SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:2334-1
Rating:             important
References:         #959277 
Cross-References:   CVE-2015-7201 CVE-2015-7202 CVE-2015-7205
                    CVE-2015-7210 CVE-2015-7212 CVE-2015-7213
                    CVE-2015-7214 CVE-2015-7222
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Software Development Kit 11-SP3
                    SUSE Linux Enterprise Server for VMWare 11-SP3
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Server 11-SP3
                    SUSE Linux Enterprise Desktop 11-SP4
                    SUSE Linux Enterprise Desktop 11-SP3
                    SUSE Linux Enterprise Debuginfo 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

   An update that fixes 8 vulnerabilities is now available.

Description:


   MozillaFirefox was updated to version 38.5.0 esr to fix the following
   issues:

   Following security issues were fixed:
   * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety
     hazards (rv:43.0 / rv:38.5)
   * MFSA 2015-138/CVE-2015-7210 Use-after-free in WebRTC when datachannel is
     used after being destroyed
   * MFSA 2015-139/CVE-2015-7212 Integer overflow allocating extremely large
     textures
   * MFSA 2015-145/CVE-2015-7205 Underflow through code inspection
   * MFSA 2015-146/CVE-2015-7213 Integer overflow in MP4 playback in 64-bit
     versions
   * MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow
     processing MP4 metadata in libstagefright
   * MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and
     view-source URIs


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-MozillaFirefox-12276=1

   - SUSE Linux Enterprise Software Development Kit 11-SP3:

      zypper in -t patch sdksp3-MozillaFirefox-12276=1

   - SUSE Linux Enterprise Server for VMWare 11-SP3:

      zypper in -t patch slessp3-MozillaFirefox-12276=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-MozillaFirefox-12276=1

   - SUSE Linux Enterprise Server 11-SP3:

      zypper in -t patch slessp3-MozillaFirefox-12276=1

   - SUSE Linux Enterprise Desktop 11-SP4:

      zypper in -t patch sledsp4-MozillaFirefox-12276=1

   - SUSE Linux Enterprise Desktop 11-SP3:

      zypper in -t patch sledsp3-MozillaFirefox-12276=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-MozillaFirefox-12276=1

   - SUSE Linux Enterprise Debuginfo 11-SP3:

      zypper in -t patch dbgsp3-MozillaFirefox-12276=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      MozillaFirefox-devel-38.5.0esr-28.2

   - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64):

      MozillaFirefox-devel-38.5.0esr-28.2

   - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64):

      MozillaFirefox-38.5.0esr-28.2
      MozillaFirefox-translations-38.5.0esr-28.2

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      MozillaFirefox-38.5.0esr-28.2
      MozillaFirefox-translations-38.5.0esr-28.2

   - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64):

      MozillaFirefox-38.5.0esr-28.2
      MozillaFirefox-translations-38.5.0esr-28.2

   - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64):

      MozillaFirefox-38.5.0esr-28.2
      MozillaFirefox-translations-38.5.0esr-28.2

   - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64):

      MozillaFirefox-38.5.0esr-28.2
      MozillaFirefox-translations-38.5.0esr-28.2

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      MozillaFirefox-debuginfo-38.5.0esr-28.2
      MozillaFirefox-debugsource-38.5.0esr-28.2

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64):

      MozillaFirefox-debuginfo-38.5.0esr-28.2
      MozillaFirefox-debugsource-38.5.0esr-28.2


References:

   https://www.suse.com/security/cve/CVE-2015-7201.html
   https://www.suse.com/security/cve/CVE-2015-7202.html
   https://www.suse.com/security/cve/CVE-2015-7205.html
   https://www.suse.com/security/cve/CVE-2015-7210.html
   https://www.suse.com/security/cve/CVE-2015-7212.html
   https://www.suse.com/security/cve/CVE-2015-7213.html
   https://www.suse.com/security/cve/CVE-2015-7214.html
   https://www.suse.com/security/cve/CVE-2015-7222.html
   https://bugzilla.suse.com/959277

SuSE: 2015:2334-1: important: MozillaFirefox

December 21, 2015
An update that fixes 8 vulnerabilities is now available

Summary

MozillaFirefox was updated to version 38.5.0 esr to fix the following issues: Following security issues were fixed: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5) * MFSA 2015-138/CVE-2015-7210 Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 Integer overflow allocating extremely large textures * MFSA 2015-145/CVE-2015-7205 Underflow through code inspection * MFSA 2015-146/CVE-2015-7213 Integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and view-source URIs Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-12276=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-MozillaFirefox-12276=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-MozillaFirefox-12276=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-12276=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-MozillaFirefox-12276=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-MozillaFirefox-12276=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-MozillaFirefox-12276=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-12276=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-12276=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-38.5.0esr-28.2 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-38.5.0esr-28.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): MozillaFirefox-38.5.0esr-28.2 MozillaFirefox-translations-38.5.0esr-28.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-38.5.0esr-28.2 MozillaFirefox-translations-38.5.0esr-28.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-38.5.0esr-28.2 MozillaFirefox-translations-38.5.0esr-28.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): MozillaFirefox-38.5.0esr-28.2 MozillaFirefox-translations-38.5.0esr-28.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): MozillaFirefox-38.5.0esr-28.2 MozillaFirefox-translations-38.5.0esr-28.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-38.5.0esr-28.2 MozillaFirefox-debugsource-38.5.0esr-28.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-38.5.0esr-28.2 MozillaFirefox-debugsource-38.5.0esr-28.2

References

#959277

Cross- CVE-2015-7201 CVE-2015-7202 CVE-2015-7205

CVE-2015-7210 CVE-2015-7212 CVE-2015-7213

CVE-2015-7214 CVE-2015-7222

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Software Development Kit 11-SP3

SUSE Linux Enterprise Server for VMWare 11-SP3

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Server 11-SP3

SUSE Linux Enterprise Desktop 11-SP4

SUSE Linux Enterprise Desktop 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2015-7201.html

https://www.suse.com/security/cve/CVE-2015-7202.html

https://www.suse.com/security/cve/CVE-2015-7205.html

https://www.suse.com/security/cve/CVE-2015-7210.html

https://www.suse.com/security/cve/CVE-2015-7212.html

https://www.suse.com/security/cve/CVE-2015-7213.html

https://www.suse.com/security/cve/CVE-2015-7214.html

https://www.suse.com/security/cve/CVE-2015-7222.html

https://bugzilla.suse.com/959277

Severity
Announcement ID: SUSE-SU-2015:2334-1
Rating: important

Related News

Google Chrome 129: Addressing Crucial Vulnerabilities and Enhancing Security
2 - 4 min read
Google Chrome remains the crown jewel in the browser market, with an impressive user base of approximately 3.45 billion. However, this immense
Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved