Описание
Security update for MozillaFirefox, mozilla-nspr and mozilla-nss
This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues:
Issues fixed in MozillaFirefox:
- Update to Firefox ESR 60.4 (bsc#1119105)
- CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
- CVE-2018-18492: Fixed a use-after-free with select element
- CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia
- CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
- CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images
- CVE-2018-12405: Fixed a few memory safety bugs
Issues fixed in mozilla-nss:
- Update to NSS 3.40.1 (bsc#1119105)
- CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069)
- CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873)
- CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410)
- Fixed a decryption failure during FFDHE key exchange
- Various security fixes in the ASN.1 code
Issues fixed in mozilla-nspr:
- Update mozilla-nspr to 4.20 (bsc#1119105)
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
SUSE Linux Enterprise Module for Desktop Applications 15
Ссылки
- Link for SUSE-SU-2018:4235-1
- E-Mail link for SUSE-SU-2018:4235-1
- SUSE Security Ratings
- SUSE Bug 1097410
- SUSE Bug 1106873
- SUSE Bug 1119069
- SUSE Bug 1119105
- SUSE CVE CVE-2018-0495 page
- SUSE CVE CVE-2018-12384 page
- SUSE CVE CVE-2018-12404 page
- SUSE CVE CVE-2018-12405 page
- SUSE CVE CVE-2018-17466 page
- SUSE CVE CVE-2018-18492 page
- SUSE CVE CVE-2018-18493 page
- SUSE CVE CVE-2018-18494 page
- SUSE CVE CVE-2018-18498 page
Описание
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Затронутые продукты
Ссылки
- CVE-2018-0495
- SUSE Bug 1097410
- SUSE Bug 1121207
Описание
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.
Затронутые продукты
Ссылки
- CVE-2018-12384
- SUSE Bug 1106873
- SUSE Bug 1119105
- SUSE Bug 1121207
Описание
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.
Затронутые продукты
Ссылки
- CVE-2018-12404
- SUSE Bug 1119069
- SUSE Bug 1119105
- SUSE Bug 1121207
Описание
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
Затронутые продукты
Ссылки
- CVE-2018-12405
- SUSE Bug 1112111
- SUSE Bug 1119105
- SUSE Bug 1121207
Описание
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-17466
- SUSE Bug 1112111
- SUSE Bug 1119105
- SUSE Bug 1121207
Описание
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
Затронутые продукты
Ссылки
- CVE-2018-18492
- SUSE Bug 1112111
- SUSE Bug 1119105
- SUSE Bug 1121207
Описание
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
Затронутые продукты
Ссылки
- CVE-2018-18493
- SUSE Bug 1112111
- SUSE Bug 1119105
- SUSE Bug 1121207
Описание
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
Затронутые продукты
Ссылки
- CVE-2018-18494
- SUSE Bug 1112111
- SUSE Bug 1119105
- SUSE Bug 1121207
Описание
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
Затронутые продукты
Ссылки
- CVE-2018-18498
- SUSE Bug 1112111
- SUSE Bug 1119105
- SUSE Bug 1121207