You are here
Home > Preporuke > Nadogradnja za xulrunner

Nadogradnja za xulrunner

by ncert - 0

openSUSE Security Update: Security update for xulrunner
______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:2380-1
Rating: important
References: #959277
Cross-References: CVE-2015-7201 CVE-2015-7205 CVE-2015-7210
CVE-2015-7212 CVE-2015-7213 CVE-2015-7214
CVE-2015-7222
Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________

An update that fixes 7 vulnerabilities is now available.

Description:

Xulrunner was updated to 38.5.0 to fix several security issues.

The following vulnerabilities were fixed (boo#959277):

* CVE-2015-7201: Miscellaneous memory safety hazards
* CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after
being destroyed
* CVE-2015-7212: Integer overflow allocating extremely large textures
* CVE-2015-7205: Underflow through code inspection
* CVE-2015-7213: Integer overflow in MP4 playback in 64-bit versions
* CVE-2015-7222: Integer underflow and buffer overflow processing MP4
metadata in libstagefright
* CVE-2015-7214: Cross-site reading attack through data and view-source
URIs

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.1:

zypper in -t patch openSUSE-2015-966=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.1 (i586 x86_64):

xulrunner-38.5.0-7.1
xulrunner-debuginfo-38.5.0-7.1
xulrunner-debugsource-38.5.0-7.1
xulrunner-devel-38.5.0-7.1

– openSUSE Leap 42.1 (x86_64):

xulrunner-32bit-38.5.0-7.1
xulrunner-debuginfo-32bit-38.5.0-7.1

References:

https://www.suse.com/security/cve/CVE-2015-7201.html
https://www.suse.com/security/cve/CVE-2015-7205.html
https://www.suse.com/security/cve/CVE-2015-7210.html
https://www.suse.com/security/cve/CVE-2015-7212.html
https://www.suse.com/security/cve/CVE-2015-7213.html
https://www.suse.com/security/cve/CVE-2015-7214.html
https://www.suse.com/security/cve/CVE-2015-7222.html
https://bugzilla.suse.com/959277


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

ncert
Top
More in Preporuke
Nadogradnja za Adobe Flash Player

Adobe je izdao nadogradnju za otklanjanje višestrukih kritičnih ranjivosti programskog paketa Adobe Flash Player. Otkrivene ranjivosti posljedica su narušavanja integriteta...

Close