Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: 2018:4235-1 Critical Update: MozillaFirefox Buffer Overflow Fixes

suse
Calendar Grey December 22, 2018
Dist Suse Esm H88
SUSE's critical patch resolves vulnerabilities in Google Chrome, libcurl, and openssl, improving system integrity.
An update that fixes 9 vulnerabilities is now available

Summary

This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105)

References

#1097410 #1106873 #1119069 #1119105

Cross- CVE-2018-0495 CVE-2018-12384 CVE-2018-12404

CVE-2018-12405 CVE-2018-17466 CVE-2018-18492

CVE-2018-18493 CVE-2018-18494 CVE-2018-18498

Affected Products:

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Desktop Applications 15

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2018-0495.html

https://www.suse.com/security/cve/CVE-2018-12384.html

https://www.suse.com/security/cve/CVE-2018-12404.html

https://www.suse.com/security/cve/CVE-2018-12405.html

https://www.suse.com/security/cve/CVE-2018-17466.html

https://www.suse.com/security/cve/CVE-2018-18492.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:4235-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here