SUSE-SU-2016:1374-1

Опубликовано: 20 мая 2016

Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update to MozillaFirefox 38.8.0 ESR fixes the following security issues (bsc#977333):

CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977374)
CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977376)
CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch() - MFSA 2016-47 (bsc#977386)
CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets - MFSA 2016-44 (bsc#977381)

Список пакетов

SUSE Linux Enterprise Server 11 SP3-LTSS

MozillaFirefox-38.8.0esr-40.5

MozillaFirefox-translations-38.8.0esr-40.5

libfreebl3-3.20.2-30.1

libfreebl3-32bit-3.20.2-30.1

libsoftokn3-3.20.2-30.1

libsoftokn3-32bit-3.20.2-30.1

mozilla-nspr-4.12-26.1

mozilla-nspr-32bit-4.12-26.1

mozilla-nss-3.20.2-30.1

mozilla-nss-32bit-3.20.2-30.1

mozilla-nss-tools-3.20.2-30.1

SUSE Linux Enterprise Server 11 SP3-TERADATA

MozillaFirefox-38.8.0esr-40.5

MozillaFirefox-translations-38.8.0esr-40.5

libfreebl3-3.20.2-30.1

libfreebl3-32bit-3.20.2-30.1

libsoftokn3-3.20.2-30.1

libsoftokn3-32bit-3.20.2-30.1

mozilla-nspr-4.12-26.1

mozilla-nspr-32bit-4.12-26.1

mozilla-nss-3.20.2-30.1

mozilla-nss-32bit-3.20.2-30.1

mozilla-nss-tools-3.20.2-30.1

SUSE Linux Enterprise Server 11 SP4

MozillaFirefox-38.8.0esr-40.5

MozillaFirefox-translations-38.8.0esr-40.5

libfreebl3-3.20.2-30.1

libfreebl3-32bit-3.20.2-30.1

libfreebl3-x86-3.20.2-30.1

libsoftokn3-3.20.2-30.1

libsoftokn3-32bit-3.20.2-30.1

libsoftokn3-x86-3.20.2-30.1

mozilla-nspr-4.12-26.1

mozilla-nspr-32bit-4.12-26.1

mozilla-nspr-x86-4.12-26.1

mozilla-nss-3.20.2-30.1

mozilla-nss-32bit-3.20.2-30.1

mozilla-nss-tools-3.20.2-30.1

mozilla-nss-x86-3.20.2-30.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4

MozillaFirefox-38.8.0esr-40.5

MozillaFirefox-translations-38.8.0esr-40.5

libfreebl3-3.20.2-30.1

libfreebl3-32bit-3.20.2-30.1

libfreebl3-x86-3.20.2-30.1

libsoftokn3-3.20.2-30.1

libsoftokn3-32bit-3.20.2-30.1

libsoftokn3-x86-3.20.2-30.1

mozilla-nspr-4.12-26.1

mozilla-nspr-32bit-4.12-26.1

mozilla-nspr-x86-4.12-26.1

mozilla-nss-3.20.2-30.1

mozilla-nss-32bit-3.20.2-30.1

mozilla-nss-tools-3.20.2-30.1

mozilla-nss-x86-3.20.2-30.1

SUSE Linux Enterprise Software Development Kit 11 SP4

MozillaFirefox-devel-38.8.0esr-40.5

mozilla-nspr-devel-4.12-26.1

mozilla-nss-devel-3.20.2-30.1

SUSE Manager 2.1

MozillaFirefox-38.8.0esr-40.5

MozillaFirefox-translations-38.8.0esr-40.5

libfreebl3-3.20.2-30.1

libfreebl3-32bit-3.20.2-30.1

libsoftokn3-3.20.2-30.1

libsoftokn3-32bit-3.20.2-30.1

mozilla-nspr-4.12-26.1

mozilla-nspr-32bit-4.12-26.1

mozilla-nss-3.20.2-30.1

mozilla-nss-32bit-3.20.2-30.1

mozilla-nss-tools-3.20.2-30.1

SUSE Manager Proxy 2.1

MozillaFirefox-38.8.0esr-40.5

MozillaFirefox-translations-38.8.0esr-40.5

libfreebl3-3.20.2-30.1

libfreebl3-32bit-3.20.2-30.1

libsoftokn3-3.20.2-30.1

libsoftokn3-32bit-3.20.2-30.1

mozilla-nspr-4.12-26.1

mozilla-nspr-32bit-4.12-26.1

mozilla-nss-3.20.2-30.1

mozilla-nss-32bit-3.20.2-30.1

mozilla-nss-tools-3.20.2-30.1

SUSE OpenStack Cloud 5

MozillaFirefox-38.8.0esr-40.5

MozillaFirefox-translations-38.8.0esr-40.5

libfreebl3-3.20.2-30.1

libfreebl3-32bit-3.20.2-30.1

libsoftokn3-3.20.2-30.1

libsoftokn3-32bit-3.20.2-30.1

mozilla-nspr-4.12-26.1

mozilla-nspr-32bit-4.12-26.1

mozilla-nss-3.20.2-30.1

