Univention Bugzilla – Full Text Bug Listing |
Summary: | Iceweasel: Security issues from 31.8 (4.0) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Felix Botner <botner> |
Status: | CLOSED FIXED | QA Contact: | Janek Walkenhorst <walkenhorst> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann |
Version: | UCS 4.0 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 4.0-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | |||
Bug Depends on: | 38523 | ||
Bug Blocks: | 39388 |
Description
Arvid Requate
2015-05-13 20:51:52 CEST
Fixed version available upstream: Debian Package 31.7.0esr-1~deb7u1 Additional fixes in 31.8.0esr-1~deb7u1: * NSS incorrectly permits skipping of ServerKeyExchange (CVE-2015-2721) * NSS accepts export-length DHE keys with regular DHE cipher suites (CVE-2015-4000) * Privilege escalation in PDF.js (CVE-2015-2743) * CairoTextureClientD3D9::BorrowDrawTarget using uninitialized memory (CVE-2015-2734) * Memory safety bug due to bad test in nsZipArchive.cpp (CVE-2015-2735) * nsZipArchive::BuildFileList has memory-safety bug (CVE-2015-2736) * rx::d3d11::SetBufferData using uninitialized memory (CVE-2015-2737) * YCbCrImageDataDeserializer::ToDataSourceSurface using uninitialized memory (CVE-2015-2738) * Memory safety problem in ArrayBufferBuilder::append (CVE-2015-2739) * Overflow in nsXMLHttpRequest::AppendToResponseText causes memory-safety bug (CVE-2015-2740) * Use After Free in CanonicalizeXPCOMParticipant (CVE-2015-2722) * Use After Free in CanonicalizeXPCOMParticipant() with dedicated worker (CVE-2015-2733) * ECC correctness issues (CVE-2015-2730) * Type Confusion mozilla::dom::indexedDB::IndexedDatabaseManager (CVE-2015-2728) * Memory safety bugs fixed in Firefox ESR 31.8, Firefox 38.1, and Firefox 39. (CVE-2015-2724) * Memory safety bugs fixed in Firefox 38.1 and Firefox 39. (CVE-2015-2725) * Memory safety bugs fixed in Firefox 39. (CVE-2015-2726) Additional fixes in 38.2.0esr-1: * out of bounds read at mozilla::AudioSink (CVE-2015-4475) * JSON.parse with reviver allows redefining non-configurable properties (CVE-2015-4478) * MPEG4 saio Chunk Integer Overflow (libstagefright) (CVE-2015-4479) * crash in [@ stagefright::SampleTable::isValid() ] with h264 mp4 (CVE-2015-4480) * Out of bounds write in mar_read.c (CVE-2015-4482) * crash in void js::jit::AssemblerX86Shared::lock_addl<js::jit::Imm32> (CVE-2015-4484) * Heap-buffer-overflow WRITE in resize_context_buffers (CVE-2015-4485) * Out of bounds read in decrease_ref_count (CVE-2015-4486) * Overflow nsTSubstring::ReplacePrep causes memory-safety bugs in string library (CVE-2015-4487) * StyleAnimationValue::operator= uses objects after delete on self-assignment (CVE-2015-4488) * Self-assignment in nsTArray_Impl causes memory-safety bug (CVE-2015-4489) * gdk-pixbuf heap overflow and DoS (CVE-2015-4491) * Use After Free in XMLHttpRequest::Open() (CVE-2015-4492) * Stagefright: heap-buffer-overflow crash [@stagefright::ESDS::parseESDescriptor] (CVE-2015-4493) These don't affect us: * CVE-2015-4481 (Windows only) * CVE-2015-4491 (Gnome only) * CVE-2015-4473 (38.1 and 39 only) * CVE-2015-4474 (39 only) Iceweasel 38.2.1esr-1~deb7u1 fixes these issues: * use-after-free (& crash) after style flush in CanvasRenderingContext2D (CVE-2015-4497) * Mozilla Firefox nsIPresShell Use-After-Free Remote Code Execution Vulnerability * Firefox Addon bypass dialog and spoof vulnerability (CVE-2015-4498) * added 38.2.1esr-1~deb7u1 to errata4.0-3 * YAML: 2015-09-16-iceweasel.yaml * modified enable-backport.patch ** fix dpkg-parsechangelog in upstream.mk ** set BACKPORT to wheezy for UCS 4.0 ** add -lrt for security/nss/ build Advisory: OK Tests (amd64, i386): OK |