|
|
Subscribe / Log in / New account

Mageia alert MGASA-2017-0059 (iceape)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2017-0059: Updated iceape packages fix security vulnerability 


Date:
    	      Mon, 20 Feb 2017 14:25:26 +0100


Message-ID:
    	      <20170220132526.336899F7CF@duvel.mageia.org>


MGASA-2017-0059 - Updated iceape packages fix security vulnerability

Publication date: 20 Feb 2017
URL: http://advisories.mageia.org/MGASA-2017-0059.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2016-2827,
     CVE-2016-5257,
     CVE-2016-5270,
     CVE-2016-5271,
     CVE-2016-5272,
     CVE-2016-5274,
     CVE-2016-5276,
     CVE-2016-5277,
     CVE-2016-5278,
     CVE-2016-5280,
     CVE-2016-5281,
     CVE-2016-5284

Description:
Updated Iceape packages derived from Seamonkey include security fixes from
Mozilla Firefox:

Heap-based buffer overflow in the
nsCaseTransformTextRunFactory::TransformString function in Seamonkey
before 2.46 allows remote attackers to cause a denial of service (boolean
out-of-bounds write) or possibly have unspecified other impact via Unicode
characters that are mishandled during text conversion. (CVE-2016-5270)

The PropertyProvider::GetSpacingInternal function in Seamonkey before 2.46
allows remote attackers to cause a denial of service (out-of-bounds read
and application crash) via text runs in conjunction with a
"display: contents" Cascading Style Sheets (CSS) property. (CVE-2016-5271)

The nsImageGeometryMixin class in Seamonkey before 2.46 does not properly
perform a cast of an unspecified variable during handling of INPUT
elements, which allows remote attackers to execute arbitrary code via a
crafted web site. (CVE-2016-5272)

Use-after-free vulnerability in the
mozilla::a11y::DocAccessible::ProcessInvalidationList function in
Seamonkey before 2.46 allows remote attackers to execute arbitrary code
or cause a denial of service (heap memory corruption) via an aria-owns
attribute. (CVE-2016-5276)

Use-after-free vulnerability in the nsFrameManager::CaptureFrameState
function in Seamonkey before 2.46 allows remote attackers to execute
arbitrary code by leveraging improper interaction between restyling and
the Web Animations model implementation. (CVE-2016-5274)

Use-after-free vulnerability in the nsRefreshDriver::Tick function in
Seamonkey before 2.46 allows remote attackers to execute arbitrary code or
cause a denial of service (heap memory corruption) by leveraging improper
interaction between timeline destruction and the Web Animations model
implementation. (CVE-2016-5277)

Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in
Seamonkey before 2.46 allows remote attackers to execute arbitrary code
via a crafted image data that is mishandled during the encoding of an
image frame to an image. (CVE-2016-5278)

Use-after-free vulnerability in the
mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in
Seamonkey before 2.46 allows remote attackers to execute arbitrary code
via bidirectional text. (CVE-2016-5280)

Use-after-free vulnerability in the DOMSVGLength class in Seamonkey before
2.46 allows remote attackers to execute arbitrary code by leveraging
improper interaction between JavaScript code and an SVG document.
(CVE-2016-5281)

Seamonkey before 2.46 relies on unintended expiration dates for Preloaded
Public Key Pinning, which allows man-in-the-middle attackers to spoof
add-on updates by leveraging possession of an X.509 server certificate for
addons.mozilla.org signed by an arbitrary built-in Certification
Authority. (CVE-2016-5284)

Multiple unspecified vulnerabilities in the browser engine in Seamonkey
before 2.46 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code via
unknown vectors. (CVE-2016-5257)

References:
- https://bugs.mageia.org/show_bug.cgi?id=20025
- https://www.mozilla.org/en-US/security/advisories/mfsa201...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2827
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5270
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5271
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5272
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5274
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5276
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5277
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5278
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5280
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5281
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5284

SRPMS:
- 5/core/iceape-2.46-1.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds