openSUSE 12.1: 2012:0924-1 Critical: Xulrunner Memory Safety Issues
opensuse
July 30, 2012
An update that fixes 18 vulnerabilities is now available
Description
Mozilla XULRunner was updated to 14.0.1, fixing bugs and
security issues:
Following security issues were fixed: MFSA 2012-42: Mozilla
developers identified and fixed several memory safety bugs
in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence
of memory corruption under certain circumstances, and we
presume that with enough effort at least some of these
could be exploited to run arbitrary code.
CVE-2012-1949: Brian Smith, Gary Kwong, Christian Holler,
Jesse Ruderman, Christoph Diehl, Chris Jones, Brad Lassey,
and Kyle Huey reported memory safety problems and crashes
that affect Firefox 13.
CVE-2012-1948: Benoit Jacob, Jesse Ruderman, Christian
Holler, and Bill McCloskey reported memory safety problems
and crashes that affect Firefox ESR 10 and Firefox 13.
MFSA 2012-43 / CVE-2012-1950: Security researcher Mario
Gomes andresearch firm Code Audit Labs reported a mechanism
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2012-465
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 12.1 (i586 x86_64):
mozilla-js-14.0.1-2.32.2
mozilla-js-debuginfo-14.0.1-2.32.2
xulrunner-14.0.1-2.32.2
xulrunner-buildsymbols-14.0.1-2.32.2
xulrunner-debuginfo-14.0.1-2.32.2
xulrunner-debugsource-14.0.1-2.32.2
xulrunner-devel-14.0.1-2.32.2
xulrunner-devel-debuginfo-14.0.1-2.32.2
- openSUSE 12.1 (x86_64):
mozilla-js-32bit-14.0.1-2.32.2
mozilla-js-debuginfo-32bit-14.0.1-2.32.2
xulrunner-32bit-14.0.1-2.32.2
xulrunner-debuginfo-32bit-14.0.1-2.32.2
- openSUSE 12.1 (ia64):
mozilla-js-debuginfo-x86-14.0.1-2.32.2
mozilla-js-x86-14.0.1-2.32.2
xulrunner-debuginfo-x86-14.0.1-2.32.2
xulrunner-x86-14.0.1-2.32.2
References
https://www.suse.com/security/cve/CVE-2012-1948.html
https://www.suse.com/security/cve/CVE-2012-1949.html
https://www.suse.com/security/cve/CVE-2012-1950.html
https://www.suse.com/security/cve/CVE-2012-1951.html
https://www.suse.com/security/cve/CVE-2012-1952.html
https://www.suse.com/security/cve/CVE-2012-1953.html
https://www.suse.com/security/cve/CVE-2012-1954.html
https://www.suse.com/security/cve/CVE-2012-1955.html
https://www.suse.com/security/cve/CVE-2012-1957.html
https://www.suse.com/security/cve/CVE-2012-1958.html
https://www.suse.com/security/cve/CVE-2012-1959.html
https://www.suse.com/security/cve/CVE-2012-1960.html
https://www.suse.com/security/cve/CVE-2012-1961.html
https://www.suse.com/security/cve/CVE-2012-1962.html
https://www.suse.com/security/cve/CVE-2012-1963.html
https://www.suse.com/security/cve/CVE-2012-1965.html
https://www.suse.com/security/cve/CVE-2012-1966.html
https://www.suse.com/security/cve/CVE-2012-1967.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2012:0924-1
Rating: critical
Affected Products:
openSUSE 12.1
.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!