mozilla-nss-32bit-3.20.2-30.1

mozilla-nss-tools-3.20.2-30.1

Ссылки

https://www.suse.com/support/update/announcement/2016/suse-su-20161374-1/
Link for SUSE-SU-2016:1374-1
https://lists.suse.com/pipermail/sle-security-updates/2016-May/002077.html
E-Mail link for SUSE-SU-2016:1374-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/977333
SUSE Bug 977333
https://bugzilla.suse.com/977374
SUSE Bug 977374
https://bugzilla.suse.com/977376
SUSE Bug 977376
https://bugzilla.suse.com/977381
SUSE Bug 977381
https://bugzilla.suse.com/977386
SUSE Bug 977386
https://www.suse.com/security/cve/CVE-2016-2805/
SUSE CVE CVE-2016-2805 page
https://www.suse.com/security/cve/CVE-2016-2807/
SUSE CVE CVE-2016-2807 page
https://www.suse.com/security/cve/CVE-2016-2808/
SUSE CVE CVE-2016-2808 page
https://www.suse.com/security/cve/CVE-2016-2814/
SUSE CVE CVE-2016-2814 page

Описание

Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-38.8.0esr-40.5

SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-translations-38.8.0esr-40.5

SUSE Linux Enterprise Server 11 SP3-LTSS:libfreebl3-3.20.2-30.1

SUSE Linux Enterprise Server 11 SP3-LTSS:libfreebl3-32bit-3.20.2-30.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-2805.html
CVE-2016-2805
https://bugzilla.suse.com/977333
SUSE Bug 977333
https://bugzilla.suse.com/977374
SUSE Bug 977374

Описание

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-38.8.0esr-40.5

SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-translations-38.8.0esr-40.5

SUSE Linux Enterprise Server 11 SP3-LTSS:libfreebl3-3.20.2-30.1

SUSE Linux Enterprise Server 11 SP3-LTSS:libfreebl3-32bit-3.20.2-30.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-2807.html
CVE-2016-2807
https://bugzilla.suse.com/977333
SUSE Bug 977333
https://bugzilla.suse.com/977376
SUSE Bug 977376

Описание

The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-38.8.0esr-40.5

SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-translations-38.8.0esr-40.5

SUSE Linux Enterprise Server 11 SP3-LTSS:libfreebl3-3.20.2-30.1

SUSE Linux Enterprise Server 11 SP3-LTSS:libfreebl3-32bit-3.20.2-30.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-2808.html
CVE-2016-2808
https://bugzilla.suse.com/977333
SUSE Bug 977333
https://bugzilla.suse.com/977386
SUSE Bug 977386

Описание

Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-38.8.0esr-40.5

SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-translations-38.8.0esr-40.5

SUSE Linux Enterprise Server 11 SP3-LTSS:libfreebl3-3.20.2-30.1

SUSE Linux Enterprise Server 11 SP3-LTSS:libfreebl3-32bit-3.20.2-30.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-2814.html
CVE-2016-2814
https://bugzilla.suse.com/977333
SUSE Bug 977333
https://bugzilla.suse.com/977381
SUSE Bug 977381

SUSE-SU-2016:1374-1

Описание

Список пакетов

SUSE Linux Enterprise Server 11 SP3-LTSS

SUSE Linux Enterprise Server 11 SP3-TERADATA

SUSE Linux Enterprise Server 11 SP4

SUSE Linux Enterprise Server for SAP Applications 11 SP4

SUSE Linux Enterprise Software Development Kit 11 SP4

SUSE Manager 2.1

SUSE Manager Proxy 2.1

SUSE OpenStack Cloud 5

Ссылки

Уязвимость: CVE-2016-2805

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-2807

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-2808

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-2814

Описание

Затронутые продукты

Ссылки