Alerts This Week
Warning Icon 1 905
Alerts This Week
Warning Icon 1 905

openSUSE Leap 42.x: 2017:2615-1 Important: Firefox and NSS Security Fixes

opensuse
Calendar Grey October 2, 2017
Dist Opensuse Esm H88
A new security upgrade for Firefox and NSS resolves critical issues, encouraging users to implement the recent patches without delay.
An update that fixes 8 vulnerabilities is now available

Description

This update to Mozilla Firefox 52.4esr, along with Mozilla NSS 3.28.6,

fixes security issues and bugs.

The following vulnerabilities advised upstream under MFSA 2017-22

(boo#1060445) were fixed:

- CVE-2017-7793: Use-after-free with Fetch API

- CVE-2017-7818: Use-after-free during ARIA array manipulation

- CVE-2017-7819: Use-after-free while resizing images in design mode

- CVE-2017-7824: Buffer overflow when drawing and validating elements with

ANGLE

- CVE-2017-7814: Blob and data URLs bypass phishing and malware protection

warnings

- CVE-2017-7823: CSP sandbox directive did not create a unique origin

- CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR

52.4

The following security issue was fixed in Mozilla NSS 3.28.6:

- CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes

(bsc#1061005)

The following bug was fixed:

- boo#1029917: language accept header use incorrect locale

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security issue patch important Firefox NSS openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1114=1

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1114=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.3 (i586 x86_64):

java-1_8_0-openjdk-1.8.0.144-15.2

java-1_8_0-openjdk-accessibility-1.8.0.144-15.2

java-1_8_0-openjdk-debuginfo-1.8.0.144-15.2

java-1_8_0-openjdk-debugsource-1.8.0.144-15.2

java-1_8_0-openjdk-demo-1.8.0.144-15.2

java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-15.2

java-1_8_0-openjdk-devel-1.8.0.144-15.2

java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-15.2

java-1_8_0-openjdk-headless-1.8.0.144-15.2

java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-15.2

java-1_8_0-openjdk-src-1.8.0.144-15.2

libfreebl3-3.28.6-44.1

libfreebl3-debuginfo-3.28.6-44.1

libsoftokn3-3.28.6-44.1

libsoftokn3-debuginfo-3.28.6-44.1

mozilla-nss-3.28.6-44.1

mozilla-nss-certs-3.28.6-44.1

mozilla-nss-certs-debuginfo-3.28.6-44.1

mozilla-nss-debuginfo-3.28.6-44.1

mozilla-nss-debugsource-3.28.6-44.1

mozilla-nss-devel-3.28.6-44.1

mozilla-nss-sysinit-3.28.6-44.1

mozilla-nss-sysinit-debuginfo-3.28.6-44.1

mozilla-nss-tools-3.28.6-44.1

mozilla-nss-tools-debuginfo-3.28.6-44.1

- openSUSE Leap 42.3 (noarch):

java-1_8_0-openjdk-javad...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2017-7793.html

https://www.suse.com/security/cve/CVE-2017-7805.html

https://www.suse.com/security/cve/CVE-2017-7810.html

https://www.suse.com/security/cve/CVE-2017-7814.html

https://www.suse.com/security/cve/CVE-2017-7818.html

https://www.suse.com/security/cve/CVE-2017-7819.html

https://www.suse.com/security/cve/CVE-2017-7823.html

https://www.suse.com/security/cve/CVE-2017-7824.html

https://bugzilla.suse.com/1060445

https://bugzilla.suse.com/1061005

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:2615-1
Rating: important
Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 .

Topics%20covered

Topics Covered

security advisory security issue patch important Firefox NSS openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here