openSUSE Security Update : seamonkey (openSUSE-SU-2014:0629-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This is a SeaMonkey update to version 2.26 :

- MFSA 2014-34/CVE-2014-1518/CVE-2014-1519 Miscellaneous
memory safety hazards

- MFSA 2014-36/CVE-2014-1522 (bmo#995289) Web Audio memory
corruption issues

- MFSA 2014-37/CVE-2014-1523 (bmo#969226) Out of bounds
read while decoding JPG images

- MFSA 2014-38/CVE-2014-1524 (bmo#989183) Buffer overflow
when using non-XBL object as XBL

- MFSA 2014-39/CVE-2014-1525 (bmo#989210) Use-after-free
in the Text Track Manager for HTML video

- MFSA 2014-41/CVE-2014-1528 (bmo#963962) Out-of-bounds
write in Cairo

- MFSA 2014-42/CVE-2014-1529 (bmo#987003) Privilege
escalation through Web Notification API

- MFSA 2014-43/CVE-2014-1530 (bmo#895557) Cross-site
scripting (XSS) using history navigations

- MFSA 2014-44/CVE-2014-1531 (bmo#987140) Use-after-free
in imgLoader while resizing images

- MFSA 2014-45/CVE-2014-1492 (bmo#903885) Incorrect IDNA
domain name matching for wildcard certificates (fixed by
NSS 3.16)

- MFSA 2014-46/CVE-2014-1532 (bmo#966006) Use-after-free
in nsHostResolver

- MFSA 2014-47/CVE-2014-1526 (bmo#988106) Debugger can
bypass XrayWrappers with JavaScript

- rebased patches

- added aarch64 porting patches

- mozilla-aarch64-bmo-810631.patch

- mozilla-aarch64-bmo-962488.patch

- mozilla-aarch64-bmo-963023.patch

- mozilla-aarch64-bmo-963024.patch

- mozilla-aarch64-bmo-963027.patch

- requires NSPR 4.10.3 and NSS 3.16

- added mozilla-icu-strncat.patch to fix post build checks

See also :

Solution :

Update the affected seamonkey packages.

Risk factor :

Critical / CVSS Base Score : 10.0

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now