Описание
Security update for MozillaFirefox, mozilla-nss
This update for MozillaFirefox, mozilla-nss fixes the following issues:
Security issue fixed in Mozilla Firefox 60.0.2 ESR:
- CVE-2018-6126: Heap buffer overflow rasterizing paths in SVG with Skia (MFSA 2018-14, boo#1096449)
The following bugs were fixed:
- In KDE Open with option in download dialog has no effect with kmozillahelper (boo#1094747)
- Startup crashes on aarch64 (boo#1093059)
Mozilla Firefox now requires NSS 3.36.4 (boo#1096515). The following changes are included in NSS:
- Fix issues connecting to servers recently upgraded to TLS 1.3 (SSL_RX_MALFORMED_SERVER_HELLO error)
- Fix a rare bug with PKCS#12 files
- Apply additional harding (relro linker option)
Список пакетов
openSUSE Leap 42.3
MozillaFirefox-60.0.2-101.1
MozillaFirefox-branding-upstream-60.0.2-101.1
MozillaFirefox-buildsymbols-60.0.2-101.1
MozillaFirefox-devel-60.0.2-101.1
MozillaFirefox-translations-common-60.0.2-101.1
MozillaFirefox-translations-other-60.0.2-101.1
libfreebl3-3.36.4-50.1
libfreebl3-32bit-3.36.4-50.1
libsoftokn3-3.36.4-50.1
libsoftokn3-32bit-3.36.4-50.1
mozilla-nss-3.36.4-50.1
mozilla-nss-32bit-3.36.4-50.1
mozilla-nss-certs-3.36.4-50.1
mozilla-nss-certs-32bit-3.36.4-50.1
mozilla-nss-devel-3.36.4-50.1
mozilla-nss-sysinit-3.36.4-50.1
mozilla-nss-sysinit-32bit-3.36.4-50.1
mozilla-nss-tools-3.36.4-50.1
Ссылки
- E-Mail link for openSUSE-SU-2018:1616-1
- SUSE Security Ratings
Описание
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Затронутые продукты
openSUSE Leap 42.3:MozillaFirefox-60.0.2-101.1
openSUSE Leap 42.3:MozillaFirefox-branding-upstream-60.0.2-101.1
openSUSE Leap 42.3:MozillaFirefox-buildsymbols-60.0.2-101.1
openSUSE Leap 42.3:MozillaFirefox-devel-60.0.2-101.1
Ссылки
- CVE-2018-6126
- SUSE Bug 1095163
- SUSE Bug 1096449