Login

Noch kein Login?
Daten vergessen?

 
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Mozilla Firefox
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Mozilla Firefox
ID: openSUSE-SU-2012:0760-1
Distribution: SUSE
Plattformen: SUSE openSUSE 11.4, SUSE openSUSE 12.1
Datum: Di, 19. Juni 2012, 12:36
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947

Originalnachricht

 
   openSUSE Security Update: MozillaFirefox, MozillaThunderbird, mozilla-nss,
 seamonkey, xulrunner: June
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:0760-1
Rating:             important
References:         #765204 
Cross-References:   CVE-2011-3101 CVE-2012-0441 CVE-2012-1937
                    CVE-2012-1938 CVE-2012-1940 CVE-2012-1941
                    CVE-2012-1944 CVE-2012-1945 CVE-2012-1946
                    CVE-2012-1947
Affected Products:
                    openSUSE 12.1
                    openSUSE 11.4
______________________________________________________________________________

   An update that fixes 10 vulnerabilities is now available.

Description:

   Changes in MozillaFirefox:
   - update to Firefox 13.0 (bnc#765204)
   * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
   Miscellaneous memory safety hazards
   * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content
   Security Policy inline-script bypass
   * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information
   disclosure though Windows file shares and shortcut files
   * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free
   while replacing/inserting a node in a document
   * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
   Buffer overflow and use-after-free issues found using
   Address Sanitizer
   - require NSS 3.13.4
   * MFSA 2012-39/CVE-2012-0441 (bmo#715073)
   - fix sound notifications when filename/path contains a
   whitespace (bmo#749739)

   - fix build on arm

   - reenabled crashreporter for Factory/12.2 (fix in
   mozilla-gcc47.patch)

   Changes in MozillaThunderbird:
   - update to Thunderbird 13.0 (bnc#765204)
   * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
   Miscellaneous memory safety hazards
   * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content
   Security Policy inline-script bypass
   * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information
   disclosure though Windows file shares and shortcut files
   * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free
   while replacing/inserting a node in a document
   * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
   Buffer overflow and use-after-free issues found using
   Address Sanitizer
   - require NSS 3.13.4
   * MFSA 2012-39/CVE-2012-0441 (bmo#715073)
   - fix build with system NSPR (mozilla-system-nspr.patch)
   - add dependentlibs.list for improved XRE startup
   - update enigmail to 1.4.2

   - reenabled crashreporter for Factory/12.2 (fix in
   mozilla-gcc47.patch)

   - update to Thunderbird 12.0.1
   * fix regressions
   - POP3 filters (bmo#748090)
   - Message Body not loaded when using "Fetch Headers
   Only" (bmo#748865)
   - Received messages contain parts of other messages
   with movemail account (bmo#748726)
   - New mail notification issue (bmo#748997)
   - crash in nsMsgDatabase::MatchDbName (bmo#748432)

   - fixed build with gcc 4.7

   Changes in seamonkey:
   - update to Seamonkey 2.10 (bnc#765204)
   * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
   Miscellaneous memory safety hazards
   * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content
   Security Policy inline-script bypass
   * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information
   disclosure though Windows file shares and shortcut files
   * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free
   while replacing/inserting a node in a document
   * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
   Buffer overflow and use-after-free issues found using
   Address Sanitizer
   - requires NSS 3.13.4
   * MFSA 2012-39/CVE-2012-0441 (bmo#715073)

   - update to Seamonkey 2.9.1
   * fix regressions
   - POP3 filters (bmo#748090)
   - Message Body not loaded when using "Fetch Headers
   Only" (bmo#748865)
   - Received messages contain parts of other messages
   with movemail account (bmo#748726)
   - New mail notification issue (bmo#748997)
   - crash in nsMsgDatabase::MatchDbName (bmo#748432)

   - fixed build with gcc 4.7

   Changes in mozilla-nss:
   - update to 3.13.5 RTM

   - update to 3.13.4 RTM
   * fixed some bugs
   * fixed cert verification regression in PKIX mode
   (bmo#737802) introduced in 3.13.2

