Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

openSUSE: 2018:2807-1 Critical: SeaMonkey Buffer Overflow Fixes

opensuse
Calendar Grey September 22, 2018
Dist Opensuse Esm H88
Essential patch for SeaMonkey addresses various vulnerabilities tied to memory management and risks of external threats. Immediate attention necessary.
An update that fixes 9 vulnerabilities is now available.

Description

This update for seamonkey fixes the following issues:

Mozilla Seamonkey was updated to 2.49.4:

Now uses Gecko 52.9.1esr (boo#1098998).

Security issues fixed with MFSA 2018-16 (boo#1098998):

* CVE-2018-12359: Buffer overflow using computed size of canvas element

* CVE-2018-12360: Use-after-free when using focus()

* CVE-2018-12362: Integer overflow in SSSE3 scaler

* CVE-2018-5156: Media recorder segmentation fault when track type is

changed during capture

* CVE-2018-12363: Use-after-free when appending DOM nodes

* CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins

* CVE-2018-12365: Compromised IPC child process can list local filenames

* CVE-2018-12366: Invalid data handling during QCMS transformations

* CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1,

and Firefox ESR 52.9

Localizations finally included again (boo#1062195)

Updated summary and description to more accurately reflect...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory critical issue security update buffer overflow patch management memory safety openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2018-873=1

Package List

- openSUSE Backports SLE-15 (aarch64 x86_64):

seamonkey-2.49.4-bp150.3.3.1

seamonkey-debuginfo-2.49.4-bp150.3.3.1

seamonkey-debugsource-2.49.4-bp150.3.3.1

seamonkey-translations-common-2.49.4-bp150.3.3.1

seamonkey-translations-other-2.49.4-bp150.3.3.1

References

https://www.suse.com/security/cve/CVE-2018-12359.html

https://www.suse.com/security/cve/CVE-2018-12360.html

https://www.suse.com/security/cve/CVE-2018-12362.html

https://www.suse.com/security/cve/CVE-2018-12363.html

https://www.suse.com/security/cve/CVE-2018-12364.html

https://www.suse.com/security/cve/CVE-2018-12365.html

https://www.suse.com/security/cve/CVE-2018-12366.html

https://www.suse.com/security/cve/CVE-2018-5156.html

https://www.suse.com/security/cve/CVE-2018-5188.html

https://bugzilla.suse.com/1020631

https://bugzilla.suse.com/1062195

https://bugzilla.suse.com/1076907

https://bugzilla.suse.com/1077291

https://bugzilla.suse.com/1098998

--

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:2807-1
Rating: important
Affected Products: openSUSE Backports SLE-15

Topics%20covered

Topics Covered

security advisory critical issue security update buffer overflow patch management memory safety openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here