openSUSE Security Update : seamonkey (openSUSE-SU-2013:0875-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

SeaMonkey was updated to the 2.17 release, fixing bugs and security
issues :

- update to SeaMonkey 2.17 (bnc#813026)

- requires NSPR 4.9.5 and NSS 3.14.3

- mozilla-webrtc-ppc.patch included upstream

- MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous
memory safety hazards

- MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds
write in Cairo library

- MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with
Mesa graphics driver on Linux

- MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW
protections allows cloning of protected nodes

- MFSA 2013-37/CVE-2013-0794 (bmo#626775) Bypass of
tab-modal dialog origin disclosure

- MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site
scripting (XSS) using timed history navigations

- MFSA 2013-39/CVE-2013-0792 (bmo#722831) Memory
corruption while rendering grayscale PNG images

- use GStreamer 1.0 starting with 12.3
(mozilla-gstreamer-1.patch)

- revert to use GStreamer 0.10 on 12.3 (bnc#814101)
(remove mozilla-gstreamer-1.patch)

See also :

http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html
https://bugzilla.novell.com/show_bug.cgi?id=813026
https://bugzilla.novell.com/show_bug.cgi?id=814101

Solution :

Update the affected seamonkey packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 74988 ()

Bugtraq ID:

CVE ID: CVE-2013-0788
CVE-2013-0789
CVE-2013-0792
CVE-2013-0793
CVE-2013-0794
CVE-2013-0795
CVE-2013-0796
CVE-2013-0800

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now