SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:2335-1
Rating:             important
References:         #959277 
Cross-References:   CVE-2015-7201 CVE-2015-7202 CVE-2015-7205
                    CVE-2015-7210 CVE-2015-7212 CVE-2015-7213
                    CVE-2015-7214 CVE-2015-7222
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP1
                    SUSE Linux Enterprise Software Development Kit 12
                    SUSE Linux Enterprise Server 12-SP1
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Desktop 12-SP1
                    SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

   An update that fixes 8 vulnerabilities is now available.

Description:


   MozillaFirefox was updated to version 38.5.0 ESR to fix the following
   issues:

   * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety
     hazards (rv:43.0 / rv:38.5)
   * MFSA 2015-138/CVE-2015-7210 A use-after-free in WebRTC when datachannel
     is used after being destroyed
   * MFSA 2015-139/CVE-2015-7212 An integer overflow allocating extremely
     large textures
   * MFSA 2015-145/CVE-2015-7205 A underflow found through code inspection
   * MFSA 2015-146/CVE-2015-7213 A integer overflow in MP4 playback in 64-bit
     versions
   * MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow
     processing MP4 metadata in libstagefright
   * MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and
     view-source URIs


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP1:

      zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-1001=1

   - SUSE Linux Enterprise Software Development Kit 12:

      zypper in -t patch SUSE-SLE-SDK-12-2015-1001=1

   - SUSE Linux Enterprise Server 12-SP1:

      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-1001=1

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2015-1001=1

   - SUSE Linux Enterprise Desktop 12-SP1:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-1001=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-1001=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):

      MozillaFirefox-debuginfo-38.5.0esr-54.1
      MozillaFirefox-debugsource-38.5.0esr-54.1
      MozillaFirefox-devel-38.5.0esr-54.1

   - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):

      MozillaFirefox-debuginfo-38.5.0esr-54.1
      MozillaFirefox-debugsource-38.5.0esr-54.1
      MozillaFirefox-devel-38.5.0esr-54.1

   - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):

      MozillaFirefox-38.5.0esr-54.1
      MozillaFirefox-debuginfo-38.5.0esr-54.1
      MozillaFirefox-debugsource-38.5.0esr-54.1
      MozillaFirefox-translations-38.5.0esr-54.1

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

      MozillaFirefox-38.5.0esr-54.1
      MozillaFirefox-debuginfo-38.5.0esr-54.1
      MozillaFirefox-debugsource-38.5.0esr-54.1
      MozillaFirefox-translations-38.5.0esr-54.1

   - SUSE Linux Enterprise Desktop 12-SP1 (x86_64):

      MozillaFirefox-38.5.0esr-54.1
      MozillaFirefox-debuginfo-38.5.0esr-54.1
      MozillaFirefox-debugsource-38.5.0esr-54.1
      MozillaFirefox-translations-38.5.0esr-54.1

   - SUSE Linux Enterprise Desktop 12 (x86_64):

      MozillaFirefox-38.5.0esr-54.1
      MozillaFirefox-debuginfo-38.5.0esr-54.1
      MozillaFirefox-debugsource-38.5.0esr-54.1
      MozillaFirefox-translations-38.5.0esr-54.1


References:

   https://www.suse.com/security/cve/CVE-2015-7201.html
   https://www.suse.com/security/cve/CVE-2015-7202.html
   https://www.suse.com/security/cve/CVE-2015-7205.html
   https://www.suse.com/security/cve/CVE-2015-7210.html
   https://www.suse.com/security/cve/CVE-2015-7212.html
   https://www.suse.com/security/cve/CVE-2015-7213.html
   https://www.suse.com/security/cve/CVE-2015-7214.html
   https://www.suse.com/security/cve/CVE-2015-7222.html
   https://bugzilla.suse.com/959277

SuSE: 2015:2335-1: important: MozillaFirefox

December 21, 2015
An update that fixes 8 vulnerabilities is now available

Summary

MozillaFirefox was updated to version 38.5.0 ESR to fix the following issues: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5) * MFSA 2015-138/CVE-2015-7210 A use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 An integer overflow allocating extremely large textures * MFSA 2015-145/CVE-2015-7205 A underflow found through code inspection * MFSA 2015-146/CVE-2015-7213 A integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and view-source URIs Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-1001=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-1001=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-1001=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-1001=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-1001=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-1001=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-38.5.0esr-54.1 MozillaFirefox-debugsource-38.5.0esr-54.1 MozillaFirefox-devel-38.5.0esr-54.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-38.5.0esr-54.1 MozillaFirefox-debugsource-38.5.0esr-54.1 MozillaFirefox-devel-38.5.0esr-54.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-38.5.0esr-54.1 MozillaFirefox-debuginfo-38.5.0esr-54.1 MozillaFirefox-debugsource-38.5.0esr-54.1 MozillaFirefox-translations-38.5.0esr-54.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): MozillaFirefox-38.5.0esr-54.1 MozillaFirefox-debuginfo-38.5.0esr-54.1 MozillaFirefox-debugsource-38.5.0esr-54.1 MozillaFirefox-translations-38.5.0esr-54.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-38.5.0esr-54.1 MozillaFirefox-debuginfo-38.5.0esr-54.1 MozillaFirefox-debugsource-38.5.0esr-54.1 MozillaFirefox-translations-38.5.0esr-54.1 - SUSE Linux Enterprise Desktop 12 (x86_64): MozillaFirefox-38.5.0esr-54.1 MozillaFirefox-debuginfo-38.5.0esr-54.1 MozillaFirefox-debugsource-38.5.0esr-54.1 MozillaFirefox-translations-38.5.0esr-54.1

References

#959277

Cross- CVE-2015-7201 CVE-2015-7202 CVE-2015-7205

CVE-2015-7210 CVE-2015-7212 CVE-2015-7213

CVE-2015-7214 CVE-2015-7222

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP1

SUSE Linux Enterprise Software Development Kit 12

SUSE Linux Enterprise Server 12-SP1

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Desktop 12-SP1

SUSE Linux Enterprise Desktop 12

https://www.suse.com/security/cve/CVE-2015-7201.html

https://www.suse.com/security/cve/CVE-2015-7202.html

https://www.suse.com/security/cve/CVE-2015-7205.html

https://www.suse.com/security/cve/CVE-2015-7210.html

https://www.suse.com/security/cve/CVE-2015-7212.html

https://www.suse.com/security/cve/CVE-2015-7213.html

https://www.suse.com/security/cve/CVE-2015-7214.html

https://www.suse.com/security/cve/CVE-2015-7222.html

https://bugzilla.suse.com/959277

Severity
Announcement ID: SUSE-SU-2015:2335-1
Rating: important

Related News

Google Chrome 129: Addressing Crucial Vulnerabilities and Enhancing Security
2 - 4 min read
Google Chrome remains the crown jewel in the browser market, with an impressive user base of approximately 3.45 billion. However, this immense
Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved