- Detalji os-a: LSU
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LSU
openSUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: openSUSE-SU-2015:1658-1
Rating: important
References: #947003
Cross-References: CVE-2015-4476 CVE-2015-4500 CVE-2015-4501
CVE-2015-4502 CVE-2015-4503 CVE-2015-4504
CVE-2015-4505 CVE-2015-4506 CVE-2015-4507
CVE-2015-4508 CVE-2015-4509 CVE-2015-4510
CVE-2015-4511 CVE-2015-4512 CVE-2015-4516
CVE-2015-4517 CVE-2015-4519 CVE-2015-4520
CVE-2015-4521 CVE-2015-4522 CVE-2015-7174
CVE-2015-7175 CVE-2015-7176 CVE-2015-7177
CVE-2015-7178 CVE-2015-7179 CVE-2015-7180
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________
An update that fixes 27 vulnerabilities is now available.
Description:
MozillaFirefox was updated to Firefox 41.0 (bnc#947003)
Security issues fixed:
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety
hazards
* MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in mozTCPSocket to
servers
* MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds read in QCMS
library with ICC V4 profile attributes
* MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) Site attribute
spoofing on Android by pasting URL with unknown scheme
* MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) Arbitrary file
manipulation by local user through Mozilla updater
* MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer overflow in libvpx
while parsing vp9 format video
* MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when using debugger with
SavedStacks in JavaScript
* MFSA 2015-103/CVE-2015-4508 (bmo#1195976) URL spoofing in reader mode
* MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free with shared
workers and IndexedDB
* MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer overflow while decoding
WebM video
* MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free while
manipulating HTML media content
* MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds read during 2D
canvas display on Linux 16-bit color depth systems
* MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted proxies can access
inner window
* MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript immutable property
enforcement can be bypassed
* MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and dropping images
exposes final URL after redirects
* MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) Errors in the
handling of CORS preflight request headers
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ CVE-2015-7180
Vulnerabilities found through code inspection
* MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, bmo#1190526)
(Windows only) Memory safety errors in libGLES in the ANGLE graphics
library
* MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) Information
disclosure via the High Resolution Time API
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– openSUSE 13.2:
zypper in -t patch openSUSE-2015-619=1
– openSUSE 13.1:
zypper in -t patch openSUSE-2015-619=1
To bring your system up-to-date, use “zypper patch”.
Package List:
– openSUSE 13.2 (i586 x86_64):
MozillaFirefox-41.0-44.1
MozillaFirefox-branding-upstream-41.0-44.1
MozillaFirefox-buildsymbols-41.0-44.1
MozillaFirefox-debuginfo-41.0-44.1
MozillaFirefox-debugsource-41.0-44.1
MozillaFirefox-devel-41.0-44.1
MozillaFirefox-translations-common-41.0-44.1
MozillaFirefox-translations-other-41.0-44.1
– openSUSE 13.1 (i586 x86_64):
MozillaFirefox-41.0-88.1
MozillaFirefox-branding-upstream-41.0-88.1
MozillaFirefox-buildsymbols-41.0-88.1
MozillaFirefox-debuginfo-41.0-88.1
MozillaFirefox-debugsource-41.0-88.1
MozillaFirefox-devel-41.0-88.1
MozillaFirefox-translations-common-41.0-88.1
MozillaFirefox-translations-other-41.0-88.1
References:
https://www.suse.com/security/cve/CVE-2015-4476.html
https://www.suse.com/security/cve/CVE-2015-4500.html
https://www.suse.com/security/cve/CVE-2015-4501.html
https://www.suse.com/security/cve/CVE-2015-4502.html
https://www.suse.com/security/cve/CVE-2015-4503.html
https://www.suse.com/security/cve/CVE-2015-4504.html
https://www.suse.com/security/cve/CVE-2015-4505.html
https://www.suse.com/security/cve/CVE-2015-4506.html
https://www.suse.com/security/cve/CVE-2015-4507.html
https://www.suse.com/security/cve/CVE-2015-4508.html
https://www.suse.com/security/cve/CVE-2015-4509.html
https://www.suse.com/security/cve/CVE-2015-4510.html
https://www.suse.com/security/cve/CVE-2015-4511.html
https://www.suse.com/security/cve/CVE-2015-4512.html
https://www.suse.com/security/cve/CVE-2015-4516.html
https://www.suse.com/security/cve/CVE-2015-4517.html
https://www.suse.com/security/cve/CVE-2015-4519.html
https://www.suse.com/security/cve/CVE-2015-4520.html
https://www.suse.com/security/cve/CVE-2015-4521.html
https://www.suse.com/security/cve/CVE-2015-4522.html
https://www.suse.com/security/cve/CVE-2015-7174.html
https://www.suse.com/security/cve/CVE-2015-7175.html
https://www.suse.com/security/cve/CVE-2015-7176.html
https://www.suse.com/security/cve/CVE-2015-7177.html
https://www.suse.com/security/cve/CVE-2015-7178.html
https://www.suse.com/security/cve/CVE-2015-7179.html
https://www.suse.com/security/cve/CVE-2015-7180.html
https://bugzilla.suse.com/947003
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
7e
| Autor | Tomislav Protega |
| Cert id | NCERT-REF-2015-10-0007-ADV |
| Cve | CVE-2010-2883 CVE-2010-2884 CVE-2010-2887 CVE-2010-2888 |
| ID izvornika | openSUSE-SU-2015:1658-1 |
| Proizvod | Security update for MozillaFirefox |
| Izvor | http://www.suse.com |
