openSUSE Security Update: seamonkey: Update to Seamonkey 2.11
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:0935-1
Rating:             important
References:         #771583 
Cross-References:   CVE-2012-1948 CVE-2012-1949 CVE-2012-1951
                    CVE-2012-1952 CVE-2012-1953 CVE-2012-1954
                    CVE-2012-1955 CVE-2012-1957 CVE-2012-1958
                    CVE-2012-1959 CVE-2012-1960 CVE-2012-1961
                    CVE-2012-1962 CVE-2012-1963 CVE-2012-1967
                   
Affected Products:
                    openSUSE 12.1
                    openSUSE 11.4
______________________________________________________________________________

   An update that fixes 15 vulnerabilities is now available.

Description:

   Seamonkey was updated to version 2.11 (bnc#771583)

   * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous
   memory safety hazards
   * MFSA
   2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1
   952 Gecko memory corruption
   * MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue
   with location
   * MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper
   filtering of javascript in HTML feed-view
   * MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free
   in nsGlobalWindow::PageHidden
   * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
   Same-compartment Security Wrappers can be bypassed
   * MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds
   read in QCMS
   * MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options
   header ignored when duplicated
   * MFSA 2012-52/CVE-2012-1962 (bmo#764296)
   JSDependentString::undepend string conversion results
   in memory corruption
   * MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content
   Security Policy 1.0 implementation errors cause data
   leakage
   * MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution
   through javascript: URLs
   * relicensed to MPL-2.0
   - updated/removed patches
   - requires NSS 3.13.5

   - update to Seamonkey 2.10.1


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.1:

      zypper in -t patch openSUSE-2012-473

   - openSUSE 11.4:

      zypper in -t patch openSUSE-2012-473

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 12.1 (i586 x86_64):

      seamonkey-2.11-2.24.2
      seamonkey-debuginfo-2.11-2.24.2
      seamonkey-debugsource-2.11-2.24.2
      seamonkey-dom-inspector-2.11-2.24.2
      seamonkey-irc-2.11-2.24.2
      seamonkey-translations-common-2.11-2.24.2
      seamonkey-translations-other-2.11-2.24.2
      seamonkey-venkman-2.11-2.24.2

   - openSUSE 11.4 (i586 x86_64):

      seamonkey-2.11-24.3
      seamonkey-debuginfo-2.11-24.3
      seamonkey-debugsource-2.11-24.3
      seamonkey-dom-inspector-2.11-24.3
      seamonkey-irc-2.11-24.3
      seamonkey-translations-common-2.11-24.3
      seamonkey-translations-other-2.11-24.3
      seamonkey-venkman-2.11-24.3


References:

   https://www.suse.com/security/cve/CVE-2012-1948.html
   https://www.suse.com/security/cve/CVE-2012-1949.html
   https://www.suse.com/security/cve/CVE-2012-1951.html
   https://www.suse.com/security/cve/CVE-2012-1952.html
   https://www.suse.com/security/cve/CVE-2012-1953.html
   https://www.suse.com/security/cve/CVE-2012-1954.html
   https://www.suse.com/security/cve/CVE-2012-1955.html
   https://www.suse.com/security/cve/CVE-2012-1957.html
   https://www.suse.com/security/cve/CVE-2012-1958.html
   https://www.suse.com/security/cve/CVE-2012-1959.html
   https://www.suse.com/security/cve/CVE-2012-1960.html
   https://www.suse.com/security/cve/CVE-2012-1961.html
   https://www.suse.com/security/cve/CVE-2012-1962.html
   https://www.suse.com/security/cve/CVE-2012-1963.html
   https://www.suse.com/security/cve/CVE-2012-1967.html
   https://bugzilla.novell.com/771583

openSUSE: 2012:0935-1: important: seamonkey

August 1, 2012
An update that fixes 15 vulnerabilities is now available

Description

Seamonkey was updated to version 2.11 (bnc#771583) * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1 952 Gecko memory corruption * MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue with location * MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper filtering of javascript in HTML feed-view * MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free in nsGlobalWindow::PageHidden * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) Same-compartment Security Wrappers can be bypassed * MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds read in QCMS * MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options header ignored when duplicated * MFSA 2012-52/CVE-2012-1962 (bmo#764296) JSDependentString::undepend string conversion results in memory corruption * MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content Security Policy 1.0 i...

Read the Full Advisory

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-473 - openSUSE 11.4: zypper in -t patch openSUSE-2012-473 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 12.1 (i586 x86_64): seamonkey-2.11-2.24.2 seamonkey-debuginfo-2.11-2.24.2 seamonkey-debugsource-2.11-2.24.2 seamonkey-dom-inspector-2.11-2.24.2 seamonkey-irc-2.11-2.24.2 seamonkey-translations-common-2.11-2.24.2 seamonkey-translations-other-2.11-2.24.2 seamonkey-venkman-2.11-2.24.2 - openSUSE 11.4 (i586 x86_64): seamonkey-2.11-24.3 seamonkey-debuginfo-2.11-24.3 seamonkey-debugsource-2.11-24.3 seamonkey-dom-inspector-2.11-24.3 seamonkey-irc-2.11-24.3 seamonkey-translations-common-2.11-24.3 seamonkey-translations-other-2.11-24.3 seamonkey-venkman-2.11-24.3


References

https://www.suse.com/security/cve/CVE-2012-1948.html https://www.suse.com/security/cve/CVE-2012-1949.html https://www.suse.com/security/cve/CVE-2012-1951.html https://www.suse.com/security/cve/CVE-2012-1952.html https://www.suse.com/security/cve/CVE-2012-1953.html https://www.suse.com/security/cve/CVE-2012-1954.html https://www.suse.com/security/cve/CVE-2012-1955.html https://www.suse.com/security/cve/CVE-2012-1957.html https://www.suse.com/security/cve/CVE-2012-1958.html https://www.suse.com/security/cve/CVE-2012-1959.html https://www.suse.com/security/cve/CVE-2012-1960.html https://www.suse.com/security/cve/CVE-2012-1961.html https://www.suse.com/security/cve/CVE-2012-1962.html https://www.suse.com/security/cve/CVE-2012-1963.html https://www.suse.com/security/cve/CVE-2012-1967.html https://bugzilla.novell.com/771583


Severity
Announcement ID: openSUSE-SU-2012:0935-1
Rating: important
Affected Products: openSUSE 12.1 openSUSE 11.4 .

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved