openSUSE Security Update: Security update for MozillaFirefox, mozilla-nss
______________________________________________________________________________
Announcement ID: openSUSE-SU-2016:1552-1
Rating: important
References: #980384 #981695 #983549 #983632 #983638 #983639
#983640 #983643 #983644 #983646 #983649 #983651
#983652 #983653 #983655
Cross-References: CVE-2016-2815 CVE-2016-2818 CVE-2016-2819
CVE-2016-2821 CVE-2016-2822 CVE-2016-2824
CVE-2016-2825 CVE-2016-2828 CVE-2016-2829
CVE-2016-2831 CVE-2016-2832 CVE-2016-2833
CVE-2016-2834
Affected Products:
openSUSE Leap 42.1
openSUSE 13.2
______________________________________________________________________________
An update that solves 13 vulnerabilities and has two fixes
is now available.
Description:
This update to Mozilla Firefox 47 fixes the following issues (boo#983549):
Security fixes:
– CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards
(boo#983638 MFSA 2016-49)
– CVE-2016-2819: Buffer overflow parsing HTML5 fragments (boo#983655 MFSA
2016-50)
– CVE-2016-2821: Use-after-free deleting tables from a contenteditable
document (boo#983653 MFSA 2016-51)
– CVE-2016-2822: Addressbar spoofing though the SELECT element (boo#983652
MFSA 2016-52)
– CVE-2016-2824: Out-of-bounds write with WebGL shader (boo#983651 MFSA
2016-53)
– CVE-2016-2825: Partial same-origin-policy through setting location.host
through data URI (boo#983649 MFSA 2016-54)
– CVE-2016-2828: Use-after-free when textures are used in WebGL operations
after recycle pool destruction (boo#983646 MFSA 2016-56)
– CVE-2016-2829: Incorrect icon displayed on permissions notifications
(boo#983644 MFSA 2016-57)
– CVE-2016-2831: Entering fullscreen and persistent pointerlock without
user permission (boo#983643 MFSA 2016-58)
– CVE-2016-2832: Information disclosure of disabled plugins through CSS
pseudo-classes (boo#983632 MFSA 2016-59)
– CVE-2016-2833: Java applets bypass CSP protections (boo#983640 MFSA
2016-60)
Mozilla NSS was updated to 3.23 to address the following vulnerabilities:
– CVE-2016-2834: Memory safety bugs (boo#983639 MFSA-2016-61)
The following non-security changes are included:
– Enable VP9 video codec for users with fast machines
– Embedded YouTube videos now play with HTML5 video if Flash is not
installed
– View and search open tabs from your smartphone or another computer in a
sidebar
– Allow no-cache on back/forward navigations for https resources
The following packaging changes are included:
– boo#981695: cleanup configure options, notably removing GStreamer
support which is gone from FF
– boo#980384: enable build with PIE and full relro on x86_64
The following new functionality is provided:
– ChaCha20/Poly1305 cipher and TLS cipher suites now supported
– The list of TLS extensions sent in the TLS handshake has been reordered
to increase compatibility of the Extended Master Secret with with servers
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– openSUSE Leap 42.1:
zypper in -t patch openSUSE-2016-704=1
– openSUSE 13.2:
zypper in -t patch openSUSE-2016-704=1
To bring your system up-to-date, use “zypper patch”.
Package List:
– openSUSE Leap 42.1 (i586 x86_64):
MozillaFirefox-47.0-24.1
MozillaFirefox-branding-upstream-47.0-24.1
MozillaFirefox-buildsymbols-47.0-24.1
MozillaFirefox-debuginfo-47.0-24.1
MozillaFirefox-debugsource-47.0-24.1
MozillaFirefox-devel-47.0-24.1
MozillaFirefox-translations-common-47.0-24.1
MozillaFirefox-translations-other-47.0-24.1
libfreebl3-3.23-18.1
libfreebl3-debuginfo-3.23-18.1
libsoftokn3-3.23-18.1
libsoftokn3-debuginfo-3.23-18.1
mozilla-nss-3.23-18.1
mozilla-nss-certs-3.23-18.1
mozilla-nss-certs-debuginfo-3.23-18.1
mozilla-nss-debuginfo-3.23-18.1
