You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa Mozilla Firefox

Sigurnosni nedostaci programskog paketa Mozilla Firefox

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update for MozillaFirefox, mozilla-nss
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:1552-1
Rating: important
References: #980384 #981695 #983549 #983632 #983638 #983639
#983640 #983643 #983644 #983646 #983649 #983651
#983652 #983653 #983655
Cross-References: CVE-2016-2815 CVE-2016-2818 CVE-2016-2819
CVE-2016-2821 CVE-2016-2822 CVE-2016-2824
CVE-2016-2825 CVE-2016-2828 CVE-2016-2829
CVE-2016-2831 CVE-2016-2832 CVE-2016-2833
CVE-2016-2834
Affected Products:
openSUSE Leap 42.1
openSUSE 13.2
______________________________________________________________________________

An update that solves 13 vulnerabilities and has two fixes
is now available.

Description:

This update to Mozilla Firefox 47 fixes the following issues (boo#983549):

Security fixes:

– CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards
(boo#983638 MFSA 2016-49)
– CVE-2016-2819: Buffer overflow parsing HTML5 fragments (boo#983655 MFSA
2016-50)
– CVE-2016-2821: Use-after-free deleting tables from a contenteditable
document (boo#983653 MFSA 2016-51)
– CVE-2016-2822: Addressbar spoofing though the SELECT element (boo#983652
MFSA 2016-52)
– CVE-2016-2824: Out-of-bounds write with WebGL shader (boo#983651 MFSA
2016-53)
– CVE-2016-2825: Partial same-origin-policy through setting location.host
through data URI (boo#983649 MFSA 2016-54)
– CVE-2016-2828: Use-after-free when textures are used in WebGL operations
after recycle pool destruction (boo#983646 MFSA 2016-56)
– CVE-2016-2829: Incorrect icon displayed on permissions notifications
(boo#983644 MFSA 2016-57)
– CVE-2016-2831: Entering fullscreen and persistent pointerlock without
user permission (boo#983643 MFSA 2016-58)
– CVE-2016-2832: Information disclosure of disabled plugins through CSS
pseudo-classes (boo#983632 MFSA 2016-59)
– CVE-2016-2833: Java applets bypass CSP protections (boo#983640 MFSA
2016-60)

Mozilla NSS was updated to 3.23 to address the following vulnerabilities:

– CVE-2016-2834: Memory safety bugs (boo#983639 MFSA-2016-61)

The following non-security changes are included:

– Enable VP9 video codec for users with fast machines
– Embedded YouTube videos now play with HTML5 video if Flash is not
installed
– View and search open tabs from your smartphone or another computer in a
sidebar
– Allow no-cache on back/forward navigations for https resources

The following packaging changes are included:

– boo#981695: cleanup configure options, notably removing GStreamer
support which is gone from FF
– boo#980384: enable build with PIE and full relro on x86_64

The following new functionality is provided:

– ChaCha20/Poly1305 cipher and TLS cipher suites now supported
– The list of TLS extensions sent in the TLS handshake has been reordered
to increase compatibility of the Extended Master Secret with with servers

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-704=1

– openSUSE 13.2:

zypper in -t patch openSUSE-2016-704=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.1 (i586 x86_64):

MozillaFirefox-47.0-24.1
MozillaFirefox-branding-upstream-47.0-24.1
MozillaFirefox-buildsymbols-47.0-24.1
MozillaFirefox-debuginfo-47.0-24.1
MozillaFirefox-debugsource-47.0-24.1
MozillaFirefox-devel-47.0-24.1
MozillaFirefox-translations-common-47.0-24.1
MozillaFirefox-translations-other-47.0-24.1
libfreebl3-3.23-18.1
libfreebl3-debuginfo-3.23-18.1
libsoftokn3-3.23-18.1
libsoftokn3-debuginfo-3.23-18.1
mozilla-nss-3.23-18.1
mozilla-nss-certs-3.23-18.1
mozilla-nss-certs-debuginfo-3.23-18.1
mozilla-nss-debuginfo-3.23-18.1
mozilla-nss-debugsource-3.23-18.1
mozilla-nss-devel-3.23-18.1
mozilla-nss-sysinit-3.23-18.1
mozilla-nss-sysinit-debuginfo-3.23-18.1
mozilla-nss-tools-3.23-18.1
mozilla-nss-tools-debuginfo-3.23-18.1

– openSUSE Leap 42.1 (x86_64):

libfreebl3-32bit-3.23-18.1
libfreebl3-debuginfo-32bit-3.23-18.1
libsoftokn3-32bit-3.23-18.1
libsoftokn3-debuginfo-32bit-3.23-18.1
mozilla-nss-32bit-3.23-18.1
mozilla-nss-certs-32bit-3.23-18.1
mozilla-nss-certs-debuginfo-32bit-3.23-18.1
mozilla-nss-debuginfo-32bit-3.23-18.1
mozilla-nss-sysinit-32bit-3.23-18.1
mozilla-nss-sysinit-debuginfo-32bit-3.23-18.1

– openSUSE 13.2 (i586 x86_64):

MozillaFirefox-47.0-71.1
MozillaFirefox-branding-upstream-47.0-71.1
MozillaFirefox-buildsymbols-47.0-71.1
MozillaFirefox-debuginfo-47.0-71.1
MozillaFirefox-debugsource-47.0-71.1
MozillaFirefox-devel-47.0-71.1
MozillaFirefox-translations-common-47.0-71.1
MozillaFirefox-translations-other-47.0-71.1
libfreebl3-3.23-34.1
libfreebl3-debuginfo-3.23-34.1
libsoftokn3-3.23-34.1
libsoftokn3-debuginfo-3.23-34.1
mozilla-nss-3.23-34.1
mozilla-nss-certs-3.23-34.1
mozilla-nss-certs-debuginfo-3.23-34.1
mozilla-nss-debuginfo-3.23-34.1
mozilla-nss-debugsource-3.23-34.1
mozilla-nss-devel-3.23-34.1
mozilla-nss-sysinit-3.23-34.1
mozilla-nss-sysinit-debuginfo-3.23-34.1
mozilla-nss-tools-3.23-34.1
mozilla-nss-tools-debuginfo-3.23-34.1

– openSUSE 13.2 (x86_64):

libfreebl3-32bit-3.23-34.1
libfreebl3-debuginfo-32bit-3.23-34.1
libsoftokn3-32bit-3.23-34.1
libsoftokn3-debuginfo-32bit-3.23-34.1
mozilla-nss-32bit-3.23-34.1
mozilla-nss-certs-32bit-3.23-34.1
mozilla-nss-certs-debuginfo-32bit-3.23-34.1
mozilla-nss-debuginfo-32bit-3.23-34.1
mozilla-nss-sysinit-32bit-3.23-34.1
mozilla-nss-sysinit-debuginfo-32bit-3.23-34.1

References:

https://www.suse.com/security/cve/CVE-2016-2815.html
https://www.suse.com/security/cve/CVE-2016-2818.html
https://www.suse.com/security/cve/CVE-2016-2819.html
https://www.suse.com/security/cve/CVE-2016-2821.html
https://www.suse.com/security/cve/CVE-2016-2822.html
https://www.suse.com/security/cve/CVE-2016-2824.html
https://www.suse.com/security/cve/CVE-2016-2825.html
https://www.suse.com/security/cve/CVE-2016-2828.html
https://www.suse.com/security/cve/CVE-2016-2829.html
https://www.suse.com/security/cve/CVE-2016-2831.html
https://www.suse.com/security/cve/CVE-2016-2832.html
https://www.suse.com/security/cve/CVE-2016-2833.html
https://www.suse.com/security/cve/CVE-2016-2834.html
https://bugzilla.suse.com/980384
https://bugzilla.suse.com/981695
https://bugzilla.suse.com/983549
https://bugzilla.suse.com/983632
https://bugzilla.suse.com/983638
https://bugzilla.suse.com/983639
https://bugzilla.suse.com/983640
https://bugzilla.suse.com/983643
https://bugzilla.suse.com/983644
https://bugzilla.suse.com/983646
https://bugzilla.suse.com/983649
https://bugzilla.suse.com/983651
https://bugzilla.suse.com/983652
https://bugzilla.suse.com/983653
https://bugzilla.suse.com/983655


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE Security Update: Security update for MozillaFirefox, mozilla-nss
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:1557-1
Rating: important
References: #980384 #981695 #983549 #983632 #983638 #983639
#983640 #983643 #983644 #983646 #983649 #983651
#983652 #983653 #983655
Cross-References: CVE-2016-1950 CVE-2016-2815 CVE-2016-2818
CVE-2016-2819 CVE-2016-2821 CVE-2016-2822
CVE-2016-2824 CVE-2016-2825 CVE-2016-2828
CVE-2016-2829 CVE-2016-2831 CVE-2016-2832
CVE-2016-2833 CVE-2016-2834
Affected Products:
openSUSE 13.1
______________________________________________________________________________

An update that solves 14 vulnerabilities and has one errata
is now available.

Description:

This update to Mozilla Firefox 47 fixes the following issues (boo#983549):

Security fixes:

– CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards
(boo#983638 MFSA 2016-49)
– CVE-2016-2819: Buffer overflow parsing HTML5 fragments (boo#983655
MFSA 2016-50)
– CVE-2016-2821: Use-after-free deleting tables from a contenteditable
document (boo#983653 MFSA 2016-51)
– CVE-2016-2822: Addressbar spoofing though the SELECT element
(boo#983652 MFSA 2016-52)
– CVE-2016-2824: Out-of-bounds write with WebGL shader (boo#983651 MFSA
2016-53)
– CVE-2016-2825: Partial same-origin-policy through setting
location.host through data URI (boo#983649 MFSA 2016-54)
– CVE-2016-2828: Use-after-free when textures are used in WebGL
operations after recycle pool destruction (boo#983646 MFSA 2016-56)
– CVE-2016-2829: Incorrect icon displayed on permissions notifications
(boo#983644 MFSA 2016-57)
– CVE-2016-2831: Entering fullscreen and persistent pointerlock without
user permission (boo#983643 MFSA 2016-58)
– CVE-2016-2832: Information disclosure of disabled plugins through CSS
pseudo-classes (boo#983632 MFSA 2016-59)
– CVE-2016-2833: Java applets bypass CSP protections (boo#983640 MFSA
2016-60)

Mozilla NSS was updated to 3.23 to address the following vulnerabilities:

– CVE-2016-2834: Memory safety bugs (boo#983639 MFSA-2016-61)

The following non-security changes are included:

– Enable VP9 video codec for users with fast machines
– Embedded YouTube videos now play with HTML5 video if Flash is not
installed
– View and search open tabs from your smartphone or another computer in
a sidebar
– Allow no-cache on back/forward navigations for https resources

The following packaging changes are included:

– boo#981695: cleanup configure options, notably removing GStreamer
support which is gone from FF
– boo#980384: enable build with PIE and full relro on x86_64

The following new functionality is provided:

– ChaCha20/Poly1305 cipher and TLS cipher suites now supported
– The list of TLS extensions sent in the TLS handshake has been
reordered to increase compatibility of the Extended Master Secret
with with servers

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE 13.1:

zypper in -t patch 2016-714=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE 13.1 (i586 x86_64):

MozillaFirefox-47.0-116.1
MozillaFirefox-branding-upstream-47.0-116.1
MozillaFirefox-buildsymbols-47.0-116.1
MozillaFirefox-debuginfo-47.0-116.1
MozillaFirefox-debugsource-47.0-116.1
MozillaFirefox-devel-47.0-116.1
MozillaFirefox-translations-common-47.0-116.1
MozillaFirefox-translations-other-47.0-116.1
libfreebl3-3.23-80.1
libfreebl3-debuginfo-3.23-80.1
libsoftokn3-3.23-80.1
libsoftokn3-debuginfo-3.23-80.1
mozilla-nss-3.23-80.1
mozilla-nss-certs-3.23-80.1
mozilla-nss-certs-debuginfo-3.23-80.1
mozilla-nss-debuginfo-3.23-80.1
mozilla-nss-debugsource-3.23-80.1
mozilla-nss-devel-3.23-80.1
mozilla-nss-sysinit-3.23-80.1
mozilla-nss-sysinit-debuginfo-3.23-80.1
mozilla-nss-tools-3.23-80.1
mozilla-nss-tools-debuginfo-3.23-80.1

– openSUSE 13.1 (x86_64):

libfreebl3-32bit-3.23-80.1
libfreebl3-debuginfo-32bit-3.23-80.1
libsoftokn3-32bit-3.23-80.1
libsoftokn3-debuginfo-32bit-3.23-80.1
mozilla-nss-32bit-3.23-80.1
mozilla-nss-certs-32bit-3.23-80.1
mozilla-nss-certs-debuginfo-32bit-3.23-80.1
mozilla-nss-debuginfo-32bit-3.23-80.1
mozilla-nss-sysinit-32bit-3.23-80.1
mozilla-nss-sysinit-debuginfo-32bit-3.23-80.1

References:

https://www.suse.com/security/cve/CVE-2016-1950.html
https://www.suse.com/security/cve/CVE-2016-2815.html
https://www.suse.com/security/cve/CVE-2016-2818.html
https://www.suse.com/security/cve/CVE-2016-2819.html
https://www.suse.com/security/cve/CVE-2016-2821.html
https://www.suse.com/security/cve/CVE-2016-2822.html
https://www.suse.com/security/cve/CVE-2016-2824.html
https://www.suse.com/security/cve/CVE-2016-2825.html
https://www.suse.com/security/cve/CVE-2016-2828.html
https://www.suse.com/security/cve/CVE-2016-2829.html
https://www.suse.com/security/cve/CVE-2016-2831.html
https://www.suse.com/security/cve/CVE-2016-2832.html
https://www.suse.com/security/cve/CVE-2016-2833.html
https://www.suse.com/security/cve/CVE-2016-2834.html
https://bugzilla.suse.com/980384
https://bugzilla.suse.com/981695
https://bugzilla.suse.com/983549
https://bugzilla.suse.com/983632
https://bugzilla.suse.com/983638
https://bugzilla.suse.com/983639
https://bugzilla.suse.com/983640
https://bugzilla.suse.com/983643
https://bugzilla.suse.com/983644
https://bugzilla.suse.com/983646
https://bugzilla.suse.com/983649
https://bugzilla.suse.com/983651
https://bugzilla.suse.com/983652
https://bugzilla.suse.com/983653
https://bugzilla.suse.com/983655


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

AutorMarko Stanec
Cert idNCERT-REF-2016-06-0050-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa bind

Otkriveni su sigurnosni nedostaci u programskom paketu bind za operacijski sustav Suse. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanja...

Close