openSUSE Security Update: Security update for seamonkey
______________________________________________________________________________
Announcement ID: openSUSE-SU-2015:0192-1
Rating: important
References: #910669
Cross-References: CVE-2014-8634 CVE-2014-8635 CVE-2014-8636
CVE-2014-8637 CVE-2014-8638 CVE-2014-8639
CVE-2014-8640 CVE-2014-8641 CVE-2014-8642
CVE-2014-8643
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________
An update that fixes 10 vulnerabilities is now available.
Description:
Mozilla seamonkey was updated to SeaMonkey 2.32 (bnc#910669)
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous memory safety
hazards
* MFSA 2015-02/CVE-2014-8637 (bmo#1094536) Uninitialized memory use
during bitmap rendering
* MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon requests lack an
Origin header
* MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie injection through
Proxy Authenticate responses
* MFSA 2015-05/CVE-2014-8640 (bmo#1100409) Read of uninitialized memory
in Web Audio
* MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free in WebRTC
* MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only) Gecko Media
Plugin sandbox escape
* MFSA 2015-08/CVE-2014-8642 (bmo#1079658) Delegated OCSP responder
certificates failure with id-pkix-ocsp-nocheck extension
* MFSA 2015-09/CVE-2014-8636 (bmo#987794) XrayWrapper bypass through DOM
objects
- use GStreamer 1.0 from 13.2 on
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2015-92
- openSUSE 13.1:
zypper in -t patch openSUSE-2015-92
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.2 (i586 x86_64):
seamonkey-2.32-8.2
seamonkey-debuginfo-2.32-8.2
seamonkey-debugsource-2.32-8.2
seamonkey-dom-inspector-2.32-8.2
seamonkey-irc-2.32-8.2
seamonkey-translations-common-2.32-8.2
seamonkey-translations-other-2.32-8.2
- openSUSE 13.1 (i586 x86_64):
seamonkey-2.32-44.2
seamonkey-debuginfo-2.32-44.2
seamonkey-debugsource-2.32-44.2
seamonkey-dom-inspector-2.32-44.2
seamonkey-irc-2.32-44.2
seamonkey-translations-common-2.32-44.2
seamonkey-translations-other-2.32-44.2
References:
https://support.novell.com/security/cve/CVE-2014-8634.html
https://support.novell.com/security/cve/CVE-2014-8635.html
https://support.novell.com/security/cve/CVE-2014-8636.html
https://support.novell.com/security/cve/CVE-2014-8637.html
https://support.novell.com/security/cve/CVE-2014-8638.html
https://support.novell.com/security/cve/CVE-2014-8639.html
https://support.novell.com/security/cve/CVE-2014-8640.html
https://support.novell.com/security/cve/CVE-2014-8641.html
https://support.novell.com/security/cve/CVE-2014-8642.html
https://support.novell.com/security/cve/CVE-2014-8643.html
https://bugzilla.suse.com/show_bug.cgi?id=910669
--
openSUSE: 2015:0192-1: important: seamonkey
February 2, 2015
An update that fixes 10 vulnerabilities is now available.
Description
Mozilla seamonkey was updated to SeaMonkey 2.32 (bnc#910669) * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous memory safety hazards * MFSA 2015-02/CVE-2014-8637 (bmo#1094536) Uninitialized memory use during bitmap rendering * MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon requests lack an Origin header * MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie injection through Proxy Authenticate responses * MFSA 2015-05/CVE-2014-8640 (bmo#1100409) Read of uninitialized memory in Web Audio * MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free in WebRTC * MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only) Gecko Media Plugin sandbox escape * MFSA 2015-08/CVE-2014-8642 (bmo#1079658) Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension * MFSA 2015-09/CVE-2014-8636 (bmo#987794) XrayWrapper bypass through DOM objects - use GStreamer 1.0 from 13.2 on
Patch
Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-92 - openSUSE 13.1: zypper in -t patch openSUSE-2015-92 To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 13.2 (i586 x86_64): seamonkey-2.32-8.2 seamonkey-debuginfo-2.32-8.2 seamonkey-debugsource-2.32-8.2 seamonkey-dom-inspector-2.32-8.2 seamonkey-irc-2.32-8.2 seamonkey-translations-common-2.32-8.2 seamonkey-translations-other-2.32-8.2 - openSUSE 13.1 (i586 x86_64): seamonkey-2.32-44.2 seamonkey-debuginfo-2.32-44.2 seamonkey-debugsource-2.32-44.2 seamonkey-dom-inspector-2.32-44.2 seamonkey-irc-2.32-44.2 seamonkey-translations-common-2.32-44.2 seamonkey-translations-other-2.32-44.2
References
https://support.novell.com/security/cve/CVE-2014-8634.html https://support.novell.com/security/cve/CVE-2014-8635.html https://support.novell.com/security/cve/CVE-2014-8636.html https://support.novell.com/security/cve/CVE-2014-8637.html https://support.novell.com/security/cve/CVE-2014-8638.html https://support.novell.com/security/cve/CVE-2014-8639.html https://support.novell.com/security/cve/CVE-2014-8640.html https://support.novell.com/security/cve/CVE-2014-8641.html https://support.novell.com/security/cve/CVE-2014-8642.html https://support.novell.com/security/cve/CVE-2014-8643.html https://bugzilla.suse.com/show_bug.cgi?id=910669--
Severity
Announcement ID: openSUSE-SU-2015:0192-1
Rating: important
Affected Products:
openSUSE 13.2
openSUSE 13.1
News
HOWTOs
About Us
Powered By
