Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

openSUSE Leap: 2018:4112-1 Important: Firefox Buffer Overflow Fix

opensuse
Calendar Grey December 13, 2018
Dist Opensuse Esm H88
The latest patch for Mozilla Firefox tackles several vulnerabilities in openSUSE, enhancing both user security and overall efficiency.
An update that fixes 6 vulnerabilities is now available.

Description

This update to Mozilla Firefox 60.4.0 ESR fixes security issues and bugs.

Security issues fixed as part of the MFSA 2018-30 advisory (boo#1119105):

- CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library

with TextureStorage11

- CVE-2018-18492: Use-after-free with select element

- CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia

- CVE-2018-18494: Same-origin policy violation using location attribute

and performance.getEntries to steal cross-origin URLs

- CVE-2018-18498: Integer overflow when calculating buffer sizes for images

- CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR

60.4

The following changes are included:

- now requires NSS >= 3.36.6

- Updated list of currency codes to include Unidad Previsional (UYW)

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1544=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1544=1

Package List

- openSUSE Leap 42.3 (x86_64):

MozillaFirefox-60.4.0-125.1

MozillaFirefox-branding-upstream-60.4.0-125.1

MozillaFirefox-buildsymbols-60.4.0-125.1

MozillaFirefox-debuginfo-60.4.0-125.1

MozillaFirefox-debugsource-60.4.0-125.1

MozillaFirefox-devel-60.4.0-125.1

MozillaFirefox-translations-common-60.4.0-125.1

MozillaFirefox-translations-other-60.4.0-125.1

- openSUSE Leap 15.0 (x86_64):

MozillaFirefox-60.4.0-lp150.3.30.1

MozillaFirefox-branding-upstream-60.4.0-lp150.3.30.1

MozillaFirefox-buildsymbols-60.4.0-lp150.3.30.1

MozillaFirefox-debuginfo-60.4.0-lp150.3.30.1

MozillaFirefox-debugsource-60.4.0-lp150.3.30.1

MozillaFirefox-devel-60.4.0-lp150.3.30.1

MozillaFirefox-translations-common-60.4.0-lp150.3.30.1

MozillaFirefox-translations-other-60.4.0-lp150.3.30.1

References

https://www.suse.com/security/cve/CVE-2018-12405.html

https://www.suse.com/security/cve/CVE-2018-17466.html

https://www.suse.com/security/cve/CVE-2018-18492.html

https://www.suse.com/security/cve/CVE-2018-18493.html

https://www.suse.com/security/cve/CVE-2018-18494.html

https://www.suse.com/security/cve/CVE-2018-18498.html

https://bugzilla.suse.com/1119105

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:4112-1
Rating: important
Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here