Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.4.2016.0909.1
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2016:0909-1)
Resumen:The remote host is missing an update for the 'MozillaFirefox, mozilla-nspr, mozilla-nss' package(s) announced via the SUSE-SU-2016:0909-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'MozillaFirefox, mozilla-nspr, mozilla-nss' package(s) announced via the SUSE-SU-2016:0909-1 advisory.

Vulnerability Insight:
This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues:
Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing following security issues:
* MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety
hazards (rv:45.0 / rv:38.7)
* MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential
privilege escalation through CSP reports
* MFSA 2016-20/CVE-2016-1957 Memory leak in libstagefright when deleting
an array during MP4 processing
* MFSA 2016-21/CVE-2016-1958 Displayed page address can be overridden
* MFSA 2016-23/CVE-2016-1960 Use-after-free in HTML5 string parser
* MFSA 2016-24/CVE-2016-1961 Use-after-free in SetBody
* MFSA 2016-25/CVE-2016-1962 Use-after-free when using multiple WebRTC
data channels
* MFSA 2016-27/CVE-2016-1964 Use-after-free during XML transformations
* MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation
and Location protocol property
* MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin
* MFSA 2016-34/CVE-2016-1974 Out-of-bounds read in HTML parser following a
failed allocation
* MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS
* MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the
Graphite 2 library Mozilla NSPR was updated to version 4.12 (bsc#969894), fixing following bugs:
* added a PR_GetEnvSecure function, which attempts to detect if the
program is being executed with elevated privileges, and returns NULL if
detected. It is recommended to use this function in general purpose
library code.
* fixed a memory allocation bug related to the PR_*printf functions
* exported API PR_DuplicateEnvironment, which had already been added in
NSPR 4.10.9
* added support for FreeBSD aarch64
* several minor correctness and compatibility fixes Mozilla NSS was updated to fix security issues (bsc#969894):
* MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections
in low memory
* MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS
* MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER
encoded keys in NSS

Affected Software/OS:
'MozillaFirefox, mozilla-nspr, mozilla-nss' package(s) on SUSE Linux Enterprise Debuginfo 11-SP2, SUSE Linux Enterprise Server 11-SP2.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-1950
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
BugTraq ID: 84223
http://www.securityfocus.com/bid/84223
Debian Security Information: DSA-3510 (Google Search)
http://www.debian.org/security/2016/dsa-3510
Debian Security Information: DSA-3520 (Google Search)
http://www.debian.org/security/2016/dsa-3520
Debian Security Information: DSA-3688 (Google Search)
http://www.debian.org/security/2016/dsa-3688
https://security.gentoo.org/glsa/201605-06
RedHat Security Advisories: RHSA-2016:0495
http://rhn.redhat.com/errata/RHSA-2016-0495.html
http://www.securitytracker.com/id/1035215
SuSE Security Announcement: SUSE-SU-2016:0727 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
SuSE Security Announcement: SUSE-SU-2016:0777 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
SuSE Security Announcement: SUSE-SU-2016:0820 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
SuSE Security Announcement: SUSE-SU-2016:0909 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
SuSE Security Announcement: openSUSE-SU-2016:0731 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
SuSE Security Announcement: openSUSE-SU-2016:0733 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
SuSE Security Announcement: openSUSE-SU-2016:1557 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html
http://www.ubuntu.com/usn/USN-2917-1
http://www.ubuntu.com/usn/USN-2917-2
http://www.ubuntu.com/usn/USN-2917-3
http://www.ubuntu.com/usn/USN-2924-1
http://www.ubuntu.com/usn/USN-2934-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-1952
SuSE Security Announcement: openSUSE-SU-2016:0876 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html
SuSE Security Announcement: openSUSE-SU-2016:0894 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html
SuSE Security Announcement: openSUSE-SU-2016:1767 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html
SuSE Security Announcement: openSUSE-SU-2016:1769 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html
SuSE Security Announcement: openSUSE-SU-2016:1778 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-1953
Common Vulnerability Exposure (CVE) ID: CVE-2016-1954
Common Vulnerability Exposure (CVE) ID: CVE-2016-1957
Common Vulnerability Exposure (CVE) ID: CVE-2016-1958
Common Vulnerability Exposure (CVE) ID: CVE-2016-1960
https://www.exploit-db.com/exploits/42484/
https://www.exploit-db.com/exploits/44294/
http://zerodayinitiative.com/advisories/ZDI-16-198/
Common Vulnerability Exposure (CVE) ID: CVE-2016-1961
http://zerodayinitiative.com/advisories/ZDI-16-199/
Common Vulnerability Exposure (CVE) ID: CVE-2016-1962
Common Vulnerability Exposure (CVE) ID: CVE-2016-1964
Common Vulnerability Exposure (CVE) ID: CVE-2016-1965
Common Vulnerability Exposure (CVE) ID: CVE-2016-1966
Common Vulnerability Exposure (CVE) ID: CVE-2016-1974
Common Vulnerability Exposure (CVE) ID: CVE-2016-1977
BugTraq ID: 84222
http://www.securityfocus.com/bid/84222
Debian Security Information: DSA-3515 (Google Search)
http://www.debian.org/security/2016/dsa-3515
https://security.gentoo.org/glsa/201701-63
http://www.ubuntu.com/usn/USN-2927-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-1978
BugTraq ID: 84275
http://www.securityfocus.com/bid/84275
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes
RedHat Security Advisories: RHSA-2016:0591
http://rhn.redhat.com/errata/RHSA-2016-0591.html
RedHat Security Advisories: RHSA-2016:0684
http://rhn.redhat.com/errata/RHSA-2016-0684.html
RedHat Security Advisories: RHSA-2016:0685
http://rhn.redhat.com/errata/RHSA-2016-0685.html
http://www.securitytracker.com/id/1035258
http://www.ubuntu.com/usn/USN-2973-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-1979
BugTraq ID: 84221
http://www.securityfocus.com/bid/84221
Debian Security Information: DSA-3576 (Google Search)
http://www.debian.org/security/2016/dsa-3576
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes
Common Vulnerability Exposure (CVE) ID: CVE-2016-2790
Common Vulnerability Exposure (CVE) ID: CVE-2016-2791
Common Vulnerability Exposure (CVE) ID: CVE-2016-2792
Common Vulnerability Exposure (CVE) ID: CVE-2016-2793
Common Vulnerability Exposure (CVE) ID: CVE-2016-2794
Common Vulnerability Exposure (CVE) ID: CVE-2016-2795
Common Vulnerability Exposure (CVE) ID: CVE-2016-2796
Common Vulnerability Exposure (CVE) ID: CVE-2016-2797
Common Vulnerability Exposure (CVE) ID: CVE-2016-2798
Common Vulnerability Exposure (CVE) ID: CVE-2016-2799
Common Vulnerability Exposure (CVE) ID: CVE-2016-2800
Common Vulnerability Exposure (CVE) ID: CVE-2016-2801
Common Vulnerability Exposure (CVE) ID: CVE-2016-2802
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.