Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 91 articles for you...
202

openSUSE: 2016:0310-1 important: xulrunner buffer overflow

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for xulrunner ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:0310-1 Rating: important References: #963632 #963635 Cross-References: CVE-2016-1930 CVE-2016-1935 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: XULRunner was updated to 38.6.0 to fix two security issues. The following vulnerabilities were fixed: * CVE-2016-1930: Miscellaneous memory safety hazards (boo#963632) * CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (boo#963635) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-127=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): xulrunner-38.6.0-10.2 xulrunner-debuginfo-38.6.0-10.2 xulrunner-debugsource-38.6.0-10.2 xulrunner-devel-38.6.0-10.2 - openSUSE Leap 42.1 (x86_64): xulrunner-32bit-38.6.0-10.2 xulrunner-debuginfo-32bit-38.6.0-10.2 References: https://www.suse.com/security/cve/CVE-2016-1930.html https://www.suse.com/security/cve/CVE-2016-1935.html https://bugzilla.suse.com/963632 https://bugzilla.suse.com/963635 . Critical security patch for Fedora resolved two vulnerabilities in webkitgtk, improving overall system integrity and resilience.. openSUSE Update,xulrunner Security,Patch Instructions,Threat Mitigation. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 02, 2016 Important OpenSUSE
202

openSUSE Leap 42.1: 2015:2380-1 Important Xulrunner Update Fixes Issues

An update that fixes 7 vulnerabilities is now available. An update that fixes 7 vulnerabilities is now available. An update that fixes 7 vulnerabilities is now available.. openSUSE Security Update: Security update for xulrunner ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:2380-1 Rating: important References: #959277 Cross-References: CVE-2015-7201 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: Xulrunner was updated to 38.5.0 to fix several security issues. The following vulnerabilities were fixed (boo#959277): * CVE-2015-7201: Miscellaneous memory safety hazards * CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after being destroyed * CVE-2015-7212: Integer overflow allocating extremely large textures * CVE-2015-7205: Underflow through code inspection * CVE-2015-7213: Integer overflow in MP4 playback in 64-bit versions * CVE-2015-7222: Integer underflow and buffer overflow processing MP4 metadata in libstagefright * CVE-2015-7214: Cross-site reading attack through data and view-source URIs Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2015-966=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): xulrunner-38.5.0-7.1 xulrunner-debuginfo-38.5.0-7.1 xulrunner-debugsource-38.5.0-7.1 xulrunner-devel-38.5.0-7.1 - openSUSE Leap 42.1 (x86_64): xulrunner-32bit-38.5.0-7.1 xulrunner-debuginfo-32bit-38.5.0-7.1 References: https://www.suse.com/security/cve/CVE-2015-7201.html https://www.suse.com/security/cve/CVE-2015-7205.html https://www.suse.com/security/cve/CVE-2015-7210.html https://www.suse.com/security/cve/CVE-2015-7212.html https://www.suse.com/security/cve/CVE-2015-7213.html https://www.suse.com/security/cve/CVE-2015-7214.html https://www.suse.com/security/cve/CVE-2015-7222.html https://bugzilla.suse.com/show_bug.cgi?id=959277 . Important patch issued for xulrunner correcting several vulnerabilities. Detailed guidance for applying the update provided.. openSUSE update,xulrunner patch,security flaws,openSUSE fixes. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 28, 2015 Important OpenSUSE
98

Red Hat: RHSA-2015-1982-01 Critical: Firefox Flaws Affecting RHEL

Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2015:1982-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:1982.html Issue date: 2015-11-04 CVE Names: CVE-2015-4513 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 ==================================================================== 1. Summary: Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat EnterpriseLinux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4513, CVE-2015-7189, CVE-2015-7194, CVE-2015-7196, CVE-2015-7198, CVE-2015-7197) A same-origin policy bypass flaw was found in the way Firefox handled certain cross-origin resource sharing (CORS) requests. A web page containing malicious content could cause Firefox to disclose sensitive information. (CVE-2015-7193) A same-origin policy bypass flaw was found in the way Firefox handled URLs containing IP addresses with white-space characters. This could lead to cross-site scripting attacks. (CVE-2015-7188) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, and Gary Kwong, Michał Bentkowski, Looben Yang, Shinto K Anto, Gustavo Grieco, Vytautas Staraitis, Ronald Crane, and Ehsan Akhgari as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.4.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1277332 - CVE-2015-4513 Mozilla: Miscellaneousmemory safety hazards (rv:38.4) (MFSA 2015-116) 1277343 - CVE-2015-7188 Mozilla: Trailing whitespace in IP address hostnames can bypass same-origin policy (MFSA 2015-122) 1277344 - CVE-2015-7189 Mozilla: Buffer overflow during image interactions in canvas (MFSA 2015-123) 1277346 - CVE-2015-7193 Mozilla: CORS preflight is bypassed when non-standard Content-Type headers are received (MFSA 2015-127) 1277347 - CVE-2015-7194 Mozilla: Memory corruption in libjar through zip files (MFSA 2015-128) 1277349 - CVE-2015-7196 Mozilla: JavaScript garbage collection crash with Java applet (MFSA 2015-130) 1277350 - CVE-2015-7198 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-131) 1277351 - CVE-2015-7197 Mozilla: Mixed content WebSocket policy bypass through workers (MFSA 2015-132) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: firefox-38.4.0-1.el5_11.src.rpm i386: firefox-38.4.0-1.el5_11.i386.rpm firefox-debuginfo-38.4.0-1.el5_11.i386.rpm x86_64: firefox-38.4.0-1.el5_11.i386.rpm firefox-38.4.0-1.el5_11.x86_64.rpm firefox-debuginfo-38.4.0-1.el5_11.i386.rpm firefox-debuginfo-38.4.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: firefox-38.4.0-1.el5_11.src.rpm i386: firefox-38.4.0-1.el5_11.i386.rpm firefox-debuginfo-38.4.0-1.el5_11.i386.rpm ppc: firefox-38.4.0-1.el5_11.ppc64.rpm firefox-debuginfo-38.4.0-1.el5_11.ppc64.rpm s390x: firefox-38.4.0-1.el5_11.s390.rpm firefox-38.4.0-1.el5_11.s390x.rpm firefox-debuginfo-38.4.0-1.el5_11.s390.rpm firefox-debuginfo-38.4.0-1.el5_11.s390x.rpm x86_64: firefox-38.4.0-1.el5_11.i386.rpm firefox-38.4.0-1.el5_11.x86_64.rpm firefox-debuginfo-38.4.0-1.el5_11.i386.rpm firefox-debuginfo-38.4.0-1.el5_11.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-38.4.0-1.el6_7.src.rpm i386: firefox-38.4.0-1.el6_7.i686.rpm firefox-debuginfo-38.4.0-1.el6_7.i686.rpm x86_64: firefox-38.4.0-1.el6_7.x86_64.rpm firefox-debuginfo-38.4.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v.6): x86_64: firefox-38.4.0-1.el6_7.i686.rpm firefox-debuginfo-38.4.0-1.el6_7.