2.15-49.1

seamonkey-debugsource-2.15-49.1

seamonkey-dom-inspector-2.15-49.1

seamonkey-irc-2.15-49.1

seamonkey-translations-common-2.15-49.1

seamonkey-translations-other-2.15-49.1

seamonkey-venkman-2.15-49.1

 

- openSUSE 11.4/standard/i586/patchinfo.40 (x86_64):

 

libfreebl3-32bit-3.14.1-51.1

libfreebl3-debuginfo-32bit-3.14.1-51.1

libsoftokn3-32bit-3.14.1-51.1

libsoftokn3-debuginfo-32bit-3.14.1-51.1

mozilla-nspr-32bit-4.9.4-20.1

mozilla-nspr-debuginfo-32bit-4.9.4-20.1

mozilla-nss-32bit-3.14.1-51.1

mozilla-nss-certs-32bit-3.14.1-51.1

mozilla-nss-certs-debuginfo-32bit-3.14.1-51.1

mozilla-nss-debuginfo-32bit-3.14.1-51.1

mozilla-nss-sysinit-32bit-3.14.1-51.1

mozilla-nss-sysinit-debuginfo-32bit-3.14.1-51.1

 

- openSUSE 11.4/standard/i586/patchinfo.40 (ia64):

 

libfreebl3-debuginfo-x86-3.14.1-51.1

libfreebl3-x86-3.14.1-51.1

libsoftokn3-debuginfo-x86-3.14.1-51.1

libsoftokn3-x86-3.14.1-51.1

mozilla-nspr-debuginfo-x86-4.9.4-20.1

mozilla-nspr-x86-4.9.4-20.1

mozilla-nss-certs-debuginfo-x86-3.14.1-51.1

mozilla-nss-certs-x86-3.14.1-51.1

mozilla-nss-debuginfo-x86-3.14.1-51.1

mozilla-nss-sysinit-debuginfo-x86-3.14.1-51.1

mozilla-nss-sysinit-x86-3.14.1-51.1

mozilla-nss-x86-3.14.1-51.1

 

 

References:

 

http://support.novell.com/security/cve/CVE-2012-0759.html

http://support.novell.com/security/cve/CVE-2012-5829.html

http://support.novell.com/security/cve/CVE-2013-0743.html

http://support.novell.com/security/cve/CVE-2013-0744.html

http://support.novell.com/security/cve/CVE-2013-0745.html

http://support.novell.com/security/cve/CVE-2013-0746.html

http://support.novell.com/security/cve/CVE-2013-0747.html

http://support.novell.com/security/cve/CVE-2013-0748.html

http://support.novell.com/security/cve/CVE-2013-0749.html

http://support.novell.com/security/cve/CVE-2013-0750.html

http://support.novell.com/security/cve/CVE-2013-0751.html

http://support.novell.com/security/cve/CVE-2013-0752.html

http://support.novell.com/security/cve/CVE-2013-0753.html

http://support.novell.com/security/cve/CVE-2013-0754.html

http://support.novell.com/security/cve/CVE-2013-0755.html

http://support.novell.com/security/cve/CVE-2013-0756.html

http://support.novell.com/security/cve/CVE-2013-0757.html

http://support.novell.com/security/cve/CVE-2013-0758.html

http://support.novell.com/security/cve/CVE-2013-0760.html

http://support.novell.com/security/cve/CVE-2013-0761.html

http://support.novell.com/security/cve/CVE-2013-0762.html

http://support.novell.com/security/cve/CVE-2013-0763.html

http://support.novell.com/security/cve/CVE-2013-0764.html

http://support.novell.com/security/cve/CVE-2013-0766.html

http://support.novell.com/security/cve/CVE-2013-0767.html

http://support.novell.com/security/cve/CVE-2013-0768.html

http://support.novell.com/security/cve/CVE-2013-0769.html

http://support.novell.com/security/cve/CVE-2013-0770.html

http://support.novell.com/security/cve/CVE-2013-0771.html

https://bugzilla.novell.com/796628

https://bugzilla.novell.com/796895

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×