Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in mozilla-nss und Mozilla Firefox
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in mozilla-nss und Mozilla Firefox
ID: openSUSE-SU-2016:1557-1
Distribution: SUSE
Plattformen: openSUSE 13.1
Datum: So, 12. Juni 2016, 10:24
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2832
Applikationen: Mozilla Firefox, NSS

Originalnachricht

   openSUSE Security Update: Security update for MozillaFirefox, mozilla-nss
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:1557-1
Rating: important
References: #980384 #981695 #983549 #983632 #983638 #983639
#983640 #983643 #983644 #983646 #983649 #983651
#983652 #983653 #983655
Cross-References: CVE-2016-1950 CVE-2016-2815 CVE-2016-2818
CVE-2016-2819 CVE-2016-2821 CVE-2016-2822
CVE-2016-2824 CVE-2016-2825 CVE-2016-2828
CVE-2016-2829 CVE-2016-2831 CVE-2016-2832
CVE-2016-2833 CVE-2016-2834
Affected Products:
openSUSE 13.1
______________________________________________________________________________

An update that solves 14 vulnerabilities and has one errata
is now available.

Description:

This update to Mozilla Firefox 47 fixes the following issues (boo#983549):

Security fixes:

- CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards
(boo#983638 MFSA 2016-49)
- CVE-2016-2819: Buffer overflow parsing HTML5 fragments (boo#983655
MFSA 2016-50)
- CVE-2016-2821: Use-after-free deleting tables from a contenteditable
document (boo#983653 MFSA 2016-51)
- CVE-2016-2822: Addressbar spoofing though the SELECT element
(boo#983652 MFSA 2016-52)
- CVE-2016-2824: Out-of-bounds write with WebGL shader (boo#983651 MFSA
2016-53)
- CVE-2016-2825: Partial same-origin-policy through setting
location.host through data URI (boo#983649 MFSA 2016-54)
- CVE-2016-2828: Use-after-free when textures are used in WebGL
operations after recycle pool destruction (boo#983646 MFSA 2016-56)
- CVE-2016-2829: Incorrect icon displayed on permissions notifications
(boo#983644 MFSA 2016-57)
- CVE-2016-2831: Entering fullscreen and persistent pointerlock without
user permission (boo#983643 MFSA 2016-58)
- CVE-2016-2832: Information disclosure of disabled plugins through CSS
pseudo-classes (boo#983632 MFSA 2016-59)
- CVE-2016-2833: Java applets bypass CSP protections (boo#983640 MFSA
2016-60)

Mozilla NSS was updated to 3.23 to address the following vulnerabilities:

- CVE-2016-2834: Memory safety bugs (boo#983639 MFSA-2016-61)

The following non-security changes are included:

- Enable VP9 video codec for users with fast machines
- Embedded YouTube videos now play with HTML5 video if Flash is not
installed
- View and search open tabs from your smartphone or another computer in
a sidebar
- Allow no-cache on back/forward navigations for https resources

The following packaging changes are included:

- boo#981695: cleanup configure options, notably removing GStreamer
support which is gone from FF
- boo#980384: enable build with PIE and full relro on x86_64

The following new functionality is provided:

- ChaCha20/Poly1305 cipher and TLS cipher suites now supported
- The list of TLS extensions sent in the TLS handshake has been
reordered to increase compatibility of the Extended Master Secret
with with servers


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch 2016-714=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i586 x86_64):

MozillaFirefox-47.0-116.1
MozillaFirefox-branding-upstream-47.0-116.1
MozillaFirefox-buildsymbols-47.0-116.1
MozillaFirefox-debuginfo-47.0-116.1
MozillaFirefox-debugsource-47.0-116.1
MozillaFirefox-devel-47.0-116.1
MozillaFirefox-translations-common-47.0-116.1
MozillaFirefox-translations-other-47.0-116.1
libfreebl3-3.23-80.1
libfreebl3-debuginfo-3.23-80.1
libsoftokn3-3.23-80.1
libsoftokn3-debuginfo-3.23-80.1
mozilla-nss-3.23-80.1
mozilla-nss-certs-3.23-80.1
mozilla-nss-certs-debuginfo-3.23-80.1
mozilla-nss-debuginfo-3.23-80.1
mozilla-nss-debugsource-3.23-80.1
mozilla-nss-devel-3.23-80.1
mozilla-nss-sysinit-3.23-80.1
mozilla-nss-sysinit-debuginfo-3.23-80.1
mozilla-nss-tools-3.23-80.1
mozilla-nss-tools-debuginfo-3.23-80.1

- openSUSE 13.1 (x86_64):

libfreebl3-32bit-3.23-80.1
libfreebl3-debuginfo-32bit-3.23-80.1
libsoftokn3-32bit-3.23-80.1
libsoftokn3-debuginfo-32bit-3.23-80.1
mozilla-nss-32bit-3.23-80.1
mozilla-nss-certs-32bit-3.23-80.1
mozilla-nss-certs-debuginfo-32bit-3.23-80.1
mozilla-nss-debuginfo-32bit-3.23-80.1
mozilla-nss-sysinit-32bit-3.23-80.1
mozilla-nss-sysinit-debuginfo-32bit-3.23-80.1


References:

https://www.suse.com/security/cve/CVE-2016-1950.html
https://www.suse.com/security/cve/CVE-2016-2815.html
https://www.suse.com/security/cve/CVE-2016-2818.html
https://www.suse.com/security/cve/CVE-2016-2819.html
https://www.suse.com/security/cve/CVE-2016-2821.html
https://www.suse.com/security/cve/CVE-2016-2822.html
https://www.suse.com/security/cve/CVE-2016-2824.html
https://www.suse.com/security/cve/CVE-2016-2825.html
https://www.suse.com/security/cve/CVE-2016-2828.html
https://www.suse.com/security/cve/CVE-2016-2829.html
https://www.suse.com/security/cve/CVE-2016-2831.html
https://www.suse.com/security/cve/CVE-2016-2832.html
https://www.suse.com/security/cve/CVE-2016-2833.html
https://www.suse.com/security/cve/CVE-2016-2834.html
https://bugzilla.suse.com/980384
https://bugzilla.suse.com/981695
https://bugzilla.suse.com/983549
https://bugzilla.suse.com/983632
https://bugzilla.suse.com/983638
https://bugzilla.suse.com/983639
https://bugzilla.suse.com/983640
https://bugzilla.suse.com/983643
https://bugzilla.suse.com/983644
https://bugzilla.suse.com/983646
https://bugzilla.suse.com/983649
https://bugzilla.suse.com/983651
https://bugzilla.suse.com/983652
https://bugzilla.suse.com/983653
https://bugzilla.suse.com/983655

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung