drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in mozilla-nss und Mozilla Firefox
Name: |
Mehrere Probleme in mozilla-nss und Mozilla Firefox |
|
ID: |
openSUSE-SU-2015:0404-1 |
|
Distribution: |
SUSE |
|
Plattformen: |
openSUSE 13.1, openSUSE 13.2 |
|
Datum: |
So, 1. März 2015, 11:19 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836 |
|
Applikationen: |
Mozilla Firefox, NSS |
|
Originalnachricht |
openSUSE Security Update: Security update for MozillaFirefox, mozilla-nss ______________________________________________________________________________
Announcement ID: openSUSE-SU-2015:0404-1 Rating: important References: #910647 #917597 Cross-References: CVE-2014-1569 CVE-2015-0819 CVE-2015-0820 CVE-2015-0821 CVE-2015-0822 CVE-2015-0823 CVE-2015-0824 CVE-2015-0825 CVE-2015-0826 CVE-2015-0827 CVE-2015-0828 CVE-2015-0829 CVE-2015-0830 CVE-2015-0831 CVE-2015-0832 CVE-2015-0834 CVE-2015-0835 CVE-2015-0836 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________
An update that fixes 18 vulnerabilities is now available.
Description:
MozillaFirefox, mozilla-nss were updated to fix 18 security issues.
MozillaFirefox was updated to version 36.0. These security issues were fixed: - CVE-2015-0835, CVE-2015-0836: Miscellaneous memory safety hazards - CVE-2015-0832: Appended period to hostnames can bypass HPKP and HSTS protections - CVE-2015-0830: Malicious WebGL content crash when writing strings - CVE-2015-0834: TLS TURN and STUN connections silently fail to simple TCP connections - CVE-2015-0831: Use-after-free in IndexedDB - CVE-2015-0829: Buffer overflow in libstagefright during MP4 video playback - CVE-2015-0828: Double-free when using non-default memory allocators with a zero-length XHR - CVE-2015-0827: Out-of-bounds read and write while rendering SVG content - CVE-2015-0826: Buffer overflow during CSS restyling - CVE-2015-0825: Buffer underflow during MP3 playback - CVE-2015-0824: Crash using DrawTarget in Cairo graphics library - CVE-2015-0823: Use-after-free in Developer Console date with OpenType Sanitiser - CVE-2015-0822: Reading of local files through manipulation of form autocomplete - CVE-2015-0821: Local files or privileged URLs in pages can be opened into new tabs - CVE-2015-0819: UI Tour whitelisted sites in background tab can spoof foreground tabs - CVE-2015-0820: Caja Compiler JavaScript sandbox bypass
mozilla-nss was updated to version 3.17.4 to fix the following issues: - CVE-2014-1569: QuickDER decoder length issue (bnc#910647). - bmo#1084986: If an SSL/TLS connection fails, because client and server don't have any common protocol version enabled, NSS has been changed to report error code SSL_ERROR_UNSUPPORTED_VERSION (instead of reporting SSL_ERROR_NO_CYPHER_OVERLAP). - bmo#1112461: libpkix was fixed to prefer the newest certificate, if multiple certificates match. - bmo#1094492: fixed a memory corruption issue during failure of keypair generation. - bmo#1113632: fixed a failure to reload a PKCS#11 module in FIPS mode. - bmo#1119983: fixed interoperability of NSS server code with a LibreSSL client.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2015-185=1
- openSUSE 13.1:
zypper in -t patch openSUSE-2015-185=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.2 (i586 x86_64):
MozillaFirefox-36.0-14.2 MozillaFirefox-branding-upstream-36.0-14.2 MozillaFirefox-buildsymbols-36.0-14.2 MozillaFirefox-debuginfo-36.0-14.2 MozillaFirefox-debugsource-36.0-14.2 MozillaFirefox-devel-36.0-14.2 MozillaFirefox-translations-common-36.0-14.2 MozillaFirefox-translations-other-36.0-14.2 libfreebl3-3.17.4-9.1 libfreebl3-debuginfo-3.17.4-9.1 libsoftokn3-3.17.4-9.1 libsoftokn3-debuginfo-3.17.4-9.1 mozilla-nss-3.17.4-9.1 mozilla-nss-certs-3.17.4-9.1 mozilla-nss-certs-debuginfo-3.17.4-9.1 mozilla-nss-debuginfo-3.17.4-9.1 mozilla-nss-debugsource-3.17.4-9.1 mozilla-nss-devel-3.17.4-9.1 mozilla-nss-sysinit-3.17.4-9.1 mozilla-nss-sysinit-debuginfo-3.17.4-9.1 mozilla-nss-tools-3.17.4-9.1 mozilla-nss-tools-debuginfo-3.17.4-9.1
- openSUSE 13.2 (x86_64):
libfreebl3-32bit-3.17.4-9.1 libfreebl3-debuginfo-32bit-3.17.4-9.1 libsoftokn3-32bit-3.17.4-9.1 libsoftokn3-debuginfo-32bit-3.17.4-9.1 mozilla-nss-32bit-3.17.4-9.1 mozilla-nss-certs-32bit-3.17.4-9.1 mozilla-nss-certs-debuginfo-32bit-3.17.4-9.1 mozilla-nss-debuginfo-32bit-3.17.4-9.1 mozilla-nss-sysinit-32bit-3.17.4-9.1 mozilla-nss-sysinit-debuginfo-32bit-3.17.4-9.1
- openSUSE 13.1 (i586 x86_64):
MozillaFirefox-36.0-59.2 MozillaFirefox-branding-upstream-36.0-59.2 MozillaFirefox-buildsymbols-36.0-59.2 MozillaFirefox-debuginfo-36.0-59.2 MozillaFirefox-debugsource-36.0-59.2 MozillaFirefox-devel-36.0-59.2 MozillaFirefox-translations-common-36.0-59.2 MozillaFirefox-translations-other-36.0-59.2 libfreebl3-3.17.4-52.1 libfreebl3-debuginfo-3.17.4-52.1 libsoftokn3-3.17.4-52.1 libsoftokn3-debuginfo-3.17.4-52.1 mozilla-nss-3.17.4-52.1 mozilla-nss-certs-3.17.4-52.1 mozilla-nss-certs-debuginfo-3.17.4-52.1 mozilla-nss-debuginfo-3.17.4-52.1 mozilla-nss-debugsource-3.17.4-52.1 mozilla-nss-devel-3.17.4-52.1 mozilla-nss-sysinit-3.17.4-52.1 mozilla-nss-sysinit-debuginfo-3.17.4-52.1 mozilla-nss-tools-3.17.4-52.1 mozilla-nss-tools-debuginfo-3.17.4-52.1
- openSUSE 13.1 (x86_64):
libfreebl3-32bit-3.17.4-52.1 libfreebl3-debuginfo-32bit-3.17.4-52.1 libsoftokn3-32bit-3.17.4-52.1 libsoftokn3-debuginfo-32bit-3.17.4-52.1 mozilla-nss-32bit-3.17.4-52.1 mozilla-nss-certs-32bit-3.17.4-52.1 mozilla-nss-certs-debuginfo-32bit-3.17.4-52.1 mozilla-nss-debuginfo-32bit-3.17.4-52.1 mozilla-nss-sysinit-32bit-3.17.4-52.1 mozilla-nss-sysinit-debuginfo-32bit-3.17.4-52.1
References:
http://support.novell.com/security/cve/CVE-2014-1569.html http://support.novell.com/security/cve/CVE-2015-0819.html http://support.novell.com/security/cve/CVE-2015-0820.html http://support.novell.com/security/cve/CVE-2015-0821.html http://support.novell.com/security/cve/CVE-2015-0822.html http://support.novell.com/security/cve/CVE-2015-0823.html http://support.novell.com/security/cve/CVE-2015-0824.html http://support.novell.com/security/cve/CVE-2015-0825.html http://support.novell.com/security/cve/CVE-2015-0826.html http://support.novell.com/security/cve/CVE-2015-0827.html http://support.novell.com/security/cve/CVE-2015-0828.html http://support.novell.com/security/cve/CVE-2015-0829.html http://support.novell.com/security/cve/CVE-2015-0830.html http://support.novell.com/security/cve/CVE-2015-0831.html http://support.novell.com/security/cve/CVE-2015-0832.html http://support.novell.com/security/cve/CVE-2015-0834.html http://support.novell.com/security/cve/CVE-2015-0835.html http://support.novell.com/security/cve/CVE-2015-0836.html https://bugzilla.suse.com/910647 https://bugzilla.suse.com/917597
-- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
|
|
|
|