Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

openSUSE 11.4: 2014:0950-1 Important: Mozilla Memory Issues

opensuse
Calendar Grey July 30, 2014
Dist Opensuse Esm H88
A patch addressing several security flaws in Mozilla applications is now accessible for openSUSE 11.4, strengthening system protection.
An update that fixes 7 vulnerabilities is now available

Description

update to Firefox 24.7.0 and Thunderbird 24.7.0 including fixes for

* MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety

hazards

* MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with

FireOnStateChange event

* MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with

Cesium JavaScript library

* MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when

manipulating certificates in the trusted cache (solved with NSS 3.16.2

requirement)

* MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when

scaling high quality images

- require NSS 3.16.2

Topics%20covered

Topics Covered

security advisory software update important Mozilla memory safety openSUSE memory hazard

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch 2014-

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 11.4 (i586 x86_64):

MozillaFirefox-24.7.0-119.1

MozillaFirefox-branding-upstream-24.7.0-119.1

MozillaFirefox-buildsymbols-24.7.0-119.1

MozillaFirefox-debuginfo-24.7.0-119.1

MozillaFirefox-debugsource-24.7.0-119.1

MozillaFirefox-devel-24.7.0-119.1

MozillaFirefox-translations-common-24.7.0-119.1

MozillaFirefox-translations-other-24.7.0-119.1

MozillaThunderbird-24.7.0-101.1

MozillaThunderbird-buildsymbols-24.7.0-101.1

MozillaThunderbird-debuginfo-24.7.0-101.1

MozillaThunderbird-debugsource-24.7.0-101.1

MozillaThunderbird-devel-24.7.0-101.1

MozillaThunderbird-translations-common-24.7.0-101.1

MozillaThunderbird-translations-other-24.7.0-101.1

enigmail-1.7-2.1

enigmail-debuginfo-1.7-2.1

enigmail-debugsource-1.7-2.1

libfreebl3-3.16.3-86.1

libfreebl3-debuginfo-3.16.3-86.1

libsoftokn3-3.16.3-86.1

libsoftokn3-debuginfo-3.16.3-86.1

mozilla-nss-3.16.3-86.1

mozilla-nss-certs-3.16.3-86.1

mozilla-nss-certs-debuginfo-3.16.3-86.1

mozilla-nss-debuginfo-3.16.3-86.1

mozilla-nss-debugsource-3.16.3-86.1

mozilla-nss-devel-3....

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2014-1492.html

https://www.suse.com/security/cve/CVE-2014-1544.html

https://www.suse.com/security/cve/CVE-2014-1547.html

https://www.suse.com/security/cve/CVE-2014-1548.html

https://www.suse.com/security/cve/CVE-2014-1555.html

https://www.suse.com/security/cve/CVE-2014-1556.html

https://www.suse.com/security/cve/CVE-2014-1557.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2014:0950-1
Rating: important
Affected Products: openSUSE 11.4 .

Topics%20covered

Topics Covered

security advisory software update important Mozilla memory safety openSUSE memory hazard

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here