Detalji
Kreirano: 02 Kolovoz 2012
U radu paketa seamonkey otkriveno je i otklonjeno više novih propusta. Propusti su zlonamjernim korisnicima omogućavali proizvoljno pokretanje programskog koda, izvođenje DoS napada, otkrivanje osjetljivih informacija te zaobilaženje postavljenih ograničenja.
Paket:
SeaMonkey 2.x
Operacijski sustavi:
openSUSE 11.4, openSUSE 12.1
Kritičnost:
9.3
Problem:
korupcija memorije, neodgovarajuće rukovanje memorijom, pogreška u programskoj funkciji
Iskorištavanje:
lokalno/udaljeno
Posljedica:
otkrivanje osjetljivih informacija, proizvoljno izvršavanje programskog koda, uskraćivanje usluga (DoS), zaobilaženje postavljenih ograničenja
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-1948, CVE-2012-1949, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1955, CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1960, CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1967, CVE-2012-0001
Izvorni ID preporuke:
openSUSE-SU-2012:0935-1
Izvor:
SUSE
Problem:
Ranjivost je uzrokovana višestrukim nepravilnostima pri upravljanjima memorijom, pogreškama u funkcijama "qcms_transform_data_rgb_out_lut_sse2", "nsGlobalWindow::PageHidden" te zbog drugih nespecificiranih uzroka.
Posljedica:
Zlonamjerni korisnik bi mogao iskoristiti propuste za izvršavanje proizvoljnog programskog koda, čitanje povjerljivih podataka, DoS napad te zaobilaženje postavljenih ograničenja.
Rješenje:
Svim se korisnicima savjetuje instalacija nadogradnji u kojima su nepravilnosti otklonjene.
Izvorni tekst preporuke
openSUSE Security Update: seamonkey: Update to Seamonkey 2.11
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0935-1
Rating: important
References: #771583
Cross-References: CVE-2012-1948 CVE-2012-1949 CVE-2012-1951
CVE-2012-1952 CVE-2012-1953 CVE-2012-1954
CVE-2012-1955 CVE-2012-1957 CVE-2012-1958
CVE-2012-1959 CVE-2012-1960 CVE-2012-1961
CVE-2012-1962 CVE-2012-1963 CVE-2012-1967
Affected Products:
openSUSE 12.1
openSUSE 11.4
______________________________________________________________________________
An update that fixes 15 vulnerabilities is now available.
Description:
Seamonkey was updated to version 2.11 (bnc#771583)
* MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous
memory safety hazards
* MFSA
2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1
952 Gecko memory corruption
* MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue
with location
* MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper
filtering of javascript in HTML feed-view
* MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free
in nsGlobalWindow::PageHidden
* MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
Same-compartment Security Wrappers can be bypassed
* MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds
read in QCMS
* MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options
header ignored when duplicated
* MFSA 2012-52/CVE-2012-1962 (bmo#764296)
JSDependentString::undepend string conversion results
in memory corruption
* MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content
Security Policy 1.0 implementation errors cause data
leakage
* MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution
through javascript: URLs
* relicensed to MPL-2.0
- updated/removed patches
- requires NSS 3.13.5
- update to Seamonkey 2.10.1
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2012-473
- openSUSE 11.4:
zypper in -t patch openSUSE-2012-473
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.1 (i586 x86_64):
seamonkey-2.11-2.24.2
seamonkey-debuginfo-2.11-2.24.2
seamonkey-debugsource-2.11-2.24.2
seamonkey-dom-inspector-2.11-2.24.2
seamonkey-irc-2.11-2.24.2
seamonkey-translations-common-2.11-2.24.2
seamonkey-translations-other-2.11-2.24.2
seamonkey-venkman-2.11-2.24.2
- openSUSE 11.4 (i586 x86_64):
seamonkey-2.11-24.3
seamonkey-debuginfo-2.11-24.3
seamonkey-debugsource-2.11-24.3
seamonkey-dom-inspector-2.11-24.3
seamonkey-irc-2.11-24.3
seamonkey-translations-common-2.11-24.3
seamonkey-translations-other-2.11-24.3
seamonkey-venkman-2.11-24.3
References:
http://support.novell.com/security/cve/CVE-2012-1948.html
http://support.novell.com/security/cve/CVE-2012-1949.html
http://support.novell.com/security/cve/CVE-2012-1951.html
http://support.novell.com/security/cve/CVE-2012-1952.html
http://support.novell.com/security/cve/CVE-2012-1953.html
http://support.novell.com/security/cve/CVE-2012-1954.html
http://support.novell.com/security/cve/CVE-2012-1955.html
http://support.novell.com/security/cve/CVE-2012-1957.html
http://support.novell.com/security/cve/CVE-2012-1958.html
http://support.novell.com/security/cve/CVE-2012-1959.html
http://support.novell.com/security/cve/CVE-2012-1960.html
http://support.novell.com/security/cve/CVE-2012-1961.html
http://support.novell.com/security/cve/CVE-2012-1962.html
http://support.novell.com/security/cve/CVE-2012-1963.html
http://support.novell.com/security/cve/CVE-2012-1967.html
https://bugzilla.novell.com/771583
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke