openSUSE-SU-2021:0056-1

Опубликовано: 13 янв. 2021

Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 78.6.1 ESR
- Fixed: Critical security issue MFSA 2021-01 (bsc#1180623)
- CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.2

MozillaFirefox-78.6.1-lp152.2.40.1

MozillaFirefox-branding-upstream-78.6.1-lp152.2.40.1

MozillaFirefox-buildsymbols-78.6.1-lp152.2.40.1

MozillaFirefox-devel-78.6.1-lp152.2.40.1

MozillaFirefox-translations-common-78.6.1-lp152.2.40.1

MozillaFirefox-translations-other-78.6.1-lp152.2.40.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MWW23OVUF57OUUNFOOBPRID66YRCNBPH/
E-Mail link for openSUSE-SU-2021:0056-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1180623
SUSE Bug 1180623
https://www.suse.com/security/cve/CVE-2020-16044/
SUSE CVE CVE-2020-16044 page

Описание

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.

Затронутые продукты

openSUSE Leap 15.2:MozillaFirefox-78.6.1-lp152.2.40.1

openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.6.1-lp152.2.40.1

openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.6.1-lp152.2.40.1

openSUSE Leap 15.2:MozillaFirefox-devel-78.6.1-lp152.2.40.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-16044.html
CVE-2020-16044
https://bugzilla.suse.com/1180623
SUSE Bug 1180623
https://bugzilla.suse.com/1181137
SUSE Bug 1181137

openSUSE-SU-2021:0056-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2020-16044

Описание

Затронутые продукты

Ссылки