Oval Definition:	oval:org.opensuse.security:def:63656
Revision Date: 2020-12-01 Version: 1 Title: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss (Important) Description: This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) Family: unix Class: patch Status: Reference(s): 1013708 1013712 1013893 1015171 1015173 1028975 1097410 1106873 1119069 1119105 1119832 1132091 1139083 1150137 1155199 1156309 1159819 1168669 1169746 1170908 1171928 1171978 1172906 1172935 1173022 1173197 1174497 1175044 1175085 1178671 985657 CVE-2016-3189 CVE-2016-9797 CVE-2016-9798 CVE-2016-9802 CVE-2016-9917 CVE-2016-9918 CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 CVE-2018-12405 CVE-2018-13441 CVE-2018-13457 CVE-2018-13458 CVE-2018-17466 CVE-2018-18245 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 CVE-2019-11023 CVE-2019-12900 CVE-2019-14866 CVE-2019-16168 CVE-2019-17006 CVE-2019-3698 CVE-2020-12321 CVE-2020-12399 CVE-2020-12402 CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 CVE-2020-9484 openSUSE-SU-2020:0500-1 openSUSE-SU-2020:0876-1 openSUSE-SU-2020:0903-1 openSUSE-SU-2020:1206-1 SUSE-SU-2018:4236-1 SUSE-SU-2019:1339-1 SUSE-SU-2019:1955-1 SUSE-SU-2019:2536-1 SUSE-SU-2019:3064-1 SUSE-SU-2020:1365-1 SUSE-SU-2020:3353-1 Platform(s): openSUSE Leap 15.1 openSUSE Leap 15.2 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS Product(s): Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information chromedriver-84.0.4147.125-lp152.2.12 is installed OR chromium-84.0.4147.125-lp152.2.12 is installed Definition Synopsis openSUSE Leap 15.2 is installed AND Package Information graphviz-2.40.1-lp152.7.2 is installed OR graphviz-addons-2.40.1-lp152.7.3 is installed OR graphviz-devel-2.40.1-lp152.7.2 is installed OR graphviz-doc-2.40.1-lp152.7.3 is installed OR graphviz-gd-2.40.1-lp152.7.3 is installed OR graphviz-gnome-2.40.1-lp152.7.3 is installed OR graphviz-guile-2.40.1-lp152.7.3 is installed OR graphviz-gvedit-2.40.1-lp152.7.3 is installed OR graphviz-java-2.40.1-lp152.7.3 is installed OR graphviz-lua-2.40.1-lp152.7.3 is installed OR graphviz-perl-2.40.1-lp152.7.3 is installed OR graphviz-php-2.40.1-lp152.7.3 is installed OR graphviz-plugins-core-2.40.1-lp152.7.2 is installed OR graphviz-python-2.40.1-lp152.7.3 is installed OR graphviz-ruby-2.40.1-lp152.7.3 is installed OR graphviz-smyrna-2.40.1-lp152.7.3 is installed OR graphviz-tcl-2.40.1-lp152.7.3 is installed OR libgraphviz6-2.40.1-lp152.7.2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information MozillaFirefox-60.4.0esr-109.55 is installed OR MozillaFirefox-translations-common-60.4.0esr-109.55 is installed OR libfreebl3-3.40.1-58.18 is installed OR libfreebl3-32bit-3.40.1-58.18 is installed OR libsoftokn3-3.40.1-58.18 is installed OR libsoftokn3-32bit-3.40.1-58.18 is installed OR mozilla-nspr-4.20-19.6 is installed OR mozilla-nspr-32bit-4.20-19.6 is installed OR mozilla-nss-3.40.1-58.18 is installed OR mozilla-nss-32bit-3.40.1-58.18 is installed OR mozilla-nss-certs-3.40.1-58.18 is installed OR mozilla-nss-certs-32bit-3.40.1-58.18 is installed OR mozilla-nss-sysinit-3.40.1-58.18 is installed OR mozilla-nss-sysinit-32bit-3.40.1-58.18 is installed OR mozilla-nss-tools-3.40.1-58.18 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-ESPOS is installed AND Package Information libfreebl3-3.53.1-58.48 is installed OR libfreebl3-32bit-3.53.1-58.48 is installed OR libfreebl3-hmac-3.53.1-58.48 is installed OR libfreebl3-hmac-32bit-3.53.1-58.48 is installed OR libsoftokn3-3.53.1-58.48 is installed OR libsoftokn3-32bit-3.53.1-58.48 is installed OR libsoftokn3-hmac-3.53.1-58.48 is installed OR libsoftokn3-hmac-32bit-3.53.1-58.48 is installed OR mozilla-nspr-4.25-19.15 is installed OR mozilla-nspr-32bit-4.25-19.15 is installed OR mozilla-nspr-devel-4.25-19.15 is installed OR mozilla-nss-3.53.1-58.48 is installed OR mozilla-nss-32bit-3.53.1-58.48 is installed OR mozilla-nss-certs-3.53.1-58.48 is installed OR mozilla-nss-certs-32bit-3.53.1-58.48 is installed OR mozilla-nss-devel-3.53.1-58.48 is installed OR mozilla-nss-sysinit-3.53.1-58.48 is installed OR mozilla-nss-sysinit-32bit-3.53.1-58.48 is installed OR mozilla-nss-tools-3.53.1-58.48 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-LTSS is installed AND Package Information kernel-firmware-20190618-5.14 is installed OR ucode-amd-20190618-5.14 is installed
BACK