openSUSE-SU-2016:2182-1

Опубликовано: 29 авг. 2016

Источник: suse-cvrf

Описание

Security update for MozillaFirefox, mozilla-nss

This update for MozillaFirefox, mozilla-nss fixes the following issues:

Changes in MozillaFirefox:

Mozilla Firefox 48.0.1:
- Fixed an audio regression impacting some major websites (bmo#1295296)
- Fix a top crash in the JavaScript engine (bmo#1290469)
- Fix a startup crash issue caused by Websense (bmo#1291738)
- Fix a different behavior with e10s / non-e10s on and mouse events (bmo#1291078) Fix a top crash caused by plugin issues (bmo#1264530) Fix a shutdown issue (bmo#1276920) Fix a crash in WebRTC added upstream patch so system plugins/extensions are correctly loaded again on x86-64 (bmo#1282843) CVE-2016-6354: Fix for possible buffer overrun (boo#990856) Changes in mozilla-nss: also sign libfreeblpriv3.so to allow FIPS mode again (boo#992236)

Список пакетов

openSUSE Leap 42.1

MozillaFirefox-48.0.1-30.6

MozillaFirefox-branding-upstream-48.0.1-30.6

MozillaFirefox-buildsymbols-48.0.1-30.6

MozillaFirefox-devel-48.0.1-30.6

MozillaFirefox-translations-common-48.0.1-30.6

MozillaFirefox-translations-other-48.0.1-30.6

libfreebl3-3.24-26.2

libfreebl3-32bit-3.24-26.2

libsoftokn3-3.24-26.2

libsoftokn3-32bit-3.24-26.2

mozilla-nss-3.24-26.2

mozilla-nss-32bit-3.24-26.2

mozilla-nss-certs-3.24-26.2

mozilla-nss-certs-32bit-3.24-26.2

mozilla-nss-devel-3.24-26.2

mozilla-nss-sysinit-3.24-26.2

mozilla-nss-sysinit-32bit-3.24-26.2

mozilla-nss-tools-3.24-26.2

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-08/msg00112.html
E-Mail link for openSUSE-SU-2016:2182-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.

Затронутые продукты

openSUSE Leap 42.1:MozillaFirefox-48.0.1-30.6

openSUSE Leap 42.1:MozillaFirefox-branding-upstream-48.0.1-30.6

openSUSE Leap 42.1:MozillaFirefox-buildsymbols-48.0.1-30.6

openSUSE Leap 42.1:MozillaFirefox-devel-48.0.1-30.6

Ссылки

https://www.suse.com/security/cve/CVE-2016-6354.html
CVE-2016-6354
https://bugzilla.suse.com/1026047
SUSE Bug 1026047
https://bugzilla.suse.com/1035082
SUSE Bug 1035082
https://bugzilla.suse.com/1035209
SUSE Bug 1035209
https://bugzilla.suse.com/990856
SUSE Bug 990856

openSUSE-SU-2016:2182-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2016-6354

Описание

Затронутые продукты

Ссылки