Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

openSUSE Leap 42.3: 2018:2330-1 Important: Seamonkey Security Fix

opensuse
Calendar Grey August 15, 2018
Dist Opensuse Esm H88
A significant patch is ready for Fedora Linux addressing 12 vulnerabilities in Firefox, improving both security measures and performance capabilities.
An update that fixes 9 vulnerabilities is now available.

Description

This update for seamonkey fixes the following issues:

Mozilla Seamonkey was updated to 2.49.4:

Now uses Gecko 52.9.1esr (boo#1098998).

Security issues fixed with MFSA 2018-16 (boo#1098998):

* CVE-2018-12359: Buffer overflow using computed size of canvas element

* CVE-2018-12360: Use-after-free when using focus()

* CVE-2018-12362: Integer overflow in SSSE3 scaler

* CVE-2018-5156: Media recorder segmentation fault when track type is

changed during capture

* CVE-2018-12363: Use-after-free when appending DOM nodes

* CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins

* CVE-2018-12365: Compromised IPC child process can list local filenames

* CVE-2018-12366: Invalid data handling during QCMS transformations

* CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1,

and Firefox ESR 52.9

Localizations finally included again (boo#1062195)

Updated summary and description to more accurately reflect...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory buffer overflow important seamonkey memory safety openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-867=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-867=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

seamonkey-2.49.4-13.3.2

seamonkey-debuginfo-2.49.4-13.3.2

seamonkey-debugsource-2.49.4-13.3.2

seamonkey-translations-common-2.49.4-13.3.2

seamonkey-translations-other-2.49.4-13.3.2

- openSUSE Leap 15.0 (x86_64):

seamonkey-2.49.4-lp150.2.3.2

seamonkey-debuginfo-2.49.4-lp150.2.3.2

seamonkey-debugsource-2.49.4-lp150.2.3.2

seamonkey-translations-common-2.49.4-lp150.2.3.2

seamonkey-translations-other-2.49.4-lp150.2.3.2

References

https://www.suse.com/security/cve/CVE-2018-12359.html

https://www.suse.com/security/cve/CVE-2018-12360.html

https://www.suse.com/security/cve/CVE-2018-12362.html

https://www.suse.com/security/cve/CVE-2018-12363.html

https://www.suse.com/security/cve/CVE-2018-12364.html

https://www.suse.com/security/cve/CVE-2018-12365.html

https://www.suse.com/security/cve/CVE-2018-12366.html

https://www.suse.com/security/cve/CVE-2018-5156.html

https://www.suse.com/security/cve/CVE-2018-5188.html

https://bugzilla.suse.com/1020631

https://bugzilla.suse.com/1062195

https://bugzilla.suse.com/1076907

https://bugzilla.suse.com/1077291

https://bugzilla.suse.com/1098998

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:2330-1
Rating: important
Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0

Topics%20covered

Topics Covered

security advisory buffer overflow important seamonkey memory safety openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here