Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

openSUSE 13.1 Security: 2016:0306-1 Important Firefox Memory Safety Fix

opensuse
Calendar Grey February 2, 2016
Dist Opensuse Esm H88
Important openSUSE upgrade for Mozilla Firefox targeting various vulnerabilities, such as memory integrity and buffer overflow risks.
An update that contains security fixes can now be installed

Description

This update fixes the following security related issues by updating

packages to a more recent version:

Update of NSPR to 4.11 Update of NSS to 3.21 Update of Firefox to 44.0

* MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 Miscellaneous memory safety

hazards

* MFSA 2016-02/CVE-2016-1933 (bmo#1231761) Out of Memory crash when

parsing GIF format images

* MFSA 2016-03/CVE-2016-1935 (bmo#1220450) Buffer overflow in WebGL

after out of memory allocation

* MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784)

Firefox allows for control characters to be set in cookie names

* MFSA 2016-06/CVE-2016-1937 (bmo#724353) Missing delay following user

click events in protocol handler dialog

* MFSA 2016-07/CVE-2016-1938 (bmo#1190248) Errors in mp_div and

mp_exptmod cryptographic functions in NSS (fixed by requiring NSS 3.21)

* MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590)

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory buffer overflow application security Mozilla memory safety openSUSE WebGL attack

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch 2016-131=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.1 (i586 x86_64):

MozillaFirefox-44.0-103.1

MozillaFirefox-branding-upstream-44.0-103.1

MozillaFirefox-buildsymbols-44.0-103.1

MozillaFirefox-debuginfo-44.0-103.1

MozillaFirefox-debugsource-44.0-103.1

MozillaFirefox-devel-44.0-103.1

MozillaFirefox-translations-common-44.0-103.1

MozillaFirefox-translations-other-44.0-103.1

libfreebl3-3.21-68.1

libfreebl3-debuginfo-3.21-68.1

libsoftokn3-3.21-68.1

libsoftokn3-debuginfo-3.21-68.1

mozilla-nspr-4.11-28.1

mozilla-nspr-debuginfo-4.11-28.1

mozilla-nspr-debugsource-4.11-28.1

mozilla-nspr-devel-4.11-28.1

mozilla-nss-3.21-68.1

mozilla-nss-certs-3.21-68.1

mozilla-nss-certs-debuginfo-3.21-68.1

mozilla-nss-debuginfo-3.21-68.1

mozilla-nss-debugsource-3.21-68.1

mozilla-nss-devel-3.21-68.1

mozilla-nss-sysinit-3.21-68.1

mozilla-nss-sysinit-debuginfo-3.21-68.1

mozilla-nss-tools-3.21-68.1

mozilla-nss-tools-debuginfo-3.21-68.1

- openSUSE 13.1 (x86_64):

libfreebl3-32bit-3.21-68.1

libfreebl3-debuginfo-32bit-3.21-68.1

libsoftokn3-32bit-3.21-68.1

libsoftokn3-debuginfo-32bit-3.21...

Read the Full Advisory

References

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2016:0306-1
Rating: important
Affected Products: openSUSE 13.1 .

Topics%20covered

Topics Covered

security advisory buffer overflow application security Mozilla memory safety openSUSE WebGL attack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here