   Changes in xulrunner:
   - update to 13.0 (bnc#765204)
   * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
   Miscellaneous memory safety hazards
   * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content
   Security Policy inline-script bypass
   * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information
   disclosure though Windows file shares and shortcut files
   * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free
   while replacing/inserting a node in a document
   * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
   Buffer overflow and use-after-free issues found using
   Address Sanitizer
   - require NSS 3.13.4
   * MFSA 2012-39/CVE-2012-0441 (bmo#715073)
   - reenabled crashreporter for Factory/12.2 (fixed in
   mozilla-gcc47.patch)


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.1:

      zypper in -t patch openSUSE-2012-333

   - openSUSE 11.4:

      zypper in -t patch openSUSE-2012-333

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 12.1 (i586 ia64 x86_64):

      mozilla-nss-debugsource-3.13.5-9.16.1
      xulrunner-debugsource-13.0-2.29.2

   - openSUSE 12.1 (i586 x86_64):

      MozillaFirefox-13.0-2.30.1
      MozillaFirefox-branding-upstream-13.0-2.30.1
      MozillaFirefox-buildsymbols-13.0-2.30.1
      MozillaFirefox-debuginfo-13.0-2.30.1
      MozillaFirefox-debugsource-13.0-2.30.1
      MozillaFirefox-devel-13.0-2.30.1
      MozillaFirefox-translations-common-13.0-2.30.1
      MozillaFirefox-translations-other-13.0-2.30.1
      MozillaThunderbird-13.0-33.23.2
      MozillaThunderbird-buildsymbols-13.0-33.23.2
      MozillaThunderbird-debuginfo-13.0-33.23.2
      MozillaThunderbird-debugsource-13.0-33.23.2
      MozillaThunderbird-devel-13.0-33.23.2
      MozillaThunderbird-translations-common-13.0-33.23.2
      MozillaThunderbird-translations-other-13.0-33.23.2
      chmsee-1.99.08-2.18.3
      chmsee-debuginfo-1.99.08-2.18.3
      chmsee-debugsource-1.99.08-2.18.3
      enigmail-1.4.2+13.0-33.23.2
      enigmail-debuginfo-1.4.2+13.0-33.23.2
      libfreebl3-3.13.5-9.16.1
      libfreebl3-debuginfo-3.13.5-9.16.1
      libsoftokn3-3.13.5-9.16.1
      libsoftokn3-debuginfo-3.13.5-9.16.1
      mozilla-js-13.0-2.29.2
      mozilla-js-debuginfo-13.0-2.29.2
      mozilla-nss-3.13.5-9.16.1
      mozilla-nss-certs-3.13.5-9.16.1
      mozilla-nss-certs-debuginfo-3.13.5-9.16.1
      mozilla-nss-debuginfo-3.13.5-9.16.1
      mozilla-nss-devel-3.13.5-9.16.1
      mozilla-nss-sysinit-3.13.5-9.16.1
      mozilla-nss-sysinit-debuginfo-3.13.5-9.16.1
      mozilla-nss-tools-3.13.5-9.16.1
      mozilla-nss-tools-debuginfo-3.13.5-9.16.1
      seamonkey-2.10-2.21.2
      seamonkey-debuginfo-2.10-2.21.2
      seamonkey-debugsource-2.10-2.21.2
      seamonkey-dom-inspector-2.10-2.21.2
      seamonkey-irc-2.10-2.21.2
      seamonkey-translations-common-2.10-2.21.2
      seamonkey-translations-other-2.10-2.21.2
      seamonkey-venkman-2.10-2.21.2
      xulrunner-13.0-2.29.2
      xulrunner-buildsymbols-13.0-2.29.2
      xulrunner-debuginfo-13.0-2.29.2
      xulrunner-devel-13.0-2.29.2
      xulrunner-devel-debuginfo-13.0-2.29.2

   - openSUSE 12.1 (x86_64):

      libfreebl3-32bit-3.13.5-9.16.1
      libfreebl3-debuginfo-32bit-3.13.5-9.16.1
      libsoftokn3-32bit-3.13.5-9.16.1
      libsoftokn3-debuginfo-32bit-3.13.5-9.16.1
      mozilla-js-32bit-13.0-2.29.2
      mozilla-js-debuginfo-32bit-13.0-2.29.2
      mozilla-nss-32bit-3.13.5-9.16.1
      mozilla-nss-certs-32bit-3.13.5-9.16.1
      mozilla-nss-certs-debuginfo-32bit-3.13.5-9.16.1
      mozilla-nss-debuginfo-32bit-3.13.5-9.16.1
      mozilla-nss-sysinit-32bit-3.13.5-9.16.1
      mozilla-nss-sysinit-debuginfo-32bit-3.13.5-9.16.1
      xulrunner-32bit-13.0-2.29.2
      xulrunner-debuginfo-32bit-13.0-2.29.2

   - openSUSE 12.1 (ia64):

      libfreebl3-debuginfo-x86-3.13.5-9.16.1
      libfreebl3-debuginfo-x86-debuginfo-3.13.5-9.16.1
      libfreebl3-x86-3.13.5-9.16.1
      libsoftokn3-debuginfo-x86-3.13.5-9.16.1
      libsoftokn3-debuginfo-x86-debuginfo-3.13.5-9.16.1
      libsoftokn3-x86-3.13.5-9.16.1
      mozilla-js-debuginfo-x86-13.0-2.29.2
      mozilla-js-debuginfo-x86-debuginfo-13.0-2.29.2
      mozilla-js-x86-13.0-2.29.2
      mozilla-nss-certs-debuginfo-x86-3.13.5-9.16.1
      mozilla-nss-certs-debuginfo-x86-debuginfo-3.13.5-9.16.1
      mozilla-nss-certs-x86-3.13.5-9.16.1
      mozilla-nss-debuginfo-x86-3.13.5-9.16.1
      mozilla-nss-debuginfo-x86-debuginfo-3.13.5-9.16.1
      mozilla-nss-sysinit-debuginfo-x86-3.13.5-9.16.1
      mozilla-nss-sysinit-debuginfo-x86-debuginfo-3.13.5-9.16.1
      mozilla-nss-sysinit-x86-3.13.5-9.16.1
      mozilla-nss-x86-3.13.5-9.16.1
      xulrunner-debuginfo-x86-13.0-2.29.2
      xulrunner-debuginfo-x86-debuginfo-13.0-2.29.2
      xulrunner-x86-13.0-2.29.2

   - openSUSE 11.4 (i586 ia64 x86_64):

      mozilla-nss-debugsource-3.13.5-44.1

   - openSUSE 11.4 (i586 x86_64):

      MozillaFirefox-13.0-25.2
      MozillaFirefox-branding-upstream-13.0-25.2
      MozillaFirefox-buildsymbols-13.0-25.2
      MozillaFirefox-debuginfo-13.0-25.2
      MozillaFirefox-debugsource-13.0-25.2
      MozillaFirefox-devel-13.0-25.2
      MozillaFirefox-translations-common-13.0-25.2
      MozillaFirefox-translations-other-13.0-25.2
      MozillaThunderbird-13.0-21.2
      MozillaThunderbird-buildsymbols-13.0-21.2
      MozillaThunderbird-debuginfo-13.0-21.2
      MozillaThunderbird-debugsource-13.0-21.2
      MozillaThunderbird-devel-13.0-21.2
      MozillaThunderbird-translations-common-13.0-21.2
      MozillaThunderbird-translations-other-13.0-21.2
      enigmail-1.4.2+13.0-21.2
      enigmail-debuginfo-1.4.2+13.0-21.2
      libfreebl3-3.13.5-44.1
      libfreebl3-debuginfo-3.13.5-44.1
      libsoftokn3-3.13.5-44.1
      libsoftokn3-debuginfo-3.13.5-44.1
      mozilla-nss-3.13.5-44.1
      mozilla-nss-certs-3.13.5-44.1
      mozilla-nss-certs-debuginfo-3.13.5-44.1
      mozilla-nss-debuginfo-3.13.5-44.1
      mozilla-nss-devel-3.13.5-44.1
      mozilla-nss-sysinit-3.13.5-44.1
      mozilla-nss-sysinit-debuginfo-3.13.5-44.1
      mozilla-nss-tools-3.13.5-44.1
      mozilla-nss-tools-debuginfo-3.13.5-44.1
      seamonkey-2.10-21.2
      seamonkey-debuginfo-2.10-21.2
      seamonkey-debugsource-2.10-21.2
      seamonkey-dom-inspector-2.10-21.2
      seamonkey-irc-2.10-21.2
      seamonkey-translations-common-2.10-21.2
      seamonkey-translations-other-2.10-21.2
      seamonkey-venkman-2.10-21.2

   - openSUSE 11.4 (x86_64):

      libfreebl3-32bit-3.13.5-44.1
      libfreebl3-debuginfo-32bit-3.13.5-44.1
      libsoftokn3-32bit-3.13.5-44.1
      libsoftokn3-debuginfo-32bit-3.13.5-44.1
      mozilla-nss-32bit-3.13.5-44.1
      mozilla-nss-certs-32bit-3.13.5-44.1
      mozilla-nss-certs-debuginfo-32bit-3.13.5-44.1
      mozilla-nss-debuginfo-32bit-3.13.5-44.1
      mozilla-nss-sysinit-32bit-3.13.5-44.1
      mozilla-nss-sysinit-debuginfo-32bit-3.13.5-44.1

   - openSUSE 11.4 (ia64):

      libfreebl3-debuginfo-x86-3.13.5-44.1
      libfreebl3-debuginfo-x86-debuginfo-3.13.5-44.1
      libfreebl3-x86-3.13.5-44.1
      libsoftokn3-debuginfo-x86-3.13.5-44.1
      libsoftokn3-debuginfo-x86-debuginfo-3.13.5-44.1
      libsoftokn3-x86-3.13.5-44.1
      mozilla-nss-certs-debuginfo-x86-3.13.5-44.1
      mozilla-nss-certs-debuginfo-x86-debuginfo-3.13.5-44.1
      mozilla-nss-certs-x86-3.13.5-44.1
      mozilla-nss-debuginfo-x86-3.13.5-44.1
      mozilla-nss-debuginfo-x86-debuginfo-3.13.5-44.1
      mozilla-nss-sysinit-debuginfo-x86-3.13.5-44.1
      mozilla-nss-sysinit-debuginfo-x86-debuginfo-3.13.5-44.1
      mozilla-nss-sysinit-x86-3.13.5-44.1
      mozilla-nss-x86-3.13.5-44.1


References:

   http://support.novell.com/security/cve/CVE-2011-3101.html
   http://support.novell.com/security/cve/CVE-2012-0441.html
   http://support.novell.com/security/cve/CVE-2012-1937.html
   http://support.novell.com/security/cve/CVE-2012-1938.html
   http://support.novell.com/security/cve/CVE-2012-1940.html
   http://support.novell.com/security/cve/CVE-2012-1941.html
   http://support.novell.com/security/cve/CVE-2012-1944.html
   http://support.novell.com/security/cve/CVE-2012-1945.html
   http://support.novell.com/security/cve/CVE-2012-1946.html
   http://support.novell.com/security/cve/CVE-2012-1947.html
   https://bugzilla.novell.com/765204

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Gewinnspiel
Neue Nachrichten

2
Herzog August Bi­b­lio­thek stellt di­gi­ta­li­sier­te Werke unter Creative Commons

4
Kanotix »Dra­gon­fire« LinuxTag 2013 ver­öf­fent­licht

8
Chrome 28 Beta mit neuer Ren­de­rin­g-En­gi­ne Blink

5
m23 13.1 frei­ge­ge­ben

0
Docpatch: Open-Da­ta­-Platt­form für das deutsche Grund­ge­setz

24
KDE Frame­works 5 und Plasma Works­paces 2 nähern sich

3
Pidora – Fedora für den Pi

2
NetBSD 6.1 frei­ge­ge­ben

16
Keine Downloads mehr auf Google Code

39
Debian GNU/Hurd 2013: Debian mit Mach-Mi­cro­ker­nel
 
Werbung