English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.850463
Kategorie:SuSE Local Security Checks
Titel:openSUSE: Security Advisory for Mozilla Firefox and others (openSUSE-SU-2013:0631-1)
Zusammenfassung:The remote host is missing an update for the 'Mozilla Firefox and others'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'Mozilla Firefox and others'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The Mozilla suite received security and bugfix updates:

Firefox was updated to version 20.0. Thunderbird was
updated to version 17.0.5. Seamonkey was updated to version
2.17 mozilla-nss was updated to version 3.14.3.
mozilla-nspr was updated to version 4.9.6.

mozilla-nspr was updated to version 4.9.6:

* aarch64 support

* added PL_SizeOfArenaPoolExcludingPool function
(bmo#807883)

* Auto detect android api version for x86 (bmo#782214)

* Initialize Windows CRITICAL_SECTIONs without debug info
and with nonzero spin count (bmo#812085) Previous update
to version 4.9.5

* bmo#634793: define NSPR's exact-width integer types
PRInt{N} and PRUint{N} types to match the
exact-width integer types int{N}_t and uint{N}_t.

* bmo#782815: passing 'int *' to parameter of type
'unsigned int *' in setsockopt().

* bmo#822932: Port bmo#802527 (NDK r8b support for x86) to
NSPR.

* bmo#824742: NSPR shouldn't require librt on Android.

* bmo#831793: data race on lib-&>refCount in
PR_UnloadLibrary.

mozilla-nss was updated to version 3.14.3:

* disable tests with expired certificates

* add SEC_PKCS7VerifyDetachedSignatureAtTime using patch
from mozilla tree to fulfill Firefox 21 requirements

* No new major functionality is introduced in this release.
This release is a patch release to address CVE-2013-1620
(bmo#822365)

* 'certutil -a' was not correctly producing ASCII output as
requested. (bmo#840714)

* NSS 3.14.2 broke compilation with older versions of
sqlite that lacked the SQLITE_FCNTL_TEMPFILENAME file
control. NSS 3.14.3 now properly compiles when used with
older versions of sqlite (bmo#837799) - remove
system-sqlite.patch

* add aarch64 support

* added system-sqlite.patch (bmo#837799)

* do not depend on latest sqlite just for a #define

* enable system sqlite usage again

* update to 3.14.2

* required for Firefox &>= 20

* removed obsolete nssckbi update patch

* MFSA 2013-40/CVE-2013-0791 (bmo#629816) Out-of-bounds
array read in CERT_DecodeCertPackage

* disable system sqlite usage since we depend on 3.7.15
which is not provided in any openSUSE distribution

* add nss-sqlitename.patch to avoid any name clash

Changes in MozillaFirefox:

- update to Firefox 20.0 (bnc#813026)

* requires NSPR 4.9.5 and NSS 3.14.3

* MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous
memory safety hazards

* MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds
write in Cairo library

* MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash
with Mesa graphics driver on Linux

Affected Software/OS:
Mozilla Firefox and others on openSUSE 11.4

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-0788
Debian Security Information: DSA-2699 (Google Search)
http://www.debian.org/security/2013/dsa-2699
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16629
RedHat Security Advisories: RHSA-2013:0696
http://rhn.redhat.com/errata/RHSA-2013-0696.html
RedHat Security Advisories: RHSA-2013:0697
http://rhn.redhat.com/errata/RHSA-2013-0697.html
SuSE Security Announcement: SUSE-SU-2013:0645 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html
SuSE Security Announcement: SUSE-SU-2013:0850 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html
SuSE Security Announcement: openSUSE-SU-2013:0630 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html
SuSE Security Announcement: openSUSE-SU-2013:0631 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html
SuSE Security Announcement: openSUSE-SU-2013:0875 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html
http://www.ubuntu.com/usn/USN-1791-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-0789
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17079
Common Vulnerability Exposure (CVE) ID: CVE-2013-0792
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17021
Common Vulnerability Exposure (CVE) ID: CVE-2013-0793
BugTraq ID: 58837
http://www.securityfocus.com/bid/58837
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16928
Common Vulnerability Exposure (CVE) ID: CVE-2013-0794
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17065
Common Vulnerability Exposure (CVE) ID: CVE-2013-0795
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16842
Common Vulnerability Exposure (CVE) ID: CVE-2013-0796
Common Vulnerability Exposure (CVE) ID: CVE-2013-0800
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16909
Common Vulnerability Exposure (CVE) ID: CVE-2013-1620
BugTraq ID: 57777
http://www.securityfocus.com/bid/57777
BugTraq ID: 64758
http://www.securityfocus.com/bid/64758
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://seclists.org/fulldisclosure/2014/Dec/23
http://security.gentoo.org/glsa/glsa-201406-19.xml
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
http://openwall.com/lists/oss-security/2013/02/05/24
RedHat Security Advisories: RHSA-2013:1135
http://rhn.redhat.com/errata/RHSA-2013-1135.html
RedHat Security Advisories: RHSA-2013:1144
http://rhn.redhat.com/errata/RHSA-2013-1144.html
http://www.ubuntu.com/usn/USN-1763-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-0791
BugTraq ID: 58826
http://www.securityfocus.com/bid/58826
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150
CopyrightCopyright (C) 2013 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.