openSUSE-SU-2019:0202-1

Опубликовано: 18 фев. 2019

Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update for MozillaFirefox to version 60.5.1 fixes the following issues:

Security issues fixed (bsc#1125330):

CVE-2018-18356: Fixed a use-after-free vulnerability in Skia library.
CVE-2019-5785: Fixed an integer overflow in the Skia library.
CVE-2018-18335: Fixed a buffer overflow in Skia library with accelerated Canvas 2D by disabling Canvas 2D. This vulnerability does not affect Linux platform.

Список пакетов

openSUSE Leap 42.3

MozillaFirefox-60.5.1-131.1

MozillaFirefox-branding-upstream-60.5.1-131.1

MozillaFirefox-buildsymbols-60.5.1-131.1

MozillaFirefox-devel-60.5.1-131.1

MozillaFirefox-translations-common-60.5.1-131.1

MozillaFirefox-translations-other-60.5.1-131.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00039.html
E-Mail link for openSUSE-SU-2019:0202-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты

openSUSE Leap 42.3:MozillaFirefox-60.5.1-131.1

openSUSE Leap 42.3:MozillaFirefox-branding-upstream-60.5.1-131.1

openSUSE Leap 42.3:MozillaFirefox-buildsymbols-60.5.1-131.1

openSUSE Leap 42.3:MozillaFirefox-devel-60.5.1-131.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-18335.html
CVE-2018-18335
https://bugzilla.suse.com/1118529
SUSE Bug 1118529
https://bugzilla.suse.com/1125330
SUSE Bug 1125330

Описание

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты

openSUSE Leap 42.3:MozillaFirefox-60.5.1-131.1

openSUSE Leap 42.3:MozillaFirefox-branding-upstream-60.5.1-131.1

openSUSE Leap 42.3:MozillaFirefox-buildsymbols-60.5.1-131.1

openSUSE Leap 42.3:MozillaFirefox-devel-60.5.1-131.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-18356.html
CVE-2018-18356
https://bugzilla.suse.com/1118529
SUSE Bug 1118529
https://bugzilla.suse.com/1125330
SUSE Bug 1125330
https://bugzilla.suse.com/1125396
SUSE Bug 1125396

Описание

Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Затронутые продукты

openSUSE Leap 42.3:MozillaFirefox-60.5.1-131.1

openSUSE Leap 42.3:MozillaFirefox-branding-upstream-60.5.1-131.1

openSUSE Leap 42.3:MozillaFirefox-buildsymbols-60.5.1-131.1

openSUSE Leap 42.3:MozillaFirefox-devel-60.5.1-131.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-5785.html
CVE-2019-5785
https://bugzilla.suse.com/1125330
SUSE Bug 1125330
https://bugzilla.suse.com/1125396
SUSE Bug 1125396

openSUSE-SU-2019:0202-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-18335

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-18356

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-5785

Описание

Затронутые продукты

Ссылки