openSUSE Security Update : seamonkey (openSUSE-2016-126) (SLOTH)
Critical Nessus Plugin ID 88547
SynopsisThe remote openSUSE host is missing a security update.
DescriptionSeaMonkey was updated to 2.40 (boo#959277) to fix security issues and bugs.
The following vulnerabilities were fixed :
- CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature
- CVE-2015-7201/CVE-2015-7202: Miscellaneous memory safety hazards
- CVE-2015-7207: Same-origin policy violation using perfomance.getEntries and history navigation
- CVE-2015-7208: Firefox allows for control characters to be set in cookies
- CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after being destroyed
- CVE-2015-7212: Integer overflow allocating extremely large textures
- CVE-2015-7215: Cross-origin information leak through web workers error events
- CVE-2015-7211: Hash in data URI is incorrectly parsed
- CVE-2015-7218/CVE-2015-7219: DOS due to malformed frames in HTTP/2
- CVE-2015-7216/CVE-2015-7217: Linux file chooser crashes on malformed images due to flaws in Jasper library
- CVE-2015-7203/CVE-2015-7220/CVE-2015-7221: Buffer overflows found through code inspection
- CVE-2015-7205: Underflow through code inspection
- CVE-2015-7213: Integer overflow in MP4 playback in 64-bit versions
- CVE-2015-7222: Integer underflow and buffer overflow processing MP4 metadata in libstagefright
- CVE-2015-7223: Privilege escalation vulnerabilities in WebExtension APIs
- CVE-2015-7214: Cross-site reading attack through data and view-source URIs
SolutionUpdate the affected seamonkey packages.