Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

openSUSE Leap 42.1: 2015:2380-1 Important Xulrunner Update Fixes Issues

opensuse
Calendar Grey December 28, 2015
Scroller Opensuse
Important patch issued for xulrunner correcting several vulnerabilities. Detailed guidance for applying the update provided.
An update that fixes 7 vulnerabilities is now available

Description

Xulrunner was updated to 38.5.0 to fix several security issues.

The following vulnerabilities were fixed (boo#959277):

* CVE-2015-7201: Miscellaneous memory safety hazards

* CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after

being destroyed

* CVE-2015-7212: Integer overflow allocating extremely large textures

* CVE-2015-7205: Underflow through code inspection

* CVE-2015-7213: Integer overflow in MP4 playback in 64-bit versions

* CVE-2015-7222: Integer underflow and buffer overflow processing MP4

metadata in libstagefright

* CVE-2015-7214: Cross-site reading attack through data and view-source

URIs

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2015-966=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.1 (i586 x86_64):

xulrunner-38.5.0-7.1

xulrunner-debuginfo-38.5.0-7.1

xulrunner-debugsource-38.5.0-7.1

xulrunner-devel-38.5.0-7.1

- openSUSE Leap 42.1 (x86_64):

xulrunner-32bit-38.5.0-7.1

xulrunner-debuginfo-32bit-38.5.0-7.1

References

https://www.suse.com/security/cve/CVE-2015-7201.html

https://www.suse.com/security/cve/CVE-2015-7205.html

https://www.suse.com/security/cve/CVE-2015-7210.html

https://www.suse.com/security/cve/CVE-2015-7212.html

https://www.suse.com/security/cve/CVE-2015-7213.html

https://www.suse.com/security/cve/CVE-2015-7214.html

https://www.suse.com/security/cve/CVE-2015-7222.html

https://bugzilla.suse.com/show_bug.cgi?id=959277

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2015:2380-1
Rating: important
Affected Products: openSUSE Leap 42.1 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.