Oval Definition:oval:org.mitre.oval:def:28150
Revision Date:2015-03-16Version:6
Title:SUSE-SU-2014:1510-1 -- Security update for MozillaFirefox and mozilla-nss (moderate)
Description:- update to Firefox 31.2.0 ESR (bnc#900941) * MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 (bmo#1001994, bmo#1011354, bmo#1018916, bmo#1020034, bmo#1023035, bmo#1032208, bmo#1033020, bmo#1034230, bmo#1061214, bmo#1061600, bmo#1064346, bmo#1072044, bmo#1072174) Miscellaneous memory safety hazards (rv:33.0/rv:31.2) * MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation * MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms * MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video * MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe * MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API - SSLv3 is disabled by default. See README.POODLE for more detailed information. - disable call home features - update to 3.17.2 (bnc#900941) Bugfix release * bmo#1049435 - Importing an RSA private key fails if p < q * bmo#1057161 - NSS hangs with 100% CPU on invalid EC key * bmo#1078669 - certutil crashes when using the --certVersion parameter - changes from earlier version of the 3.17 branch: update to 3.17.1 (bnc#897890) * MFSA 2014-73/CVE-2014-1568 (bmo#1064636, bmo#1069405) RSA Signature Forgery in NSS * Change library's signature algorithm default to SHA256 * Add support for draft-ietf-tls-downgrade-scsv * Add clang-cl support to the NSS build system * Implement TLS 1.3: * Part 1. Negotiate TLS 1.3 * Part 2. Remove deprecated cipher suites andcompression. * Add support for little-endian powerpc64 update to 3.17 * required for Firefox 33 New functionality: * When using ECDHE, the TLS server code may be configured to generate a fresh ephemeral ECDH key for each handshake, by setting the SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means the server's ephemeral ECDH key is reused for multiple handshakes. This option does not affect the TLS client code, which always generates a fresh ephemeral ECDH key for each handshake. New Macros * SSL_REUSE_SERVER_ECDHE_KEY Notable Changes: * The manual pages for the certutil and pp tools have been updated to document the new parameters that had been added in NSS 3.16.2.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2014-1568
CVE-2014-1574
CVE-2014-1575
CVE-2014-1576
CVE-2014-1577
CVE-2014-1578
CVE-2014-1581
CVE-2014-1583
CVE-2014-1585
CVE-2014-1586
SUSE-SU-2014:1510-1
Platform(s):SUSE Linux Enterprise Desktop 12
Product(s):mozilla-nss
MozillaFirefox
Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Packages match section
  • MozillaFirefox is earlier than 0:31.2.0esr-6.4
  • OR MozillaFirefox-branding-SLE is earlier than 0:31-4.1
  • OR MozillaFirefox-debuginfo is earlier than 0:31.2.0esr-6.4
  • OR MozillaFirefox-debugsource is earlier than 0:31.2.0esr-6.4
  • OR MozillaFirefox-translations is earlier than 0:31.2.0esr-6.4
  • OR libfreebl3 is earlier than 0:3.17.2-8.2
  • OR libfreebl3-debuginfo is earlier than 0:3.17.2-8.2
  • OR libsoftokn3 is earlier than 0:3.17.2-8.2
  • OR libsoftokn3-debuginfo is earlier than 0:3.17.2-8.2
  • OR mozilla-nss is earlier than 0:3.17.2-8.2
  • OR mozilla-nss-certs is earlier than 0:3.17.2-8.2
  • OR mozilla-nss-certs-debuginfo is earlier than 0:3.17.2-8.2
  • OR mozilla-nss-debuginfo is earlier than 0:3.17.2-8.2
  • OR mozilla-nss-debugsource is earlier than 0:3.17.2-8.2
  • OR mozilla-nss-tools is earlier than 0:3.17.2-8.2
  • OR mozilla-nss-tools-debuginfo is earlier than 0:3.17.2-8.2
    • BACK