OVAL Reference oval:org.opensuse.security:def:2757

Oval Definition:

oval:org.opensuse.security:def:2757

Revision Date:	2020-12-02	Version:	1
Title:	Security update for MozillaFirefox (Important)
Description:	This update for MozillaFirefox to version ESR 60.6.1 fixes the following issues: Security issuess addressed: - update to Firefox ESR 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to Firefox ESR 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to Firefox ESR 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. Other issue addressed: - Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987). Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/
Family:	unix	Class:	patch
Status:		Reference(s):	1051510 1071995 1088047 1094555 1098633 1100687 1103678 1106383 1106751 1109137 1114209 1114279 1114832 1118897 1118898 1118899 1119532 1120423 1121397 1121624 1121967 1123013 1124167 1124211 1125330 1127155 1127987 1128376 1128432 1128746 1128902 1128910 1129346 1129821 1130262 1130847 1131645 1132154 1132390 1133291 1133401 1133738 1134068 1134303 1134395 1135170 1135296 1135556 1135642 1135715 1136157 1136598 1136922 1136935 1137001 1137103 1137194 1137429 1137625 1137728 1137884 1137995 1137996 1137998 1137999 1138000 1138002 1138003 1138005 1138006 1138007 1138008 1138009 1138010 1138011 1138012 1138013 1138014 1138015 1138016 1138017 1138018 1138019 1138291 1138293 1138374 1138375 1138589 1138719 1139083 1139771 1139782 1139865 1140133 1140328 1140405 1140424 1140428 1140575 1140577 1140637 1140658 1140715 1140719 1140726 1140727 1140728 1140814 1154370 1159856 1159858 1159860 1159922 1159923 1159924 1159927 1160250 1160251 1160968 CVE-2018-13785 CVE-2018-16871 CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 CVE-2019-11599 CVE-2019-12380 CVE-2019-12450 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 CVE-2019-12900 CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 CVE-2019-15695 CVE-2019-17626 CVE-2019-5436 CVE-2019-5736 CVE-2019-5785 CVE-2019-6237 CVE-2019-6486 CVE-2019-7317 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 CVE-2019-9636 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 CVE-2019-9948 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2655 SUSE-SU-2019:0871-1 SUSE-SU-2019:0972-1 SUSE-SU-2019:1234-2 SUSE-SU-2019:1357-2 SUSE-SU-2019:1398-2 SUSE-SU-2019:1594-1 SUSE-SU-2019:1829-1 SUSE-SU-2019:1846-1 SUSE-SU-2020:0101-1 SUSE-SU-2020:0112-1 SUSE-SU-2020:0213-1 SUSE-SU-2020:0255-1
Platform(s):	SUSE Linux Enterprise Build System Kit 12 SP1 SUSE Linux Enterprise Build System Kit 12 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise High Availability 12 SP2 SUSE Linux Enterprise High Availability 12 SP3 SUSE Linux Enterprise High Availability 12 SP4 SUSE Linux Enterprise Module for additional PackageHub packages 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for High Performance Computing 12 SUSE Linux Enterprise Module for High Performance Computing 15 SUSE Linux Enterprise Module for High Performance Computing 15 SP1 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Legacy Software 15 SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Python2 packages 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server for VMWare 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP3 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1	Product(s):
Definition Synopsis
SUSE Linux Enterprise Build System Kit 12 SP1 is installed AND Package Information firebird-2.5.2.26539-15.1 is installed OR libfbclient2-2.5.2.26539-15.1 is installed OR libfbclient2-devel-2.5.2.26539-15.1 is installed
Definition Synopsis
SUSE Linux Enterprise Build System Kit 12 SP2 is installed AND Package Information ghostscript-mini-9.15-17.1 is installed OR ghostscript-mini-devel-9.15-17.1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND cifs-utils-6.4-3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information avahi-0.6.31-20 is installed OR avahi-lang-0.6.31-20 is installed OR libavahi-client3-0.6.31-20 is installed OR libavahi-client3-32bit-0.6.31-20 is installed OR libavahi-common3-0.6.31-20 is installed OR libavahi-common3-32bit-0.6.31-20 is installed OR libavahi-core7-0.6.31-20 is installed OR libdns_sd-0.6.31-20 is installed OR libdns_sd-32bit-0.6.31-20 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND postgresql94-9.4.13-21.5 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND binutils-2.26.1-9.12 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND python-libxml2-2.9.4-46.15 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP2 is installed AND lighttpd-1.4.35-1 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP3 is installed AND fence-agents-4.0.25+git.1485179354.eb43835-2 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP4 is installed AND Package Information cluster-md-kmp-default-4.12.14-94.41 is installed OR dlm-kmp-default-4.12.14-94.41 is installed OR gfs2-kmp-default-4.12.14-94.41 is installed OR ocfs2-kmp-default-4.12.14-94.41 is installed
Definition Synopsis
SUSE Linux Enterprise Module for additional PackageHub packages 15 is installed AND Package Information nmap-7.70-3.5 is installed OR nping-7.70-3.5 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information MozillaFirefox-60.6.1-3.29 is installed OR MozillaFirefox-devel-60.6.1-3.29 is installed OR MozillaFirefox-translations-common-60.6.1-3.29 is installed OR MozillaFirefox-translations-other-60.6.1-3.29 is installed
