openSUSE Security Update: Security update for seamonkey
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2022:0108-1
Rating:             important
References:         #1185055 #1188564 #1188565 #1191902 #1191904 
                    #1191905 #1191909 #1191910 #1191911 #1191913 
                    #1191914 #1192052 #1194198 #1194232 #1197518 
                    
Cross-References:   CVE-2021-2163 CVE-2021-2341 CVE-2021-2369
                    CVE-2021-35556 CVE-2021-35559 CVE-2021-35560
                    CVE-2021-35564 CVE-2021-35565 CVE-2021-35578
                    CVE-2021-35586 CVE-2021-35588 CVE-2021-41035
                   
CVSS scores:
                    CVE-2021-2163 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
                    CVE-2021-2163 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
                    CVE-2021-2341 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
                    CVE-2021-2341 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
                    CVE-2021-2369 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
                    CVE-2021-2369 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
                    CVE-2021-35556 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35556 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35559 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35560 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2021-35560 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2021-35564 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-35564 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-35565 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35565 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35578 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35578 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35586 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35586 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35588 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2021-35588 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2021-41035 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    openSUSE Leap 15.3
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has three
   fixes is now available.

Description:


   SeaMonkey was updated to 2.53.11.1:

   Update to SeaMonkey 2.53.11.1

   * Fix edge case when setting IntersectionObserver threshold bug 1758291.
   * OAuth2 prefs should use realuserName instead of username bug 1518126.
   * SeaMonkey 2.53.11.1 uses the same backend as Firefox and contains the
     relevant Firefox 60.8 security fixes.
   * SeaMonkey 2.53.11.1 shares most parts of the mail and news code with
     Thunderbird. Please read the Thunderbird 60.8.0 release notes for
     specific security fixes in this release.
   * Additional important security fixes up to Current Firefox 91.7 and
     Thunderbird 91.7 ESR plus many enhancements have been backported. We
     will continue to enhance SeaMonkey security in subsequent 2.53.x beta
     and release versions as fast as we are able to.

   * Remove obsolete MOZ_EXTENSIONS check in suite
   * Add connect button to cZ Networks Editor
   * Remove freenode remnants from ChatZilla in SeaMonkey
   * Prefer secure over insecure protocol in network list in ChatZilla
   * Composer - Change tag textbox is not removed after use
   * Clean up repo links in debugQA
   * Fix misspelled references to macOS in suite
   * Remove obsolete references to Java and Flash
   * Help button not working in delete cert dialog
   * Rearrange Message Filter Dialog to make room for new features
   * Use Insert key as shortcut to create new message filters   * Rename some variables used in SeaMonkey's FilterListDialog to match
     Thunderbird's
   * Implement Copy to New message filter functionality
   * Add move to top / bottom buttons to message filters   * Add preference to not prompt for message filter deletion
   * Clean up folder handling in FilterListDialog
   * Add refresh function to Filter list dialog so that it can be updated
     when already open and new filters are added externally
   * Use listbox rather than tree in FilterListDialog
   * MsgFilterList(args) should take targetFilter and pass it to
     FilterListDialog
   * Mail&News' start.xhtml: "We" link broken
   * Add search functionality to filter dialog


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-2022-108=1 openSUSE-SLE-15.3-2022-108=1



Package List:

   - openSUSE Leap 15.3 (ppc64le s390x x86_64):

      java-1_8_0-ibm-1.8.0_sr7.0-3.53.1
      java-1_8_0-ibm-demo-1.8.0_sr7.0-3.53.1
      java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1
      java-1_8_0-ibm-src-1.8.0_sr7.0-3.53.1

   - openSUSE Leap 15.3 (i586 x86_64):

      seamonkey-2.53.11.1-lp153.17.5.1
      seamonkey-debuginfo-2.53.11.1-lp153.17.5.1
      seamonkey-debugsource-2.53.11.1-lp153.17.5.1
      seamonkey-dom-inspector-2.53.11.1-lp153.17.5.1
      seamonkey-irc-2.53.11.1-lp153.17.5.1

   - openSUSE Leap 15.3 (x86_64):

      java-1_8_0-ibm-32bit-1.8.0_sr7.0-3.53.1
      java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1
      java-1_8_0-ibm-devel-32bit-1.8.0_sr7.0-3.53.1
      java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1