mozilla-nss-debugsource-3.23-18.1
mozilla-nss-devel-3.23-18.1
mozilla-nss-sysinit-3.23-18.1
mozilla-nss-sysinit-debuginfo-3.23-18.1
mozilla-nss-tools-3.23-18.1
mozilla-nss-tools-debuginfo-3.23-18.1
– openSUSE Leap 42.1 (x86_64):
libfreebl3-32bit-3.23-18.1
libfreebl3-debuginfo-32bit-3.23-18.1
libsoftokn3-32bit-3.23-18.1
libsoftokn3-debuginfo-32bit-3.23-18.1
mozilla-nss-32bit-3.23-18.1
mozilla-nss-certs-32bit-3.23-18.1
mozilla-nss-certs-debuginfo-32bit-3.23-18.1
mozilla-nss-debuginfo-32bit-3.23-18.1
mozilla-nss-sysinit-32bit-3.23-18.1
mozilla-nss-sysinit-debuginfo-32bit-3.23-18.1
– openSUSE 13.2 (i586 x86_64):
MozillaFirefox-47.0-71.1
MozillaFirefox-branding-upstream-47.0-71.1
MozillaFirefox-buildsymbols-47.0-71.1
MozillaFirefox-debuginfo-47.0-71.1
MozillaFirefox-debugsource-47.0-71.1
MozillaFirefox-devel-47.0-71.1
MozillaFirefox-translations-common-47.0-71.1
MozillaFirefox-translations-other-47.0-71.1
libfreebl3-3.23-34.1
libfreebl3-debuginfo-3.23-34.1
libsoftokn3-3.23-34.1
libsoftokn3-debuginfo-3.23-34.1
mozilla-nss-3.23-34.1
mozilla-nss-certs-3.23-34.1
mozilla-nss-certs-debuginfo-3.23-34.1
mozilla-nss-debuginfo-3.23-34.1
mozilla-nss-debugsource-3.23-34.1
mozilla-nss-devel-3.23-34.1
mozilla-nss-sysinit-3.23-34.1
mozilla-nss-sysinit-debuginfo-3.23-34.1
mozilla-nss-tools-3.23-34.1
mozilla-nss-tools-debuginfo-3.23-34.1
– openSUSE 13.2 (x86_64):
libfreebl3-32bit-3.23-34.1
libfreebl3-debuginfo-32bit-3.23-34.1
libsoftokn3-32bit-3.23-34.1
libsoftokn3-debuginfo-32bit-3.23-34.1
mozilla-nss-32bit-3.23-34.1
mozilla-nss-certs-32bit-3.23-34.1
mozilla-nss-certs-debuginfo-32bit-3.23-34.1
mozilla-nss-debuginfo-32bit-3.23-34.1
mozilla-nss-sysinit-32bit-3.23-34.1
mozilla-nss-sysinit-debuginfo-32bit-3.23-34.1
References:
https://www.suse.com/security/cve/CVE-2016-2815.html
https://www.suse.com/security/cve/CVE-2016-2818.html
https://www.suse.com/security/cve/CVE-2016-2819.html
https://www.suse.com/security/cve/CVE-2016-2821.html
https://www.suse.com/security/cve/CVE-2016-2822.html
https://www.suse.com/security/cve/CVE-2016-2824.html
https://www.suse.com/security/cve/CVE-2016-2825.html
https://www.suse.com/security/cve/CVE-2016-2828.html
https://www.suse.com/security/cve/CVE-2016-2829.html
https://www.suse.com/security/cve/CVE-2016-2831.html
https://www.suse.com/security/cve/CVE-2016-2832.html
https://www.suse.com/security/cve/CVE-2016-2833.html
https://www.suse.com/security/cve/CVE-2016-2834.html
https://bugzilla.suse.com/980384
https://bugzilla.suse.com/981695
https://bugzilla.suse.com/983549
https://bugzilla.suse.com/983632
https://bugzilla.suse.com/983638
https://bugzilla.suse.com/983639
https://bugzilla.suse.com/983640
https://bugzilla.suse.com/983643
https://bugzilla.suse.com/983644
https://bugzilla.suse.com/983646
https://bugzilla.suse.com/983649
https://bugzilla.suse.com/983651
https://bugzilla.suse.com/983652
https://bugzilla.suse.com/983653
https://bugzilla.suse.com/983655
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
openSUSE Security Update: Security update for MozillaFirefox, mozilla-nss
______________________________________________________________________________
Announcement ID: openSUSE-SU-2016:1557-1
Rating: important
References: #980384 #981695 #983549 #983632 #983638 #983639
#983640 #983643 #983644 #983646 #983649 #983651
#983652 #983653 #983655
Cross-References: CVE-2016-1950 CVE-2016-2815 CVE-2016-2818
CVE-2016-2819 CVE-2016-2821 CVE-2016-2822
CVE-2016-2824 CVE-2016-2825 CVE-2016-2828
CVE-2016-2829 CVE-2016-2831 CVE-2016-2832
CVE-2016-2833 CVE-2016-2834
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that solves 14 vulnerabilities and has one errata
is now available.