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-38.4.0-1.el6_7.src.rpm x86_64: firefox-38.4.0-1.el6_7.i686.rpm firefox-38.4.0-1.el6_7.x86_64.rpm firefox-debuginfo-38.4.0-1.el6_7.i686.rpm firefox-debuginfo-38.4.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-38.4.0-1.el6_7.src.rpm i386: firefox-38.4.0-1.el6_7.i686.rpm firefox-debuginfo-38.4.0-1.el6_7.i686.rpm ppc64: firefox-38.4.0-1.el6_7.ppc64.rpm firefox-debuginfo-38.4.0-1.el6_7.ppc64.rpm s390x: firefox-38.4.0-1.el6_7.s390x.rpm firefox-debuginfo-38.4.0-1.el6_7.s390x.rpm x86_64: firefox-38.4.0-1.el6_7.x86_64.rpm firefox-debuginfo-38.4.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): ppc64: firefox-38.4.0-1.el6_7.ppc.rpm firefox-debuginfo-38.4.0-1.el6_7.ppc.rpm s390x: firefox-38.4.0-1.el6_7.s390.rpm firefox-debuginfo-38.4.0-1.el6_7.s390.rpm x86_64: firefox-38.4.0-1.el6_7.i686.rpm firefox-debuginfo-38.4.0-1.el6_7.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-38.4.0-1.el6_7.src.rpm i386: firefox-38.4.0-1.el6_7.i686.rpm firefox-debuginfo-38.4.0-1.el6_7.i686.rpm x86_64: firefox-38.4.0-1.el6_7.x86_64.rpm firefox-debuginfo-38.4.0-1.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-38.4.0-1.el6_7.i686.rpm firefox-debuginfo-38.4.0-1.el6_7.i686.rpm Red Hat Enterprise Linux Client (v. 7): Source: firefox-38.4.0-1.el7_1.src.rpm x86_64: firefox-38.4.0-1.el7_1.x86_64.rpm firefox-debuginfo-38.4.0-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-38.4.0-1.el7_1.i686.rpm firefox-debuginfo-38.4.0-1.el7_1.i686.rpm Red Hat Enterprise Linux Server (v.7): Source: firefox-38.4.0-1.el7_1.src.rpm ppc64: firefox-38.4.0-1.el7_1.ppc64.rpm firefox-debuginfo-38.4.0-1.el7_1.ppc64.rpm s390x: firefox-38.4.0-1.el7_1.s390x.rpm firefox-debuginfo-38.4.0-1.el7_1.s390x.rpm x86_64: firefox-38.4.0-1.el7_1.x86_64.rpm firefox-debuginfo-38.4.0-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-38.4.0-1.ael7b_1.src.rpm ppc64le: firefox-38.4.0-1.ael7b_1.ppc64le.rpm firefox-debuginfo-38.4.0-1.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: firefox-38.4.0-1.el7_1.ppc.rpm firefox-debuginfo-38.4.0-1.el7_1.ppc.rpm s390x: firefox-38.4.0-1.el7_1.s390.rpm firefox-debuginfo-38.4.0-1.el7_1.s390.rpm x86_64: firefox-38.4.0-1.el7_1.i686.rpm firefox-debuginfo-38.4.0-1.el7_1.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-38.4.0-1.el7_1.src.rpm x86_64: firefox-38.4.0-1.el7_1.x86_64.rpm firefox-debuginfo-38.4.0-1.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-38.4.0-1.el7_1.i686.rpm firefox-debuginfo-38.4.0-1.el7_1.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4513 https://access.redhat.com/security/cve/CVE-2015-7188 https://access.redhat.com/security/cve/CVE-2015-7189 https://access.redhat.com/security/cve/CVE-2015-7193 https://access.redhat.com/security/cve/CVE-2015-7194 https://access.redhat.com/security/cve/CVE-2015-7196 https://access.redhat.com/security/cve/CVE-2015-7197 https://access.redhat.com/security/cve/CVE-2015-7198 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr38.4 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version:GnuPG v1 iD8DBQFWOgTPXlSAg2UNWIIRAqeSAKCeXJWyWZgjWtI46FDug6lvyhyzDgCgpFTs tlfkVW6M8aU1SMZ1LMVzu0w=IACp -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Important Firefox patch released for Red Hat Enterprise Linux addresses several vulnerabilities to bolster protection.. Firefox Update, Red Hat Security, Critical Alerts, Linux Security Update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Nov 04, 2015 Critical Red Hat
89

Fedora 20: FEDORA-2015-6621 Critical: Xulrunner Application Update

New upstream - 37.0.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-6621 2015-04-22 16:55:27 -------------------------------------------------------------------------------- Name : xulrunner Product : Fedora 20 Version : 37.0.2 Release : 1.fc20 URL : Summary : XUL Runtime for Gecko Applications Description : XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications that are as rich as Firefox and Thunderbird. It provides mechanisms for installing, upgrading, and uninstalling these applications. XULRunner also provides libxul, a solution which allows the embedding of Mozilla technologies in other projects and products. -------------------------------------------------------------------------------- Update Information: New upstream - 37.0.2 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 16 2015 Jan Horak - 37.0.2-1 - Update to 37.0.2 * Wed Apr 15 2015 Martin Stransky - 37.0.1-1 - Update to 37.0.1 * Mon Apr 6 2015 Tom Callaway - 33.0-3 - rebuild for libvpx 1.4.0 * Wed Oct 22 2014 Dan Horák - 33.0-2 - Fix filelist for secondary arches * Thu Oct 16 2014 Martin Stransky - 33.0-1 - Update to 33.0 * Sat Sep 20 2014 Peter Robinson 32.0.2-1 - Update to 32.0.2 - sync fixes to the same as firefox * Tue Sep 9 2014 Martin Stransky - 32.0-2 - move /sdk/bin to xulrunner libdir * Tue Aug 26 2014 Martin Stransky - 32.0-1 - Update to 32.0 build 1 * Mon Aug 18 2014 Fedora Release Engineering - 31.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Jul 25 2014 Martin Stransky - 31.0-1 - Update to 31.0 build 2 * Fri Jul 25 2014 Yaakov Selkowitz - 30.0-3 - Fix mozilla-config.h wrapper on aarch64 * Sun Jun 8 2014 Fedora Release Engineering - 30.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu Jun 5 2014 Martin Stransky - 30.0-1 - Update to 30.0build 1 - Disabled shared js * Fri May 23 2014 Martin Stransky - 29.0-5 - Added a build fix for ppc64 - rhbz#1100495 * Thu May 15 2014 Peter Robinson 29.0-4 - Update aarch64 bits * Thu May 15 2014 Peter Robinson 29.0-3 - Add upstream patches for aarch64 support * Mon Apr 28 2014 Martin Stransky - 29.0-2 - An updated ppc64le patch (rhbz#1091054) * Mon Apr 28 2014 Martin Stransky - 29.0-1 - Update to 29.0 * Tue Mar 18 2014 Martin Stransky - 28.0-1 - Update to 28.0 - Fixed arm patch * Mon Feb 3 2014 Martin Stransky - 27.0-1 - Update to 27.0 * Fri Dec 13 2013 Martin Stransky - 26.0-2 - rhbz#1037406 - xulrunner FTBFS if "-Werror=format-security" flag is used * Mon Dec 9 2013 Martin Stransky - 26.0-1 - Update to 26.0 Build 2 * Thu Nov 21 2013 Martin Stransky - 25.0-5 - Fixed rhbz#1007603 - NSS and cert9 (sql): firefox crash on exit with https-everywhere installed * Tue Nov 12 2013 Martin Stransky - 25.0-4 - rhbz#1010916 - enabled pluseaudio backend * Fri Nov 8 2013 Martin Stransky - 25.0-3 - Fixed rhbz#974718 - Segfault in FileBlockCache::Run when playing a movie on ppc -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update xulrunner' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . Fedora 20 has gained a crucial update for xulrunner, now at upstream version 37.0.2, enhancing performance and security for a robust user experience. Fedora Update,XulrunnerSecurity,Software Management. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 11, 2015 Critical Fedora
89

Fedora 21: Update FEDORA-2015-6615 for Xulrunner to Version 37.0.2

New upstream - 37.0.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-6615 2015-04-22 16:55:15 -------------------------------------------------------------------------------- Name : xulrunner Product : Fedora 21 Version : 37.0.2 Release : 1.fc21 URL : Summary : XUL Runtime for Gecko Applications Description : XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications that are as rich as Firefox and Thunderbird. It provides mechanisms for installing, upgrading, and uninstalling these applications. XULRunner also provides libxul, a solution which allows the embedding of Mozilla technologies in other projects and products. -------------------------------------------------------------------------------- Update Information: New upstream - 37.0.2 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 16 2015 Jan Horak - 37.0.2-1 - Update to 37.0.2 * Wed Apr 15 2015 Martin Stransky - 37.0.1-1 - Update to 37.0.1 * Mon Apr 6 2015 Tom Callaway - 33.0-3 - rebuild for libvpx 1.4.0 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update xulrunner' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . Fedora 21 xulrunner security patch (FEDORA-2015-6616) incorporates latest upstream release 38.0.1 featuring critical improvements..Fedora Update, xulrunner Security, Software Upgrade. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 28, 2015 Important Fedora
89

Fedora 22: 2015-04-22 Moderate Xulrunner Update Vulnerability Fix

Update to new upstream - 37.0.2 Bookmark rebuild - Bug 1210474. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-6629 2015-04-22 16:55:48 -------------------------------------------------------------------------------- Name : xulrunner Product : Fedora 22 Version : 37.0.2 Release : 1.fc22 URL : Summary : XUL Runtime for Gecko Applications Description : XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications that are as rich as Firefox and Thunderbird. It provides mechanisms for installing, upgrading, and uninstalling these applications. XULRunner also provides libxul, a solution which allows the embedding of Mozilla technologies in other projects and products. -------------------------------------------------------------------------------- Update Information: Update to new upstream - 37.0.2 Bookmark rebuild - Bug 1210474 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1210474 - Update fedora-bookmarks for Fedora 22 https://bugzilla.redhat.com/show_bug.cgi?id=1210474 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update xulrunner' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . Ubuntu 20.04 gecko update improves application compatibility with release 68.6.0, introducing a favorites regeneration forenhanced speed.. Fedora Updates, Xulrunner Security, Application Runtime, Software Management. . LinuxSecurity.com Team

Calendar%202 Apr 24, 2015 Fedora
87

Debian DSA-3050-2 Moderate: Iceweasel Xulrunner Package Update

DSA-3050-1 updated the Iceweasel browser to the new ESR31 series of Firefox. In that version the xulrunner library is no longer included. This followup update provides xulrunner 24.8.1esr-2~deb7u1 in a separate source package to ensure that packages build-depending on xulrunner . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3050-2 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff October 28, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586 DSA-3050-1 updated the Iceweasel browser to the new ESR31 series of Firefox. In that version the xulrunner library is no longer included. This followup update provides xulrunner 24.8.1esr-2~deb7u1 in a separate source package to ensure that packages build-depending on xulrunner remain buildable. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian's DSA-3065-1 upgrades libcurl to enhance interaction with various network protocols, aligning with recent security standards.. Debian Security, Iceweasel Update, Xulrunner Package. . LinuxSecurity.com Team

Calendar%202 Oct 28, 2014 Debian
202

openSUSE 12.3/12.2: 2013:1143-1 Important xulrunner Security Issues

An update that fixes 10 vulnerabilities is now available. An update that fixes 10 vulnerabilities is now available. An update that fixes 10 vulnerabilities is now available.. openSUSE Security Update: xulrunner: 17.0.7esr ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1143-1 Rating: important References: #825935 Cross-References: CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: Mozilla xulrunner was update to 17.0.7esr (bnc#825935) Security issues fixed: * MFSA 2013-49/CVE-2013-1682 Miscellaneous memory safety hazards * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) Privileged content access and execution via XBL * MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of unmapped memory through onreadystatechange event * MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the body of XHR HEAD requests leads to CSRF attacks * MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can lead to information disclosure * MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper has inconsistent behavior * MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers can be bypassed to run user defined methods in a privileged context Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-555 - openSUSE 12.2: zypper in -tpatch openSUSE-2013-555 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): mozilla-js-17.0.7-1.20.1 mozilla-js-debuginfo-17.0.7-1.20.1 xulrunner-17.0.7-1.20.1 xulrunner-buildsymbols-17.0.7-1.20.1 xulrunner-debuginfo-17.0.7-1.20.1 xulrunner-debugsource-17.0.7-1.20.1 xulrunner-devel-17.0.7-1.20.1 xulrunner-devel-debuginfo-17.0.7-1.20.1 - openSUSE 12.3 (x86_64): mozilla-js-32bit-17.0.7-1.20.1 mozilla-js-debuginfo-32bit-17.0.7-1.20.1 xulrunner-32bit-17.0.7-1.20.1 xulrunner-debuginfo-32bit-17.0.7-1.20.1 - openSUSE 12.2 (i586 x86_64): mozilla-js-17.0.7-2.46.1 mozilla-js-debuginfo-17.0.7-2.46.1 xulrunner-17.0.7-2.46.1 xulrunner-buildsymbols-17.0.7-2.46.1 xulrunner-debuginfo-17.0.7-2.46.1 xulrunner-debugsource-17.0.7-2.46.1 xulrunner-devel-17.0.7-2.46.1 xulrunner-devel-debuginfo-17.0.7-2.46.1 - openSUSE 12.2 (x86_64): mozilla-js-32bit-17.0.7-2.46.1 mozilla-js-debuginfo-32bit-17.0.7-2.46.1 xulrunner-32bit-17.0.7-2.46.1 xulrunner-debuginfo-32bit-17.0.7-2.46.1 References: https://www.suse.com/security/cve/CVE-2013-1682.html https://www.suse.com/security/cve/CVE-2013-1684.html https://www.suse.com/security/cve/CVE-2013-1685.html https://www.suse.com/security/cve/CVE-2013-1686.html https://www.suse.com/security/cve/CVE-2013-1687.html https://www.suse.com/security/cve/CVE-2013-1690.html https://www.suse.com/security/cve/CVE-2013-1692.html https://www.suse.com/security/cve/CVE-2013-1693.html https://www.suse.com/security/cve/CVE-2013-1694.html https://www.suse.com/security/cve/CVE-2013-1697.html https://login.microfocus.com/nidp/app/login?sid=0 . New update released for openSUSE: resolves 10 security vulnerabilities in xulrunner, enhancing system security and efficiency.. openSUSE Security,xulrunner Update,memory safety patch,CSRF mitigation. . Severity: Important.LinuxSecurity.com Team

Calendar%202 Jul 04, 2013 Important OpenSUSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200