| |||||||||||||||||||
Mageia alert MGASA-2013-0008 (iceape)
MGASA-2013-0008 Date: January 14th, 2013 Affected releases: 2 Description: Updated iceape packages fix security issues: Nemory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. (CVE-2013-0769, MFSA 2013-01) Nemory safety problems and crashes that affect Firefox ESR 17 and Firefox 17. (CVE-2013-0749, MFSA 2013-01) Nmemory safety problems and crashes that affect Firefox 17. (CVE-2013-0770, MFSA 2013-01) Global-buffer-overflow in CharDistributionAnalysis::HandleOneChar. (CVE-2013-0760, MFSA 2013-02) Heap-use-after-free in imgRequest::OnStopFrame. (CVE-2013-0762, MFSA 2013-02) Heap-use-after-free in ~nsHTMLEditRules. (CVE-2013-0766, MFSA 2013-02) Out of bounds read in nsSVGPathElement::GetPathLengthScale. (CVE-2013-0767, MFSA 2013-02) Heap-use-after-free in mozilla::TrackUnionStream::EndTrack. (CVE-2013-0761, MFSA 2013-02) Heap-use-after-free in Mesa, triggerable by resizing a WebGL canvas. (CVE-2013-0763, MFSA 2013-02) Heap-buffer-overflow in gfxTextRun::ShrinkToLigatureBoundaries. (CVE-2013-0771, MFSA 2013-02) Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2012-5829) Stack buffer overflow with canvas. (CVE-2013-0768, MFSA 2013-03) URL spoofing with credentials info of URL & 204. (CVE-2013-0759, MFSA 2013-04) Heap-use-after-free in TableBackgroundPainter::TableBackgroundData::Destroy. (CVE-2013-0744, MFSA 2013-05) Touch events are shared across iframes (CVE-2013-0751, MFSA 2013-06) Crash [@ nsSOCKSSocketInfo::ConnectToProxy(PRFileDesc*) ] clicking "Download the rest of the message" (CVE-2013-0764, MFSA 2013-07) The AutoWrapperChanger class fails to keep some javascript objects alive during garbage collection. This can lead to an exploitable crash allowing for arbitrary code execution. (CVE-2013-0745, MFSA 2013-08) In com cases, jsval-returning quickstubs fail to wrap their return values, causing a compartment mismatch. This mismatch can cause garbage collection to occur incorrectly and lead to a potentially exploitable crash. (CVE-2013-0746, MFSA 2013-09) Events in the plugin handler can be manipulated by web content to bypass same-origin policy (SOP) restrictions. This can allow for clickjacking on malicious web pages. (CVE-2013-0747, MFSA 2013-10) Using the toString function of XBL objects can lead to inappropriate information leakage by revealing the address space layout instead of just the ID of the object. This layout information could potentially be used to bypass ASLR and other security protections. (CVE-2013-0748, MFSA 2013-11) An integer overflow is possible when calculating the length for a Javascript string concatenation, which is then used for memory allocation. This results in a buffer overflow, leading to a potentially exploitable memory corruption. (CVE-2013-0750, MFSA 2013-12) When using an XBL file containing multiple XML bindings with SVG content, a memory corruption can occur. In concern with remote XUL, this can lead to an exploitable crash. (CVE-2013-0752, MFSA 2013-13) It is possible to change the prototype of an object and bypass Chrome Object Wrappers (COW) to gain access to chrome privileged functions. This could allow for arbitrary code execution. (CVE-2013-0757, MFSA 2013-14) It is possible to open a chrome privileged web page through plugin objects through interaction with SVG elements. This could allow for arbitrary code execution. (CVE-2013-0758, MFSA 2013-15) By the exposing of serializeToStream to web content, a use-after-free may occur in XMLSerializer. This can lead to arbitrary code execution when exploited. (CVE-2013-0753, MFSA 2013-16) A use-after-free was reported within the ListenerManager when garbage collection is forced after data in listener objects have been allocated in some circumstances. This can lead to arbitrary code execution. (CVE-2013-0754, MFSA 2013-17) Using the domDoc pointer within Vibrate library, memory may be used after being freed. This can lead to arbitrary code execution when exploited. (CVE-2013-0755, MFSA 2013-18) A garbage collection flaw in Javascript Proxy objects can lead to a use-after-free leading to arbitrary code execution. (CVE-2013-0756, MFSA 2013-19) TURKTRUST, a certificate authority in Mozilla\u2019s root program, has mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates. (CVE-2013-0743, MFSA 2013-20) This update also fixes HTML5 opus audio playback. Updated Packages: iceape-2.15-1.mga2 lib(64)opus0-1.0.2-1.mga2 lib(64)opus-devel-1.0.2-1.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0743 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0749 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0751 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0755 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0756 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771 http://www.mozilla.org/security/announce/2013/mfsa2013-01... http://www.mozilla.org/security/announce/2013/mfsa2013-02... http://www.mozilla.org/security/announce/2013/mfsa2013-03... http://www.mozilla.org/security/announce/2013/mfsa2013-04... http://www.mozilla.org/security/announce/2013/mfsa2013-05... http://www.mozilla.org/security/announce/2013/mfsa2013-06... http://www.mozilla.org/security/announce/2013/mfsa2013-07... http://www.mozilla.org/security/announce/2013/mfsa2013-08... http://www.mozilla.org/security/announce/2013/mfsa2013-09... http://www.mozilla.org/security/announce/2013/mfsa2013-10... http://www.mozilla.org/security/announce/2013/mfsa2013-11... http://www.mozilla.org/security/announce/2013/mfsa2013-12... http://www.mozilla.org/security/announce/2013/mfsa2013-13... http://www.mozilla.org/security/announce/2013/mfsa2013-14... http://www.mozilla.org/security/announce/2013/mfsa2013-15... http://www.mozilla.org/security/announce/2013/mfsa2013-16... http://www.mozilla.org/security/announce/2013/mfsa2013-17... http://www.mozilla.org/security/announce/2013/mfsa2013-18... http://www.mozilla.org/security/announce/2013/mfsa2013-19... http://www.mozilla.org/security/announce/2013/mfsa2013-20... https://bugs.mageia.org/show_bug.cgi?id=8673 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-... (Log in to post comments)
|
|||||||||||||||||||