Description:
This update to Mozilla Firefox 47 fixes the following issues (boo#983549):
Security fixes:
– CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards
(boo#983638 MFSA 2016-49)
– CVE-2016-2819: Buffer overflow parsing HTML5 fragments (boo#983655
MFSA 2016-50)
– CVE-2016-2821: Use-after-free deleting tables from a contenteditable
document (boo#983653 MFSA 2016-51)
– CVE-2016-2822: Addressbar spoofing though the SELECT element
(boo#983652 MFSA 2016-52)
– CVE-2016-2824: Out-of-bounds write with WebGL shader (boo#983651 MFSA
2016-53)
– CVE-2016-2825: Partial same-origin-policy through setting
location.host through data URI (boo#983649 MFSA 2016-54)
– CVE-2016-2828: Use-after-free when textures are used in WebGL
operations after recycle pool destruction (boo#983646 MFSA 2016-56)
– CVE-2016-2829: Incorrect icon displayed on permissions notifications
(boo#983644 MFSA 2016-57)
– CVE-2016-2831: Entering fullscreen and persistent pointerlock without
user permission (boo#983643 MFSA 2016-58)
– CVE-2016-2832: Information disclosure of disabled plugins through CSS
pseudo-classes (boo#983632 MFSA 2016-59)
– CVE-2016-2833: Java applets bypass CSP protections (boo#983640 MFSA
2016-60)
Mozilla NSS was updated to 3.23 to address the following vulnerabilities:
– CVE-2016-2834: Memory safety bugs (boo#983639 MFSA-2016-61)
The following non-security changes are included:
– Enable VP9 video codec for users with fast machines
– Embedded YouTube videos now play with HTML5 video if Flash is not
installed
– View and search open tabs from your smartphone or another computer in
a sidebar
– Allow no-cache on back/forward navigations for https resources
The following packaging changes are included:
– boo#981695: cleanup configure options, notably removing GStreamer
support which is gone from FF
– boo#980384: enable build with PIE and full relro on x86_64
The following new functionality is provided:
– ChaCha20/Poly1305 cipher and TLS cipher suites now supported
– The list of TLS extensions sent in the TLS handshake has been
reordered to increase compatibility of the Extended Master Secret
with with servers
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– openSUSE 13.1:
zypper in -t patch 2016-714=1
To bring your system up-to-date, use “zypper patch”.
Package List:
– openSUSE 13.1 (i586 x86_64):
MozillaFirefox-47.0-116.1
MozillaFirefox-branding-upstream-47.0-116.1
MozillaFirefox-buildsymbols-47.0-116.1
MozillaFirefox-debuginfo-47.0-116.1
MozillaFirefox-debugsource-47.0-116.1
MozillaFirefox-devel-47.0-116.1
MozillaFirefox-translations-common-47.0-116.1
MozillaFirefox-translations-other-47.0-116.1
libfreebl3-3.23-80.1
libfreebl3-debuginfo-3.23-80.1
libsoftokn3-3.23-80.1
libsoftokn3-debuginfo-3.23-80.1
mozilla-nss-3.23-80.1
mozilla-nss-certs-3.23-80.1
mozilla-nss-certs-debuginfo-3.23-80.1
mozilla-nss-debuginfo-3.23-80.1
mozilla-nss-debugsource-3.23-80.1
mozilla-nss-devel-3.23-80.1
mozilla-nss-sysinit-3.23-80.1
mozilla-nss-sysinit-debuginfo-3.23-80.1
mozilla-nss-tools-3.23-80.1
mozilla-nss-tools-debuginfo-3.23-80.1
– openSUSE 13.1 (x86_64):
libfreebl3-32bit-3.23-80.1
libfreebl3-debuginfo-32bit-3.23-80.1
libsoftokn3-32bit-3.23-80.1
libsoftokn3-debuginfo-32bit-3.23-80.1
mozilla-nss-32bit-3.23-80.1
mozilla-nss-certs-32bit-3.23-80.1
mozilla-nss-certs-debuginfo-32bit-3.23-80.1
mozilla-nss-debuginfo-32bit-3.23-80.1
mozilla-nss-sysinit-32bit-3.23-80.1
mozilla-nss-sysinit-debuginfo-32bit-3.23-80.1
References:
https://www.suse.com/security/cve/CVE-2016-1950.html
https://www.suse.com/security/cve/CVE-2016-2815.html
https://www.suse.com/security/cve/CVE-2016-2818.html
https://www.suse.com/security/cve/CVE-2016-2819.html
https://www.suse.com/security/cve/CVE-2016-2821.html
https://www.suse.com/security/cve/CVE-2016-2822.html
https://www.suse.com/security/cve/CVE-2016-2824.html
https://www.suse.com/security/cve/CVE-2016-2825.html
https://www.suse.com/security/cve/CVE-2016-2828.html
https://www.suse.com/security/cve/CVE-2016-2829.html
https://www.suse.com/security/cve/CVE-2016-2831.html
https://www.suse.com/security/cve/CVE-2016-2832.html
https://www.suse.com/security/cve/CVE-2016-2833.html
https://www.suse.com/security/cve/CVE-2016-2834.html
https://bugzilla.suse.com/980384
https://bugzilla.suse.com/981695
https://bugzilla.suse.com/983549
https://bugzilla.suse.com/983632
https://bugzilla.suse.com/983638
https://bugzilla.suse.com/983639
https://bugzilla.suse.com/983640
https://bugzilla.suse.com/983643
https://bugzilla.suse.com/983644
https://bugzilla.suse.com/983646
https://bugzilla.suse.com/983649
https://bugzilla.suse.com/983651
https://bugzilla.suse.com/983652
https://bugzilla.suse.com/983653
https://bugzilla.suse.com/983655
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org