openSUSE Security Update : SeaMonkey (openSUSE-2016-129) (SLOTH)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for SeaMonkey fixes the following issues :

- update to SeaMonkey 2.40 (bnc#959277)

- requires NSS 3.20.2 to fix MFSA 2015-150/CVE-2015-7575
(bmo#1158489) MD5 signatures accepted within TLS 1.2
ServerKeyExchange in server signature

- MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous
memory safety hazards

- MFSA 2015-135/CVE-2015-7204 (bmo#1216130) Crash with
JavaScript variable assignment with unboxed objects

- MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin
policy violation using perfomance.getEntries and history
navigation

- MFSA 2015-137/CVE-2015-7208 (bmo#1191423) Firefox allows
for control characters to be set in cookies

- MFSA 2015-138/CVE-2015-7210 (bmo#1218326) Use-after-free
in WebRTC when datachannel is used after being destroyed

- MFSA 2015-139/CVE-2015-7212 (bmo#1222809) Integer
overflow allocating extremely large textures

- MFSA 2015-140/CVE-2015-7215 (bmo#1160890) Cross-origin
information leak through web workers error events

- MFSA 2015-141/CVE-2015-7211 (bmo#1221444) Hash in data
URI is incorrectly parsed

- MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818,
bmo#1194820) DOS due to malformed frames in HTTP/2

- MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059,
bmo#1203078) Linux file chooser crashes on malformed
images due to flaws in Jasper library

- MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221
(bmo#1201183, bmo#1178033, bmo#1199400)

See also :

https://bugzilla.mozilla.org/show_bug.cgi?id=1158489
https://bugzilla.mozilla.org/show_bug.cgi?id=1160890
https://bugzilla.mozilla.org/show_bug.cgi?id=1178033
https://bugzilla.mozilla.org/show_bug.cgi?id=1185256
https://bugzilla.mozilla.org/show_bug.cgi?id=1191423
https://bugzilla.mozilla.org/show_bug.cgi?id=1194818
https://bugzilla.mozilla.org/show_bug.cgi?id=1194820
https://bugzilla.mozilla.org/show_bug.cgi?id=1197059
https://bugzilla.mozilla.org/show_bug.cgi?id=1199400
https://bugzilla.mozilla.org/show_bug.cgi?id=1201183
https://bugzilla.mozilla.org/show_bug.cgi?id=1203078
https://bugzilla.mozilla.org/show_bug.cgi?id=1206211
https://bugzilla.mozilla.org/show_bug.cgi?id=1216130
https://bugzilla.mozilla.org/show_bug.cgi?id=1216748
https://bugzilla.mozilla.org/show_bug.cgi?id=1218326
https://bugzilla.mozilla.org/show_bug.cgi?id=1220493
https://bugzilla.mozilla.org/show_bug.cgi?id=1221444
https://bugzilla.mozilla.org/show_bug.cgi?id=1222809
https://bugzilla.mozilla.org/show_bug.cgi?id=1226423
https://bugzilla.mozilla.org/show_bug.cgi?id=1228950
https://bugzilla.opensuse.org/show_bug.cgi?id=959277

Solution :

Update the affected SeaMonkey packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)