SUSE SLED12 / SLES12 Security Update : MozillaFirefox / mozilla-nss (SUSE-SU-2014:1510-1)
High Nessus Plugin ID 83849
SynopsisThe remote SUSE host is missing one or more security updates.
Description- update to Firefox 31.2.0 ESR (bnc#900941)
- MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 (bmo#1001994, bmo#1011354, bmo#1018916, bmo#1020034, bmo#1023035, bmo#1032208, bmo#1033020, bmo#1034230, bmo#1061214, bmo#1061600, bmo#1064346, bmo#1072044, bmo#1072174) Miscellaneous memory safety hazards (rv:33.0/rv:31.2)
- MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation
- MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms
- MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video
- MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality
- MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe
- MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API
- SSLv3 is disabled by default. See README.POODLE for more detailed information.
- disable call home features
- update to 3.17.2 (bnc#900941) Bugfix release
- bmo#1049435 - Importing an RSA private key fails if p < q
- bmo#1057161 - NSS hangs with 100% CPU on invalid EC key
- bmo#1078669 - certutil crashes when using the
- changes from earlier version of the 3.17 branch: update to 3.17.1 (bnc#897890)
- MFSA 2014-73/CVE-2014-1568 (bmo#1064636, bmo#1069405) RSA Signature Forgery in NSS
- Change library's signature algorithm default to SHA256
- Add support for draft-ietf-tls-downgrade-scsv
- Add clang-cl support to the NSS build system
- Implement TLS 1.3 :
- Part 1. Negotiate TLS 1.3
- Part 2. Remove deprecated cipher suites andcompression.
- Add support for little-endian powerpc64 update to 3.17
- required for Firefox 33 New functionality :
- When using ECDHE, the TLS server code may be configured to generate a fresh ephemeral ECDH key for each handshake, by setting the SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means the server's ephemeral ECDH key is reused for multiple handshakes. This option does not affect the TLS client code, which always generates a fresh ephemeral ECDH key for each handshake. New Macros
- SSL_REUSE_SERVER_ECDHE_KEY Notable Changes :
- The manual pages for the certutil and pp tools have been updated to document the new parameters that had been added in NSS 3.16.2.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionTo install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Software Development Kit 12 :
zypper in -t patch SUSE-SLE-SDK-12-2014-81
SUSE Linux Enterprise Server 12 :
zypper in -t patch SUSE-SLE-SERVER-12-2014-81
SUSE Linux Enterprise Desktop 12 :
zypper in -t patch SUSE-SLE-DESKTOP-12-2014-81
To bring your system up-to-date, use 'zypper patch'.