Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Mozilla SeaMonkey
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Mozilla SeaMonkey
ID: 201701-35
Distribution: Gentoo
Plattformen: Keine Angabe
Datum: Fr, 13. Januar 2017, 16:39
Referenzen: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9079
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1522
Applikationen: Mozilla SeaMonkey

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--dVepU7Sj4bwF2HM8VpX46jnHgngqfa8rR
Content-Type: multipart/mixed;
boundary="1Sv3wfvwEwiJU9cx0AiIJ7Qs50obcooPI"
From: Aaron Bauman <bman@gentoo.org>
To: gentoo-announce@lists.gentoo.org
Message-ID: <9d8f9adc-0469-ed35-b05b-ac06d1508e00@gentoo.org>
Subject: [ GLSA 201701-35 ] Mozilla SeaMonkey: Multiple vulnerabilities

--1Sv3wfvwEwiJU9cx0AiIJ7Qs50obcooPI
Content-Type: multipart/alternative;
boundary="------------4D3127F3C16A479D35903AA6"

This is a multi-part message in MIME format.
--------------4D3127F3C16A479D35903AA6
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201701-35
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Mozilla SeaMonkey: Multiple vulnerabilities
Date: January 13, 2017
Bugs: #539242, #541506, #574968, #604500
ID: 201701-35

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Mozilla SeaMonkey, the
worst of which could lead to the remote execution of arbitrary code.

Background
==========

Mozilla SeaMonkey is a free and open-source Internet suite. It is the
continuation of the former Mozilla Application Suite, based on the same
source code.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/seamonkey < 2.46-r1 >= 2.46-r1
2 www-client/seamonkey-bin
< 2.46 >= 2.46
-------------------------------------------------------------------
2 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Mozilla SeaMonkey.
Please review the CVE identifiers referenced below for details.

Impact
======

A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, or
obtain sensitive information.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Mozilla SeaMonkey users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
">=www-client/seamonkey-2.46-r1"

All Mozilla SeaMonkey-bin users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
">=www-client/seamonkey-bin-2.46"

References
==========

[ 1 ] CVE-2016-1521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1521
[ 2 ] CVE-2016-1521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1521
[ 3 ] CVE-2016-1522
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1522
[ 4 ] CVE-2016-1522
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1522
[ 5 ] CVE-2016-1523
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523
[ 6 ] CVE-2016-1523
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523
[ 7 ] CVE-2016-1526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1526
[ 8 ] CVE-2016-1526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1526
[ 9 ] CVE-2016-9079
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9079

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201701-35

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


--------------4D3127F3C16A479D35903AA6
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html>
<head>

<meta http-equiv=3D"Content-Type" content=3D"text/html;
charset=3Dutf=
-8">
</head>
<body bgcolor=3D"#FFFFFF" text=3D"#000000">
<p>
<meta http-equiv=3D"Content-Type" content=3D"text/html;
charset=3Du=
tf-8">
</p>
<pre style=3D"color: rgb(0, 0, 0); font-style: normal;
font-variant-l=
igatures: normal; font-variant-caps: normal; font-weight: normal; letter-=
spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-tr=
ansform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0=
px; word-wrap: break-word; white-space: pre-wrap;">- - - - - - - - - - -
=
- - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201701-35
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
<a
class=3D"moz-txt-link-freet=
ext" href=3D"https://security.gentoo.org/">https://security.gentoo.org/</=
a>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Mozilla SeaMonkey: Multiple vulnerabilities
Date: January 13, 2017
Bugs: #539242, #541506, #574968, #604500
ID: 201701-35

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=3D=3D=3D=3D=3D=3D=3D=3D

Multiple vulnerabilities have been found in Mozilla SeaMonkey, the
worst of which could lead to the remote execution of arbitrary code.

Background
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Mozilla SeaMonkey is a free and open-source Internet suite. It is the
continuation of the former Mozilla Application Suite, based on the same
source code.

Affected packages
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/seamonkey &lt; 2.46-r1 &gt;=3D
2.4=
6-r1=20
2 www-client/seamonkey-bin
&lt; 2.46
&gt;=3D =
2.46=20
-------------------------------------------------------------------
2 affected packages

Description
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Multiple vulnerabilities have been discovered in Mozilla SeaMonkey.
Please review the CVE identifiers referenced below for details.

Impact
=3D=3D=3D=3D=3D=3D

A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, or
obtain sensitive information.

Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

There is no known workaround at this time.

Resolution
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

All Mozilla SeaMonkey users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=3Dwww-client/seamonkey-2.46-r1=
"

All Mozilla SeaMonkey-bin users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=3Dwww-client/seamonkey-bin-2.4=
6"

References
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

[ 1 ] CVE-2016-1521
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd.=
cfm?cvename=3DCVE-2016-1521">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-20=
16-1521</a>
[ 2 ] CVE-2016-1521
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd.=
cfm?cvename=3DCVE-2016-1521">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-20=
16-1521</a>
[ 3 ] CVE-2016-1522
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd.=
cfm?cvename=3DCVE-2016-1522">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-20=
16-1522</a>
[ 4 ] CVE-2016-1522
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd.=
cfm?cvename=3DCVE-2016-1522">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-20=
16-1522</a>
[ 5 ] CVE-2016-1523
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd.=
cfm?cvename=3DCVE-2016-1523">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-20=
16-1523</a>
[ 6 ] CVE-2016-1523
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd.=
cfm?cvename=3DCVE-2016-1523">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-20=
16-1523</a>
[ 7 ] CVE-2016-1526
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd.=
cfm?cvename=3DCVE-2016-1526">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-20=
16-1526</a>
[ 8 ] CVE-2016-1526
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd.=
cfm?cvename=3DCVE-2016-1526">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-20=
16-1526</a>
[ 9 ] CVE-2016-9079
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd.=
cfm?cvename=3DCVE-2016-9079">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-20=
16-9079</a>

Availability
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

<a class=3D"moz-txt-link-freetext" href=3D"https://security.gentoo.org/g=
lsa/201701-35">https://security.gentoo.org/glsa/201701-35</a>

Concerns?
=3D=3D=3D=3D=3D=3D=3D=3D=3D

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
<a class=3D"moz-txt-link-abbreviated"
href=3D"mailto:security@gentoo.org"=
>security@gentoo.org</a> or alternatively, you may file a bug at
<a class=3D"moz-txt-link-freetext" href=3D"https://bugs.gentoo.org">https=
://bugs.gentoo.org</a>.

License
=3D=3D=3D=3D=3D=3D=3D

Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

<a class=3D"moz-txt-link-freetext" href=3D"http://creativecommons.org/lic=
enses/by-sa/2.5">http://creativecommons.org/licenses/by-sa/2.5</a></pre>
</body>
</html>

--------------4D3127F3C16A479D35903AA6--

--1Sv3wfvwEwiJU9cx0AiIJ7Qs50obcooPI--

--dVepU7Sj4bwF2HM8VpX46jnHgngqfa8rR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJYeOsbXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ1OTcyRDI4NDhFOEE0NDYwRTdERTY4QUM5
RjI4QkQ4QkQxRTM5NUZGAAoJEJ8ovYvR45X/vtwP/1xBkuvdqmiVFXosEj9caKOZ
WZlGznpxsD3Sobso6ErUOes5HnpS0wmovHCaqxgiqwxesK3tjkHfhYHWgl81DHUf
X61xJMLJhmmDxKbeRv3shU7vY/j3LJsMfIdCDw6D9K1/zRSJLis/sXA6DYzZqCGI
B1Cd9m5DOdoO3Jx67bbiBCwqsDA12+TBtOW/OpR97emDEBmpIpIRDUsccRJKe8yI
vvTqQwHUNuQJ0YJROthzm/PMrHGoEWtkt6/2xDNw+YKuInOyX+vsxfFq0C0N6HQ4
/CkpdNmttxVxS83asi7cQkKAvepJ6SilEs0wa+3yezYtEFKLl/YdM0v8pd83tZII
xXi4qeD6U+zkbtLFMQL2UmHIGv/yKSjglAfhtCSVljKdo54IF0BGcMVldfzW4yXu
u3QcKiZtPPyyWn0p5bzI5i+z+y6IgqRUCib1vVM3zQAXWeMBGIElRWhWMQaIDVlS
6ZoZ0+Y5tIQwnqM27LABAnyiOHsJRzB7vH1ClnNHPrCOU7LgUOunYc3Y200KOa4h
TJKQedoYKgdOSDd3xguS7UIkX+R5FOMAFK4dzdPHyEzIYOSBXrsJaHnGV6puDedi
9abt3n7PWYwlFjiaFi9Fd0MhyQvBDPI4VPnWOTXjtSft4xpTUrymczhRMuoTbLOU
m9RHq/whD6z/uwL7nklE
=mNZ/
-----END PGP SIGNATURE-----

--dVepU7Sj4bwF2HM8VpX46jnHgngqfa8rR--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung