openSUSE 13.2: 2015:0677-1 Important Firefox and Thunderbird Fixes
opensuse
April 8, 2015
An update that fixes 15 vulnerabilities is now available
Description
Mozilla Firefox and Thunderbird were updated to fix several important
vulnerabilities.
Mozilla Firefox was updated to 37.0.1. Mozilla Thunderbird was updated to
31.6.0. mozilla-nspr was updated to 4.10.8 as a dependency.
The following vulnerabilities were fixed in Mozilla Firefox:
* Miscellaneous memory safety hazards (MFSA
2015-30/CVE-2015-0814/CVE-2015-0815 boo#925392)
* Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA
2015-31/CVE-2015-0813 bmo#1106596 boo#925393)
* Add-on lightweight theme installation approval bypassed through MITM
attack (MFSA 2015-32/CVE-2015-0812 bmo#1128126 boo#925394)
* resource:// documents can load privileged pages (MFSA
2015-33/CVE-2015-0816 bmo#1144991 boo#925395)
* Out of bounds read in QCMS library (MFSA-2015-34/CVE-2015-0811
bmo#1132468 boo#925396)
* Incorrect memory management for simple-type arrays in WebRTC
(MFSA-2015-36/CVE-2015-0808 bmo#1109552 boo#925397)
* CORS...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2015-290=1
- openSUSE 13.1:
zypper in -t patch openSUSE-2015-290=1
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 13.2 (i586 x86_64):
MozillaFirefox-37.0.1-23.1
MozillaFirefox-branding-upstream-37.0.1-23.1
MozillaFirefox-buildsymbols-37.0.1-23.1
MozillaFirefox-debuginfo-37.0.1-23.1
MozillaFirefox-debugsource-37.0.1-23.1
MozillaFirefox-devel-37.0.1-23.1
MozillaFirefox-translations-common-37.0.1-23.1
MozillaFirefox-translations-other-37.0.1-23.1
MozillaThunderbird-31.6.0-15.3
MozillaThunderbird-buildsymbols-31.6.0-15.3
MozillaThunderbird-debuginfo-31.6.0-15.3
MozillaThunderbird-debugsource-31.6.0-15.3
MozillaThunderbird-devel-31.6.0-15.3
MozillaThunderbird-translations-common-31.6.0-15.3
MozillaThunderbird-translations-other-31.6.0-15.3
mozilla-nspr-4.10.8-6.1
mozilla-nspr-debuginfo-4.10.8-6.1
mozilla-nspr-debugsource-4.10.8-6.1
mozilla-nspr-devel-4.10.8-6.1
- openSUSE 13.2 (x86_64):
mozilla-nspr-32bit-4.10.8-6.1
mozilla-nspr-debuginfo-32bit-4.10.8-6.1
- openSUSE 13.1 (i586 x86_64):
MozillaFirefox-37.0.1-68.1
MozillaFirefox-branding-upstream-37.0.1-68.1
MozillaFirefox-buildsymbols-37.0.1-68.1
MozillaFirefox-debugin...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2015-0799.html
https://www.suse.com/security/cve/CVE-2015-0801.html
https://www.suse.com/security/cve/CVE-2015-0802.html
https://www.suse.com/security/cve/CVE-2015-0803.html
https://www.suse.com/security/cve/CVE-2015-0804.html
https://www.suse.com/security/cve/CVE-2015-0805.html
https://www.suse.com/security/cve/CVE-2015-0806.html
https://www.suse.com/security/cve/CVE-2015-0807.html
https://www.suse.com/security/cve/CVE-2015-0808.html
https://www.suse.com/security/cve/CVE-2015-0811.html
https://www.suse.com/security/cve/CVE-2015-0812.html
https://www.suse.com/security/cve/CVE-2015-0813.html
https://www.suse.com/security/cve/CVE-2015-0814.html
https://www.suse.com/security/cve/CVE-2015-0815.html
https://www.suse.com/security/cve/CVE-2015-0816.html
https://bugzilla.suse.com/show_bug.cgi?id=925368
https://bugzilla.suse.com/show_bug.cgi?id=925392
https://bugzilla.suse.com/show_bug.cgi?id=925393
https://bugzilla.suse.com/show_bug.cgi?id=925394
https://bugzilla.suse.com/sh...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2015:0677-1
Rating: important
Affected Products:
openSUSE 13.2
openSUSE 13.1
.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!