SUSE-SU-2022:0778-1

Опубликовано: 09 мар. 2022

Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 91.6.1 ESR (bsc#1196809):

CVE-2022-26485: Use-after-free in XSLT parameter processing
CVE-2022-26486: Use-after-free in WebGPU IPC Framework

Список пакетов

Image SLES15-SAP-Azure-LI-BYOS-Production

MozillaFirefox-91.6.1-150.21.1

Image SLES15-SAP-Azure-VLI-BYOS-Production

MozillaFirefox-91.6.1-150.21.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

MozillaFirefox-91.6.1-150.21.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

MozillaFirefox-91.6.1-150.21.1

SUSE Enterprise Storage 6

MozillaFirefox-91.6.1-150.21.1

MozillaFirefox-devel-91.6.1-150.21.1

MozillaFirefox-translations-common-91.6.1-150.21.1

MozillaFirefox-translations-other-91.6.1-150.21.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

MozillaFirefox-91.6.1-150.21.1

MozillaFirefox-devel-91.6.1-150.21.1

MozillaFirefox-translations-common-91.6.1-150.21.1

MozillaFirefox-translations-other-91.6.1-150.21.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

MozillaFirefox-91.6.1-150.21.1

MozillaFirefox-devel-91.6.1-150.21.1

MozillaFirefox-translations-common-91.6.1-150.21.1

MozillaFirefox-translations-other-91.6.1-150.21.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

MozillaFirefox-91.6.1-150.21.1

MozillaFirefox-devel-91.6.1-150.21.1

MozillaFirefox-translations-common-91.6.1-150.21.1

MozillaFirefox-translations-other-91.6.1-150.21.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

MozillaFirefox-91.6.1-150.21.1

MozillaFirefox-devel-91.6.1-150.21.1

MozillaFirefox-translations-common-91.6.1-150.21.1

MozillaFirefox-translations-other-91.6.1-150.21.1

SUSE Linux Enterprise Server 15 SP1-BCL

MozillaFirefox-91.6.1-150.21.1

MozillaFirefox-devel-91.6.1-150.21.1

MozillaFirefox-translations-common-91.6.1-150.21.1

MozillaFirefox-translations-other-91.6.1-150.21.1

SUSE Linux Enterprise Server 15 SP1-LTSS

MozillaFirefox-91.6.1-150.21.1

MozillaFirefox-devel-91.6.1-150.21.1

MozillaFirefox-translations-common-91.6.1-150.21.1

MozillaFirefox-translations-other-91.6.1-150.21.1

SUSE Linux Enterprise Server 15-LTSS

MozillaFirefox-91.6.1-150.21.1

MozillaFirefox-devel-91.6.1-150.21.1

MozillaFirefox-translations-common-91.6.1-150.21.1

MozillaFirefox-translations-other-91.6.1-150.21.1

SUSE Linux Enterprise Server for SAP Applications 15

MozillaFirefox-91.6.1-150.21.1

MozillaFirefox-devel-91.6.1-150.21.1

MozillaFirefox-translations-common-91.6.1-150.21.1

MozillaFirefox-translations-other-91.6.1-150.21.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

MozillaFirefox-91.6.1-150.21.1

MozillaFirefox-devel-91.6.1-150.21.1

MozillaFirefox-translations-common-91.6.1-150.21.1

MozillaFirefox-translations-other-91.6.1-150.21.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20220778-1/
Link for SUSE-SU-2022:0778-1
https://lists.suse.com/pipermail/sle-security-updates/2022-March/010409.html
E-Mail link for SUSE-SU-2022:0778-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1196809
SUSE Bug 1196809
https://www.suse.com/security/cve/CVE-2022-26485/
SUSE CVE CVE-2022-26485 page
https://www.suse.com/security/cve/CVE-2022-26486/
SUSE CVE CVE-2022-26486 page

Описание

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.

Затронутые продукты

Image SLES15-SAP-Azure-LI-BYOS-Production:MozillaFirefox-91.6.1-150.21.1

Image SLES15-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-91.6.1-150.21.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:MozillaFirefox-91.6.1-150.21.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-91.6.1-150.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-26485.html
CVE-2022-26485
https://bugzilla.suse.com/1196809
SUSE Bug 1196809

Описание

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.

Затронутые продукты

Image SLES15-SAP-Azure-LI-BYOS-Production:MozillaFirefox-91.6.1-150.21.1

Image SLES15-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-91.6.1-150.21.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:MozillaFirefox-91.6.1-150.21.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-91.6.1-150.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-26486.html
CVE-2022-26486
https://bugzilla.suse.com/1196809
SUSE Bug 1196809

SUSE-SU-2022:0778-1

Описание

Список пакетов

Image SLES15-SAP-Azure-LI-BYOS-Production

Image SLES15-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

SUSE Enterprise Storage 6

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Server 15 SP1-BCL

SUSE Linux Enterprise Server 15 SP1-LTSS

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP Applications 15

SUSE Linux Enterprise Server for SAP Applications 15 SP1

Ссылки

Уязвимость: CVE-2022-26485

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-26486

Описание

Затронутые продукты

Ссылки