exploitDog

SUSE-SU-2023:3609-1

Опубликовано: 15 сент. 2023

Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 115.2.1 ESR (bsc#1215245).

CVE-2023-4863: Fixed heap buffer overflow in libwebp (MFSA 2023-40) (bsc#1215231).

The following non-security bug was fixed:

Fix i586 build by reducing debug info to -g1 (bsc#1210168).

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

MozillaFirefox-115.2.1-150000.150.103.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

MozillaFirefox-115.2.1-150000.150.103.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

MozillaFirefox-115.2.1-150000.150.103.1

MozillaFirefox-devel-115.2.1-150000.150.103.1

MozillaFirefox-translations-common-115.2.1-150000.150.103.1

MozillaFirefox-translations-other-115.2.1-150000.150.103.1

SUSE Linux Enterprise Server 15 SP1-LTSS

MozillaFirefox-115.2.1-150000.150.103.1

MozillaFirefox-devel-115.2.1-150000.150.103.1

MozillaFirefox-translations-common-115.2.1-150000.150.103.1

MozillaFirefox-translations-other-115.2.1-150000.150.103.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

MozillaFirefox-115.2.1-150000.150.103.1

MozillaFirefox-devel-115.2.1-150000.150.103.1

MozillaFirefox-translations-common-115.2.1-150000.150.103.1

MozillaFirefox-translations-other-115.2.1-150000.150.103.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20233609-1/
Link for SUSE-SU-2023:3609-1
https://lists.suse.com/pipermail/sle-security-updates/2023-September/016158.html
E-Mail link for SUSE-SU-2023:3609-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1210168
SUSE Bug 1210168
https://bugzilla.suse.com/1215231
SUSE Bug 1215231
https://bugzilla.suse.com/1215245
SUSE Bug 1215245
https://www.suse.com/security/cve/CVE-2023-4863/
SUSE CVE CVE-2023-4863 page

Описание

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Затронутые продукты

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:MozillaFirefox-115.2.1-150000.150.103.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-115.2.1-150000.150.103.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.2.1-150000.150.103.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.2.1-150000.150.103.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-4863.html
CVE-2023-4863
https://bugzilla.suse.com/1215231
SUSE Bug 1215231
https://bugzilla.suse.com/1217115
SUSE Bug 1217115
https://bugzilla.suse.com/1217117
SUSE Bug 1217117

Уязвимость SUSE-SU-2023:3609-1