Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in MozillaFirefox
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in MozillaFirefox
ID: SUSE-SU-2018:2298-1
Distribution: SUSE
Plattformen: SUSE Linux Enterprise Module for Desktop Applications 15
Datum: Fr, 10. August 2018, 23:41
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12359
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12362
Applikationen: Mozilla Firefox

Originalnachricht

   SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________

Announcement ID: SUSE-SU-2018:2298-1
Rating: important
References: #1092548 #1096449 #1098998
Cross-References: CVE-2018-12359 CVE-2018-12360 CVE-2018-12362
CVE-2018-12363 CVE-2018-12364 CVE-2018-12365
CVE-2018-12366 CVE-2018-12368 CVE-2018-5150
CVE-2018-5154 CVE-2018-5155 CVE-2018-5156
CVE-2018-5157 CVE-2018-5158 CVE-2018-5159
CVE-2018-5168 CVE-2018-5178 CVE-2018-5183
CVE-2018-5188 CVE-2018-6126
Affected Products:
SUSE Linux Enterprise Module for Desktop Applications 15
______________________________________________________________________________

An update that fixes 20 vulnerabilities is now available.

Description:

This update for MozillaFirefox to the 52.9 ESR release fixes the following
issues:

These security issues were fixed:

- Firefox ESR 52.9:
- CVE-2018-5188 Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1,
and Firefox ESR 52.9 (bsc#1098998).
- CVE-2018-12368 No warning when opening executable SettingContent-ms
files (bsc#1098998).
- CVE-2018-12366 Invalid data handling during QCMS transformations
(bsc#1098998).
- CVE-2018-12365 Compromised IPC child process can list local filenames
(bsc#1098998).
- CVE-2018-12364 CSRF attacks through 307 redirects and NPAPI plugins
(bsc#1098998).
- CVE-2018-12363 Use-after-free when appending DOM nodes (bsc#1098998).
- CVE-2018-12362 Integer overflow in SSSE3 scaler (bsc#1098998).
- CVE-2018-12360 Use-after-free when using focus() (bsc#1098998).
- CVE-2018-5156 Media recorder segmentation fault when track type is
changed during capture (bsc#1098998).
- CVE-2018-12359 Buffer overflow using computed size of canvas element
(bsc#1098998).

- Firefox ESR 52.8:
- CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG
with Skia (bsc#1096449).
- CVE-2018-5183: Backport critical security fixes in Skia (bsc#1092548).
- CVE-2018-5154: Use-after-free with SVG animations and clip paths
(bsc#1092548).
- CVE-2018-5155: Use-after-free with SVG animations and text paths
(bsc#1092548).
- CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF
files (bsc#1092548).
- CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer
(bsc#1092548).
- CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
(bsc#1092548).
- CVE-2018-5168: Lightweight themes can be installed without user
interaction (bsc#1092548).
- CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion
through legacy extension (bsc#1092548).
- CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR
52.8 (bsc#1092548).

These non-security issues were fixed:

- Various stability and regression fixes
- Performance improvements to the Safe Browsing service to avoid slowdowns
while updating site classification data


Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Module for Desktop Applications 15:

zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1536=1



Package List:

- SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le
s390x x86_64):

MozillaFirefox-52.9.0esr-3.7.12
MozillaFirefox-debuginfo-52.9.0esr-3.7.12
MozillaFirefox-debugsource-52.9.0esr-3.7.12
MozillaFirefox-translations-common-52.9.0esr-3.7.12
MozillaFirefox-translations-other-52.9.0esr-3.7.12

- SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le
x86_64):

MozillaFirefox-devel-52.9.0esr-3.7.12


References:

https://www.suse.com/security/cve/CVE-2018-12359.html
https://www.suse.com/security/cve/CVE-2018-12360.html
https://www.suse.com/security/cve/CVE-2018-12362.html
https://www.suse.com/security/cve/CVE-2018-12363.html
https://www.suse.com/security/cve/CVE-2018-12364.html
https://www.suse.com/security/cve/CVE-2018-12365.html
https://www.suse.com/security/cve/CVE-2018-12366.html
https://www.suse.com/security/cve/CVE-2018-12368.html
https://www.suse.com/security/cve/CVE-2018-5150.html
https://www.suse.com/security/cve/CVE-2018-5154.html
https://www.suse.com/security/cve/CVE-2018-5155.html
https://www.suse.com/security/cve/CVE-2018-5156.html
https://www.suse.com/security/cve/CVE-2018-5157.html
https://www.suse.com/security/cve/CVE-2018-5158.html
https://www.suse.com/security/cve/CVE-2018-5159.html
https://www.suse.com/security/cve/CVE-2018-5168.html
https://www.suse.com/security/cve/CVE-2018-5178.html
https://www.suse.com/security/cve/CVE-2018-5183.html
https://www.suse.com/security/cve/CVE-2018-5188.html
https://www.suse.com/security/cve/CVE-2018-6126.html
https://bugzilla.suse.com/1092548
https://bugzilla.suse.com/1096449
https://bugzilla.suse.com/1098998

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung