Nacionalni CERT

Sigurnosni nedostaci programskog paketa MozillaFirefox

<p>SUSE Security Update: Security update for MozillaFirefox<br />______________________________________________________________________________<br /><br />Announcement ID: SUSE-SU-2017:0714-1<br />Rating: important<br />References: #1028391 <br />Cross-References: CVE-2017-5398 CVE-2017-5400 CVE-2017-5401<br /> CVE-2017-5402 CVE-2017-5404 CVE-2017-5405<br /> CVE-2017-5407 CVE-2017-5408 CVE-2017-5409<br /> CVE-2017-5410<br />Affected Products:<br /> SUSE Linux Enterprise Software Development Kit 12-SP2<br /> SUSE Linux Enterprise Software Development Kit 12-SP1<br /> SUSE Linux Enterprise Server for SAP 12<br /> SUSE Linux Enterprise Server for Raspberry Pi 12-SP2<br /> SUSE Linux Enterprise Server 12-SP2<br /> SUSE Linux Enterprise Server 12-SP1<br /> SUSE Linux Enterprise Server 12-LTSS<br /> SUSE Linux Enterprise Desktop 12-SP2<br /> SUSE Linux Enterprise Desktop 12-SP1<br />______________________________________________________________________________<br /><br /> An update that fixes 10 vulnerabilities is now available.<br /><br />Description:<br /><br /><br /> This update for MozillaFirefox to ESR 45.8 fixes the following issues:<br /><br /> Security issues fixed (bsc#1028391):<br /> - CVE-2017-5402: Use-after-free working with events in FontFace objects<br /> - CVE-2017-5410: Memory corruption during JavaScript garbage collection<br /> incremental sweeping<br /> - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP<br /> - CVE-2017-5401: Memory Corruption when handling ErrorResult<br /> - CVE-2017-5407: Pixel and history stealing via floating-point timing side<br /> channel with SVG filters<br /> - CVE-2017-5404: Use-after-free working with ranges in selections<br /> - CVE-2017-5405: FTP response codes can cause use of uninitialized values<br /> for ports<br /> - CVE-2017-5408: Cross-origin reading of video captions in violation of<br /> CORS<br /> - CVE-2017-5409: File deletion via callback parameter in Mozilla Windows<br /> Updater and Maintenance Service<br /> - CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR<br /> 45.8<br /><br /><br />Patch Instructions:<br /><br /> To install this SUSE Security Update use YaST online_update.<br /> Alternatively you can run the command listed for your product:<br /><br /> - SUSE Linux Enterprise Software Development Kit 12-SP2:<br /><br /> zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-392=1<br /><br /> - SUSE Linux Enterprise Software Development Kit 12-SP1:<br /><br /> zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-392=1<br /><br /> - SUSE Linux Enterprise Server for SAP 12:<br /><br /> zypper in -t patch SUSE-SLE-SAP-12-2017-392=1<br /><br /> - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:<br /><br /> zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-392=1<br /><br /> - SUSE Linux Enterprise Server 12-SP2:<br /><br /> zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-392=1<br /><br /> - SUSE Linux Enterprise Server 12-SP1:<br /><br /> zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-392=1<br /><br /> - SUSE Linux Enterprise Server 12-LTSS:<br /><br /> zypper in -t patch SUSE-SLE-SERVER-12-2017-392=1<br /><br /> - SUSE Linux Enterprise Desktop 12-SP2:<br /><br /> zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-392=1<br /><br /> - SUSE Linux Enterprise Desktop 12-SP1:<br /><br /> zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-392=1<br /><br /> To bring your system up-to-date, use "zypper patch".<br /><br /><br />Package List:<br /><br /> - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):<br /><br /> MozillaFirefox-debuginfo-45.8.0esr-102.1<br /> MozillaFirefox-debugsource-45.8.0esr-102.1<br /> MozillaFirefox-devel-45.8.0esr-102.1<br /><br /> - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):<br /><br /> MozillaFirefox-debuginfo-45.8.0esr-102.1<br /> MozillaFirefox-debugsource-45.8.0esr-102.1<br /> MozillaFirefox-devel-45.8.0esr-102.1<br /><br /> - SUSE Linux Enterprise Server for SAP 12 (x86_64):<br /><br /> MozillaFirefox-45.8.0esr-102.1<br /> MozillaFirefox-debuginfo-45.8.0esr-102.1<br /> MozillaFirefox-debugsource-45.8.0esr-102.1<br /> MozillaFirefox-translations-45.8.0esr-102.1<br /><br /> - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):<br /><br /> MozillaFirefox-45.8.0esr-102.1<br /> MozillaFirefox-debuginfo-45.8.0esr-102.1<br /> MozillaFirefox-debugsource-45.8.0esr-102.1<br /> MozillaFirefox-translations-45.8.0esr-102.1<br /><br /> - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64):<br /><br /> MozillaFirefox-45.8.0esr-102.1<br /> MozillaFirefox-debuginfo-45.8.0esr-102.1<br /> MozillaFirefox-debugsource-45.8.0esr-102.1<br /> MozillaFirefox-translations-45.8.0esr-102.1<br /><br /> - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):<br /><br /> MozillaFirefox-45.8.0esr-102.1<br /> MozillaFirefox-debuginfo-45.8.0esr-102.1<br /> MozillaFirefox-debugsource-45.8.0esr-102.1<br /> MozillaFirefox-translations-45.8.0esr-102.1<br /><br /> - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):<br /><br /> MozillaFirefox-45.8.0esr-102.1<br /> MozillaFirefox-debuginfo-45.8.0esr-102.1<br /> MozillaFirefox-debugsource-45.8.0esr-102.1<br /> MozillaFirefox-translations-45.8.0esr-102.1<br /><br /> - SUSE Linux Enterprise Desktop 12-SP2 (x86_64):<br /><br /> MozillaFirefox-45.8.0esr-102.1<br /> MozillaFirefox-debuginfo-45.8.0esr-102.1<br /> MozillaFirefox-debugsource-45.8.0esr-102.1<br /> MozillaFirefox-translations-45.8.0esr-102.1<br /><br /> - SUSE Linux Enterprise Desktop 12-SP1 (x86_64):<br /><br /> MozillaFirefox-45.8.0esr-102.1<br /> MozillaFirefox-debuginfo-45.8.0esr-102.1<br /> MozillaFirefox-debugsource-45.8.0esr-102.1<br /> MozillaFirefox-translations-45.8.0esr-102.1<br /><br /><br />References:<br /><br /> https://www.suse.com/security/cve/CVE-2017-5398.html<br /> https://www.suse.com/security/cve/CVE-2017-5400.html<br /> https://www.suse.com/security/cve/CVE-2017-5401.html<br /> https://www.suse.com/security/cve/CVE-2017-5402.html<br /> https://www.suse.com/security/cve/CVE-2017-5404.html<br /> https://www.suse.com/security/cve/CVE-2017-5405.html<br /> https://www.suse.com/security/cve/CVE-2017-5407.html<br /> https://www.suse.com/security/cve/CVE-2017-5408.html<br /> https://www.suse.com/security/cve/CVE-2017-5409.html<br /> https://www.suse.com/security/cve/CVE-2017-5410.html<br /> https://bugzilla.suse.com/1028391<br /><br />-- <br />To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org<br />For additional commands, e-mail: opensuse-security-announce+help@opensuse.org<br /><br /><br /><br /> SUSE Security Update: Security update for MozillaFirefox<br />______________________________________________________________________________<br /><br />Announcement ID: SUSE-SU-2017:0732-1<br />Rating: important<br />References: #1027527 #1028391 <br />Cross-References: CVE-2017-5398 CVE-2017-5400 CVE-2017-5401<br /> CVE-2017-5402 CVE-2017-5404 CVE-2017-5405<br /> CVE-2017-5407 CVE-2017-5408 CVE-2017-5409<br /> CVE-2017-5410<br />Affected Products:<br /> SUSE OpenStack Cloud 5<br /> SUSE Manager Proxy 2.1<br /> SUSE Manager 2.1<br /> SUSE Linux Enterprise Software Development Kit 11-SP4<br /> SUSE Linux Enterprise Server 11-SP4<br /> SUSE Linux Enterprise Server 11-SP3-LTSS<br /> SUSE Linux Enterprise Point of Sale 11-SP3<br /> SUSE Linux Enterprise Debuginfo 11-SP4<br /> SUSE Linux Enterprise Debuginfo 11-SP3<br />______________________________________________________________________________<br /><br /> An update that fixes 10 vulnerabilities is now available.<br /><br />Description:<br /><br /><br /> This update for MozillaFirefox to ESR 45.8 fixes the following issues:<br /><br /> Security issues fixed (bsc#1028391):<br /> - CVE-2017-5402: Use-after-free working with events in FontFace objects<br /> - CVE-2017-5410: Memory corruption during JavaScript garbage collection<br /> incremental sweeping<br /> - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP<br /> - CVE-2017-5401: Memory Corruption when handling ErrorResult<br /> - CVE-2017-5407: Pixel and history stealing via floating-point timing side<br /> channel with SVG filters<br /> - CVE-2017-5404: Use-after-free working with ranges in selections<br /> - CVE-2017-5405: FTP response codes can cause use of uninitialized values<br /> for ports<br /> - CVE-2017-5408: Cross-origin reading of video captions in violation of<br /> CORS<br /> - CVE-2017-5409: File deletion via callback parameter in Mozilla Windows<br /> Updater and Maintenance Service<br /> - CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR<br /> 45.8<br /><br /> Bugfixes:<br /> - fix crashes on Itanium (bsc#1027527)<br /><br /><br />Patch Instructions:<br /><br /> To install this SUSE Security Update use YaST online_update.<br /> Alternatively you can run the command listed for your product:<br /><br /> - SUSE OpenStack Cloud 5:<br /><br /> zypper in -t patch sleclo50sp3-MozillaFirefox-13034=1<br /><br /> - SUSE Manager Proxy 2.1:<br /><br /> zypper in -t patch slemap21-MozillaFirefox-13034=1<br /><br /> - SUSE Manager 2.1:<br /><br /> zypper in -t patch sleman21-MozillaFirefox-13034=1<br /><br /> - SUSE Linux Enterprise Software Development Kit 11-SP4:<br /><br /> zypper in -t patch sdksp4-MozillaFirefox-13034=1<br /><br /> - SUSE Linux Enterprise Server 11-SP4:<br /><br /> zypper in -t patch slessp4-MozillaFirefox-13034=1<br /><br /> - SUSE Linux Enterprise Server 11-SP3-LTSS:<br /><br /> zypper in -t patch slessp3-MozillaFirefox-13034=1<br /><br /> - SUSE Linux Enterprise Point of Sale 11-SP3:<br /><br /> zypper in -t patch sleposp3-MozillaFirefox-13034=1<br /><br /> - SUSE Linux Enterprise Debuginfo 11-SP4:<br /><br /> zypper in -t patch dbgsp4-MozillaFirefox-13034=1<br /><br /> - SUSE Linux Enterprise Debuginfo 11-SP3:<br /><br /> zypper in -t patch dbgsp3-MozillaFirefox-13034=1<br /><br /> To bring your system up-to-date, use "zypper patch".<br /><br /><br />Package List:<br /><br /> - SUSE OpenStack Cloud 5 (x86_64):<br /><br /> MozillaFirefox-45.8.0esr-68.1<br /> MozillaFirefox-translations-45.8.0esr-68.1<br /><br /> - SUSE Manager Proxy 2.1 (x86_64):<br /><br /> MozillaFirefox-45.8.0esr-68.1<br /> MozillaFirefox-translations-45.8.0esr-68.1<br /><br /> - SUSE Manager 2.1 (s390x x86_64):<br /><br /> MozillaFirefox-45.8.0esr-68.1<br /> MozillaFirefox-translations-45.8.0esr-68.1<br /><br /> - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):<br /><br /> MozillaFirefox-devel-45.8.0esr-68.1<br /><br /> - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):<br /><br /> MozillaFirefox-45.8.0esr-68.1<br /> MozillaFirefox-translations-45.8.0esr-68.1<br /><br /> - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):<br /><br /> MozillaFirefox-45.8.0esr-68.1<br /> MozillaFirefox-translations-45.8.0esr-68.1<br /><br /> - SUSE Linux Enterprise Point of Sale 11-SP3 (i586):<br /><br /> MozillaFirefox-45.8.0esr-68.1<br /> MozillaFirefox-translations-45.8.0esr-68.1<br /><br /> - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):<br /><br /> MozillaFirefox-debuginfo-45.8.0esr-68.1<br /> MozillaFirefox-debugsource-45.8.0esr-68.1<br /><br /> - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):<br /><br /> MozillaFirefox-debuginfo-45.8.0esr-68.1<br /> MozillaFirefox-debugsource-45.8.0esr-68.1<br /><br /><br />References:<br /><br /> https://www.suse.com/security/cve/CVE-2017-5398.html<br /> https://www.suse.com/security/cve/CVE-2017-5400.html<br /> https://www.suse.com/security/cve/CVE-2017-5401.html<br /> https://www.suse.com/security/cve/CVE-2017-5402.html<br /> https://www.suse.com/security/cve/CVE-2017-5404.html<br /> https://www.suse.com/security/cve/CVE-2017-5405.html<br /> https://www.suse.com/security/cve/CVE-2017-5407.html<br /> https://www.suse.com/security/cve/CVE-2017-5408.html<br /> https://www.suse.com/security/cve/CVE-2017-5409.html<br /> https://www.suse.com/security/cve/CVE-2017-5410.html<br /> https://bugzilla.suse.com/1027527<br /> https://bugzilla.suse.com/1028391<br /><br />-- <br />To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org<br />For additional commands, e-mail: opensuse-security-announce+help@opensuse.org</p>
Otkriveni su sigurnosni nedostaci u programskom paketu MozillaFirefox za operacijski sustav SUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, izvršavanje proizvoljnog programskog koda, zaobilaženje sigurnosnih ograničenja ili otkrivanje osjetljivih informacija. Savjetuje se ažuriranje izdanim zakrpama.