Definition Synopsis
SUSE Linux Enterprise Module for High Performance Computing 12 is installed AND Package Information libslurm29-16.05.8.1-5 is installed OR perl-slurm-16.05.8.1-5 is installed OR slurm-16.05.8.1-5 is installed OR slurm-auth-none-16.05.8.1-5 is installed OR slurm-devel-16.05.8.1-5 is installed OR slurm-doc-16.05.8.1-5 is installed OR slurm-lua-16.05.8.1-5 is installed OR slurm-munge-16.05.8.1-5 is installed OR slurm-pam_slurm-16.05.8.1-5 is installed OR slurm-plugins-16.05.8.1-5 is installed OR slurm-sched-wiki-16.05.8.1-5 is installed OR slurm-slurmdbd-16.05.8.1-5 is installed
Definition Synopsis
SUSE Linux Enterprise Module for High Performance Computing 15 is installed AND Package Information libmunge2-0.5.13-4.3 is installed OR munge-0.5.13-4.3 is installed OR munge-devel-0.5.13-4.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for High Performance Computing 15 SP1 is installed AND Package Information libslurm32-17.11.13-6.23 is installed OR slurm-17.11.13-6.23 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 12 is installed AND Package Information java-1_6_0-ibm-1.6.0_sr16.1-5 is installed OR java-1_6_0-ibm-fonts-1.6.0_sr16.1-5 is installed OR java-1_6_0-ibm-jdbc-1.6.0_sr16.1-5 is installed OR java-1_6_0-ibm-plugin-1.6.0_sr16.1-5 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 15 is installed AND Package Information java-1_8_0-openjdk-1.8.0.171-3.3 is installed OR java-1_8_0-openjdk-demo-1.8.0.171-3.3 is installed OR java-1_8_0-openjdk-devel-1.8.0.171-3.3 is installed OR java-1_8_0-openjdk-headless-1.8.0.171-3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed AND Package Information java-1_8_0-openjdk-1.8.0.222-3.24 is installed OR java-1_8_0-openjdk-demo-1.8.0.222-3.24 is installed OR java-1_8_0-openjdk-devel-1.8.0.222-3.24 is installed OR java-1_8_0-openjdk-headless-1.8.0.222-3.24 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-default-4.12.14-25.3 is installed OR kernel-default-livepatch-4.12.14-25.3 is installed OR kernel-livepatch-4_12_14-25_3-default-1-1.3 is installed OR kernel-livepatch-SLE15_Update_1-1-1.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-livepatch-4_12_14-195-default-3-7 is installed OR kernel-livepatch-SLE15-SP1_Update_0-3-7 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed AND Package Information python-2.7.14-7.11 is installed OR python-demo-2.7.14-7.11 is installed OR python-doc-2.7.14-7.11 is installed OR python-doc-pdf-2.7.14-7.11 is installed OR python-idle-2.7.14-7.11 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND Package Information containerd-1.2.5-5.13 is installed OR containerd-ctr-1.2.5-5.13 is installed OR containerd-test-1.2.5-5.13 is installed OR docker-18.09.6_ce-6.17 is installed OR docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18 is installed OR docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-6.18 is installed OR docker-test-18.09.6_ce-6.17 is installed OR docker-zsh-completion-18.09.6_ce-6.17 is installed OR go-1.12-3.10 is installed OR go-doc-1.12-3.10 is installed OR go-race-1.12-3.10 is installed OR go1.11-1.11.9-1.12 is installed OR go1.11-doc-1.11.9-1.12 is installed OR go1.11-race-1.11.9-1.12 is installed OR go1.12-1.12.4-1.9 is installed OR go1.12-doc-1.12.4-1.9 is installed OR go1.12-race-1.12.4-1.9 is installed OR golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed AND Package Information MozillaThunderbird-68.8.0-3.80 is installed OR MozillaThunderbird-translations-common-68.8.0-3.80 is installed OR MozillaThunderbird-translations-other-68.8.0-3.80 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Public Cloud 12 is installed AND python-pycrypto-2.6.1-1 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Public Cloud 15 is installed AND Package Information kernel-azure-4.12.14-5.8 is installed OR kernel-azure-base-4.12.14-5.8 is installed OR kernel-azure-devel-4.12.14-5.8 is installed OR kernel-devel-azure-4.12.14-5.8 is installed OR kernel-source-azure-4.12.14-5.8 is installed OR kernel-syms-azure-4.12.14-5.8 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Python2 packages 15 SP1 is installed AND Package Information python-requests-2.20.1-6.3 is installed OR python2-requests-2.20.1-6.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information openslp-2.0.0-6.3 is installed OR openslp-server-2.0.0-6.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 is installed AND apache-commons-httpclient-3.1-4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information ecryptfs-utils-103-5 is installed OR ecryptfs-utils-32bit-103-5 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND perl-Tk-804.031-3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information aaa_base-13.2+git20140911.61c1681-36 is installed OR aaa_base-extras-13.2+git20140911.61c1681-36 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 is installed AND Package Information libpcscspy0-1.8.10-3 is installed OR pcsc-lite-devel-1.8.10-3 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 SP2 is installed AND libgpgme-devel-1.5.1-1.12 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 is installed AND enigmail-2.0.7-3.7 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information MozillaThunderbird-60.7.2-3.43 is installed OR MozillaThunderbird-translations-common-60.7.2-3.43 is installed OR MozillaThunderbird-translations-other-60.7.2-3.43 is installed

BACK