References:

   https://www.suse.com/security/cve/CVE-2021-2163.html
   https://www.suse.com/security/cve/CVE-2021-2341.html
   https://www.suse.com/security/cve/CVE-2021-2369.html
   https://www.suse.com/security/cve/CVE-2021-35556.html
   https://www.suse.com/security/cve/CVE-2021-35559.html
   https://www.suse.com/security/cve/CVE-2021-35560.html
   https://www.suse.com/security/cve/CVE-2021-35564.html
   https://www.suse.com/security/cve/CVE-2021-35565.html
   https://www.suse.com/security/cve/CVE-2021-35578.html
   https://www.suse.com/security/cve/CVE-2021-35586.html
   https://www.suse.com/security/cve/CVE-2021-35588.html
   https://www.suse.com/security/cve/CVE-2021-41035.html
   https://bugzilla.suse.com/1185055
   https://bugzilla.suse.com/1188564
   https://bugzilla.suse.com/1188565
   https://bugzilla.suse.com/1191902
   https://bugzilla.suse.com/1191904
   https://bugzilla.suse.com/1191905
   https://bugzilla.suse.com/1191909
   https://bugzilla.suse.com/1191910
   https://bugzilla.suse.com/1191911
   https://bugzilla.suse.com/1191913
   https://bugzilla.suse.com/1191914
   https://bugzilla.suse.com/1192052
   https://bugzilla.suse.com/1194198
   https://bugzilla.suse.com/1194232
   https://bugzilla.suse.com/1197518

openSUSE: 2022:0108-1 important: seamonkey

April 8, 2022
An update that solves 12 vulnerabilities and has three fixes is now available

Description

SeaMonkey was updated to 2.53.11.1: Update to SeaMonkey 2.53.11.1 * Fix edge case when setting IntersectionObserver threshold bug 1758291. * OAuth2 prefs should use realuserName instead of username bug 1518126. * SeaMonkey 2.53.11.1 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.11.1 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 91.7 and Thunderbird 91.7 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. * Remove obsolete MOZ_EXTENSIONS check in suite * Add connect button to cZ Networks Editor * Remove freenode remnants from ChatZilla in SeaMonkey * Prefer secure over insecure protocol in network list in ChatZilla * Composer - Change tag textbox is not removed after use * Clean up repo links in debugQA * Fix misspelled references to macOS in suite * Remove obsolete references to Java and Flash * Help button not working in delete cert dialog * Rearrange Message Filter Dialog to make room for new features * Use Insert key as shortcut to create new message filters * Rename some variables used in SeaMonkey's FilterListDialog to match Thunderbird's * Implement Copy to New message filter functionality * Add move to top / bottom buttons to message filters * Add preference to not prompt for message filter deletion * Clean up folder handling in FilterListDialog * Add refresh function to Filter list dialog so that it can be updated when already open and new filters are added externally * Use listbox rather than tree in FilterListDialog * MsgFilterList(args) should take targetFilter and pass it to FilterListDialog * Mail&News' start.xhtml: "We" link broken * Add search functionality to filter dialog

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-2022-108=1 openSUSE-SLE-15.3-2022-108=1


Package List

- openSUSE Leap 15.3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-demo-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-src-1.8.0_sr7.0-3.53.1 - openSUSE Leap 15.3 (i586 x86_64): seamonkey-2.53.11.1-lp153.17.5.1 seamonkey-debuginfo-2.53.11.1-lp153.17.5.1 seamonkey-debugsource-2.53.11.1-lp153.17.5.1 seamonkey-dom-inspector-2.53.11.1-lp153.17.5.1 seamonkey-irc-2.53.11.1-lp153.17.5.1 - openSUSE Leap 15.3 (x86_64): java-1_8_0-ibm-32bit-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-32bit-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1


References

https://www.suse.com/security/cve/CVE-2021-2163.html https://www.suse.com/security/cve/CVE-2021-2341.html https://www.suse.com/security/cve/CVE-2021-2369.html https://www.suse.com/security/cve/CVE-2021-35556.html https://www.suse.com/security/cve/CVE-2021-35559.html https://www.suse.com/security/cve/CVE-2021-35560.html https://www.suse.com/security/cve/CVE-2021-35564.html https://www.suse.com/security/cve/CVE-2021-35565.html https://www.suse.com/security/cve/CVE-2021-35578.html https://www.suse.com/security/cve/CVE-2021-35586.html https://www.suse.com/security/cve/CVE-2021-35588.html https://www.suse.com/security/cve/CVE-2021-41035.html https://bugzilla.suse.com/1185055 https://bugzilla.suse.com/1188564 https://bugzilla.suse.com/1188565 https://bugzilla.suse.com/1191902 https://bugzilla.suse.com/1191904 https://bugzilla.suse.com/1191905 https://bugzilla.suse.com/1191909 https://bugzilla.suse.com/1191910 https://bugzilla.suse.com/1191911 https://bugzilla.suse.com/1191913 https://bugzilla.suse.com/1191914 https://bugzilla.suse.com/1192052 https://bugzilla.suse.com/1194198 https://bugzilla.suse.com/1194232 https://bugzilla.suse.com/1197518


Severity
Announcement ID: openSUSE-SU-2022:0108-1
Rating: important
Affected Products: openSUSE Leap 15.3 ble.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved