SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1258-1
Rating: important
References: #977333 #977374 #977376 #977381 #977386
Cross-References: CVE-2016-2805 CVE-2016-2807 CVE-2016-2808
CVE-2016-2814
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Desktop 12-SP1
SUSE Linux Enterprise Desktop 12
______________________________________________________________________________
An update that solves four vulnerabilities and has one
errata is now available.
Description:
This update to MozillaFirefox 38.8.0 ESR fixes the following issues
(bsc#977333):
– CVE-2016-2805: Miscellaneous memory safety hazards – MFSA 2016-39
(bsc#977374)
– CVE-2016-2807: Miscellaneous memory safety hazards – MFSA 2016-39
(bsc#977376)
– CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets –
MFSA 2016-44 (bsc#977381)
– CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch()
– MFSA 2016-47 (bsc#977386)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-732=1
– SUSE Linux Enterprise Software Development Kit 12:
zypper in -t patch SUSE-SLE-SDK-12-2016-732=1
– SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-732=1
– SUSE Linux Enterprise Server 12:
zypper in -t patch SUSE-SLE-SERVER-12-2016-732=1
– SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-732=1
– SUSE Linux Enterprise Desktop 12:
zypper in -t patch SUSE-SLE-DESKTOP-12-2016-732=1
To bring your system up-to-date, use “zypper patch”.
Package List:
– SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
MozillaFirefox-debuginfo-38.8.0esr-66.2
MozillaFirefox-debugsource-38.8.0esr-66.2
MozillaFirefox-devel-38.8.0esr-66.2
– SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):
MozillaFirefox-debuginfo-38.8.0esr-66.2
MozillaFirefox-debugsource-38.8.0esr-66.2
MozillaFirefox-devel-38.8.0esr-66.2
– SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
MozillaFirefox-38.8.0esr-66.2
MozillaFirefox-debuginfo-38.8.0esr-66.2
MozillaFirefox-debugsource-38.8.0esr-66.2
MozillaFirefox-translations-38.8.0esr-66.2
– SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):
MozillaFirefox-38.8.0esr-66.2
MozillaFirefox-debuginfo-38.8.0esr-66.2
MozillaFirefox-debugsource-38.8.0esr-66.2
MozillaFirefox-translations-38.8.0esr-66.2
– SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
MozillaFirefox-38.8.0esr-66.2
MozillaFirefox-debuginfo-38.8.0esr-66.2
MozillaFirefox-debugsource-38.8.0esr-66.2
MozillaFirefox-translations-38.8.0esr-66.2
– SUSE Linux Enterprise Desktop 12 (x86_64):
MozillaFirefox-38.8.0esr-66.2
MozillaFirefox-debuginfo-38.8.0esr-66.2
MozillaFirefox-debugsource-38.8.0esr-66.2
MozillaFirefox-translations-38.8.0esr-66.2
References:
https://www.suse.com/security/cve/CVE-2016-2805.html
https://www.suse.com/security/cve/CVE-2016-2807.html
https://www.suse.com/security/cve/CVE-2016-2808.html
https://www.suse.com/security/cve/CVE-2016-2814.html
https://bugzilla.suse.com/977333
https://bugzilla.suse.com/977374
https://bugzilla.suse.com/977376
https://bugzilla.suse.com/977381
https://bugzilla.suse.com/977386
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
SUSE Security Update: Security update for Mozilla Firefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1352-1
Rating: important
References: #977333 #977374 #977376 #977381 #977386
Cross-References: CVE-2016-2805 CVE-2016-2807 CVE-2016-2808
CVE-2016-2814
Affected Products:
SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________
An update that solves four vulnerabilities and has one
errata is now available.
Description:
Mozilla Firefox was updated to fix the following vulnerabilities
(bsc#977333):
* CVE-2016-2805: Memory safety bug fixed in Firefox ESR 38.8 (MFSA
2016-39, bsc#977374)
* CVE-2016-2807: Memory safety bugs fixed in Firefox ESR 45.1, Firefox
ESR 38.8 and Firefox 46 (MFSA 2016-39, bsc#977376)
* CVE-2016-2808: Write to invalid HashMap entry through
JavaScript.watch() (MFSA 2016-47, bsc#977386)
* CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets
(MFSA 2016-44, bsc#977381)
Security Issues:
* CVE-2016-2805
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805>
* CVE-2016-2807
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807>
* CVE-2016-2808
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2808>
* CVE-2016-2814
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2814>
Package List:
– SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x):
MozillaFirefox-38.8.0esr-0.5.1
MozillaFirefox-translations-38.8.0esr-0.5.1
References:
https://www.suse.com/security/cve/CVE-2016-2805.html
https://www.suse.com/security/cve/CVE-2016-2807.html
https://www.suse.com/security/cve/CVE-2016-2808.html
https://www.suse.com/security/cve/CVE-2016-2814.html
https://bugzilla.suse.com/977333
https://bugzilla.suse.com/977374
https://bugzilla.suse.com/977376
https://bugzilla.suse.com/977381
https://bugzilla.suse.com/977386
https://download.suse.com/patch/finder/?keywords=c4a992c726ddbf623907944154d39624
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
