Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Mozilla Firefox
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Mozilla Firefox
ID: openSUSE-SU-2015:1658-1
Distribution: SUSE
Plattformen: SUSE openSUSE 13.1, SUSE openSUSE 13.2
Datum: Do, 1. Oktober 2015, 12:21
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517
Applikationen: Mozilla Firefox

Originalnachricht

   openSUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:1658-1
Rating: important
References: #947003
Cross-References: CVE-2015-4476 CVE-2015-4500 CVE-2015-4501
CVE-2015-4502 CVE-2015-4503 CVE-2015-4504
CVE-2015-4505 CVE-2015-4506 CVE-2015-4507
CVE-2015-4508 CVE-2015-4509 CVE-2015-4510
CVE-2015-4511 CVE-2015-4512 CVE-2015-4516
CVE-2015-4517 CVE-2015-4519 CVE-2015-4520
CVE-2015-4521 CVE-2015-4522 CVE-2015-7174
CVE-2015-7175 CVE-2015-7176 CVE-2015-7177
CVE-2015-7178 CVE-2015-7179 CVE-2015-7180

Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________

An update that fixes 27 vulnerabilities is now available.

Description:

MozillaFirefox was updated to Firefox 41.0 (bnc#947003)

Security issues fixed:

* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety
hazards
* MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in mozTCPSocket to
servers
* MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds read in QCMS
library with ICC V4 profile attributes
* MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) Site attribute
spoofing on Android by pasting URL with unknown scheme
* MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) Arbitrary file
manipulation by local user through Mozilla updater
* MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer overflow in libvpx
while parsing vp9 format video
* MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when using debugger with
SavedStacks in JavaScript
* MFSA 2015-103/CVE-2015-4508 (bmo#1195976) URL spoofing in reader mode
* MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free with shared
workers and IndexedDB
* MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer overflow while decoding
WebM video
* MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free while
manipulating HTML media content
* MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds read during 2D
canvas display on Linux 16-bit color depth systems
* MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted proxies can access
inner window
* MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript immutable property
enforcement can be bypassed
* MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and dropping images
exposes final URL after redirects
* MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) Errors in the
handling of CORS preflight request headers
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ CVE-2015-7180
Vulnerabilities found through code inspection
* MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, bmo#1190526)
(Windows only) Memory safety errors in libGLES in the ANGLE graphics
library
* MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) Information
disclosure via the High Resolution Time API


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-619=1

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-619=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.2 (i586 x86_64):

MozillaFirefox-41.0-44.1
MozillaFirefox-branding-upstream-41.0-44.1
MozillaFirefox-buildsymbols-41.0-44.1
MozillaFirefox-debuginfo-41.0-44.1
MozillaFirefox-debugsource-41.0-44.1
MozillaFirefox-devel-41.0-44.1
MozillaFirefox-translations-common-41.0-44.1
MozillaFirefox-translations-other-41.0-44.1

- openSUSE 13.1 (i586 x86_64):

MozillaFirefox-41.0-88.1
MozillaFirefox-branding-upstream-41.0-88.1
MozillaFirefox-buildsymbols-41.0-88.1
MozillaFirefox-debuginfo-41.0-88.1
MozillaFirefox-debugsource-41.0-88.1
MozillaFirefox-devel-41.0-88.1
MozillaFirefox-translations-common-41.0-88.1
MozillaFirefox-translations-other-41.0-88.1


References:

https://www.suse.com/security/cve/CVE-2015-4476.html
https://www.suse.com/security/cve/CVE-2015-4500.html
https://www.suse.com/security/cve/CVE-2015-4501.html
https://www.suse.com/security/cve/CVE-2015-4502.html
https://www.suse.com/security/cve/CVE-2015-4503.html
https://www.suse.com/security/cve/CVE-2015-4504.html
https://www.suse.com/security/cve/CVE-2015-4505.html
https://www.suse.com/security/cve/CVE-2015-4506.html
https://www.suse.com/security/cve/CVE-2015-4507.html
https://www.suse.com/security/cve/CVE-2015-4508.html
https://www.suse.com/security/cve/CVE-2015-4509.html
https://www.suse.com/security/cve/CVE-2015-4510.html
https://www.suse.com/security/cve/CVE-2015-4511.html
https://www.suse.com/security/cve/CVE-2015-4512.html
https://www.suse.com/security/cve/CVE-2015-4516.html
https://www.suse.com/security/cve/CVE-2015-4517.html
https://www.suse.com/security/cve/CVE-2015-4519.html
https://www.suse.com/security/cve/CVE-2015-4520.html
https://www.suse.com/security/cve/CVE-2015-4521.html
https://www.suse.com/security/cve/CVE-2015-4522.html
https://www.suse.com/security/cve/CVE-2015-7174.html
https://www.suse.com/security/cve/CVE-2015-7175.html
https://www.suse.com/security/cve/CVE-2015-7176.html
https://www.suse.com/security/cve/CVE-2015-7177.html
https://www.suse.com/security/cve/CVE-2015-7178.html
https://www.suse.com/security/cve/CVE-2015-7179.html
https://www.suse.com/security/cve/CVE-2015-7180.html
https://bugzilla.suse.com/947003

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung