Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Mozilla Firefox
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Mozilla Firefox
ID: openSUSE-SU-2017:1099-1
Distribution: SUSE
Plattformen: SUSE openSUSE Leap 42.1, SUSE openSUSE Leap 42.2
Datum: Di, 25. April 2017, 06:25
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5443

Originalnachricht

   openSUSE Security Update: Security update for Mozilla Firefox
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:1099-1
Rating: important
References: #1035082
Cross-References: CVE-2017-5429 CVE-2017-5443 CVE-2017-5444
CVE-2017-5446 CVE-2017-5447 CVE-2017-5448
CVE-2017-5449 CVE-2017-5460 CVE-2017-5461
CVE-2017-5464 CVE-2017-5465 CVE-2017-5466
CVE-2017-5467
Affected Products:
openSUSE Leap 42.2
openSUSE Leap 42.1
______________________________________________________________________________

An update that fixes 13 vulnerabilities is now available.

Description:

Mozilla Firefox was updated to Firefox 52.1.0esr.

The following vulnerabilities were fixed (bsc#1035082):

- CVE-2017-5443: Out-of-bounds write during BinHex decoding
- CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9,
and Firefox ESR 52.1
- CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
- CVE-2017-5465: Out-of-bounds read in ConvolvePixel
- CVE-2017-5466: Origin confusion when reloading isolated data:text/html
URL
- CVE-2017-5467: Memory corruption when drawing Skia content
- CVE-2017-5460: Use-after-free in frame selection
- CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
- CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
- CVE-2017-5449: Crash during bidirectional unicode manipulation with
animation
- CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with
incorrect data
- CVE-2017-5447: Out-of-bounds read during glyph processing
- CVE-2017-5444: Buffer overflow while parsing
application/http-index-format content

The package is now following the ESR 52 branch:

- Enable plugin support by default
- service workers are disabled by default
- push notifications are disabled by default
- WebAssembly (wasm) is disabled
- Less use of multiprocess architecture Electrolysis (e10s)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-509=1

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2017-509=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.2 (i586 x86_64):

MozillaFirefox-52.1.0-57.6.1
MozillaFirefox-branding-upstream-52.1.0-57.6.1
MozillaFirefox-buildsymbols-52.1.0-57.6.1
MozillaFirefox-debuginfo-52.1.0-57.6.1
MozillaFirefox-debugsource-52.1.0-57.6.1
MozillaFirefox-devel-52.1.0-57.6.1
MozillaFirefox-translations-common-52.1.0-57.6.1
MozillaFirefox-translations-other-52.1.0-57.6.1

- openSUSE Leap 42.1 (x86_64):

MozillaFirefox-52.1.0-61.1
MozillaFirefox-branding-upstream-52.1.0-61.1
MozillaFirefox-buildsymbols-52.1.0-61.1
MozillaFirefox-debuginfo-52.1.0-61.1
MozillaFirefox-debugsource-52.1.0-61.1
MozillaFirefox-devel-52.1.0-61.1
MozillaFirefox-translations-common-52.1.0-61.1
MozillaFirefox-translations-other-52.1.0-61.1


References:

https://www.suse.com/security/cve/CVE-2017-5429.html
https://www.suse.com/security/cve/CVE-2017-5443.html
https://www.suse.com/security/cve/CVE-2017-5444.html
https://www.suse.com/security/cve/CVE-2017-5446.html
https://www.suse.com/security/cve/CVE-2017-5447.html
https://www.suse.com/security/cve/CVE-2017-5448.html
https://www.suse.com/security/cve/CVE-2017-5449.html
https://www.suse.com/security/cve/CVE-2017-5460.html
https://www.suse.com/security/cve/CVE-2017-5461.html
https://www.suse.com/security/cve/CVE-2017-5464.html
https://www.suse.com/security/cve/CVE-2017-5465.html
https://www.suse.com/security/cve/CVE-2017-5466.html
https://www.suse.com/security/cve/CVE-2017-5467.html
https://bugzilla.suse.com/1035082

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung