openSUSE 11.4: openSUSE-SU-2013:1871-1 Important: Mozilla Patch
opensuse
December 13, 2013
An update that fixes 10 vulnerabilities is now available
Description
This patch contains
* mozilla-nss 3.15.3.1 which includes a certstore update
(1.95) to explicitely revoke AC DG Tresor SSL
intermediate CA which was misused.
* Firefox 24.2esr
* Thunderbird 24.2
* Seamonkey 2.23
These updates fix several security issues:
* CVE-2013-5611 Mozilla: Application Installation
doorhanger persists on navigation (MFSA 2013-105)
* CVE-2013-5609 Mozilla: Miscellaneous memory safety
hazards (rv:24.2) (MFSA 2013-104)
* CVE-2013-5610 Mozilla: Miscellaneous memory safety
hazards (rv:26.0) (MFSA 2013-104)
* CVE-2013-5612 Mozilla: Character encoding cross-origin
XSS attack (MFSA 2013-106)
* CVE-2013-5614 Mozilla: Sandbox restrictions not applied
to nested object elements (MFSA 2013-107)
* CVE-2013-5616 Mozilla: Use-after-free in event listeners (MFSA 2013-108)
* CVE-2013-5619 Mozilla: Potential overflow in JavaScript
binary search algorithms (MFSA 2013-110)
* CVE-2013-6671 Mozilla: Segmentation...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch 2013-170
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 11.4 (i586 x86_64):
MozillaFirefox-24.2.0-95.2
MozillaFirefox-branding-upstream-24.2.0-95.2
MozillaFirefox-buildsymbols-24.2.0-95.2
MozillaFirefox-debuginfo-24.2.0-95.2
MozillaFirefox-debugsource-24.2.0-95.2
MozillaFirefox-devel-24.2.0-95.2
MozillaFirefox-translations-common-24.2.0-95.2
MozillaFirefox-translations-other-24.2.0-95.2
MozillaThunderbird-24.2.0-81.2
MozillaThunderbird-buildsymbols-24.2.0-81.2
MozillaThunderbird-debuginfo-24.2.0-81.2
MozillaThunderbird-debugsource-24.2.0-81.2
MozillaThunderbird-devel-24.2.0-81.2
MozillaThunderbird-translations-common-24.2.0-81.2
MozillaThunderbird-translations-other-24.2.0-81.2
enigmail-1.6.0+24.2.0-81.2
libfreebl3-3.15.3.1-74.1
libfreebl3-debuginfo-3.15.3.1-74.1
libsoftokn3-3.15.3.1-74.1
libsoftokn3-debuginfo-3.15.3.1-74.1
mozilla-nss-3.15.3.1-74.1
mozilla-nss-certs-3.15.3.1-74.1
mozilla-nss-certs-debuginfo-3.15.3.1-74.1
mozilla-nss-debuginfo-3.15.3.1-74.1
mozilla-nss-debugsource-3.15.3.1-74.1
mozilla-nss-devel-3.15.3.1-74.1
mozilla-nss-sysinit-3.15.3.1-7...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2013-5609.html
https://www.suse.com/security/cve/CVE-2013-5610.html
https://www.suse.com/security/cve/CVE-2013-5613.html
https://www.suse.com/security/cve/CVE-2013-5615.html
https://www.suse.com/security/cve/CVE-2013-5616.html
https://www.suse.com/security/cve/CVE-2013-5618.html
https://www.suse.com/security/cve/CVE-2013-6629.html
https://www.suse.com/security/cve/CVE-2013-6630.html
https://www.suse.com/security/cve/CVE-2013-6671.html
https://www.suse.com/security/cve/CVE-2013-6673.html
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2013:1871-1
Rating: important
Affected Products:
openSUSE 11.4
.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!