Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
patchinfo.9788
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.9788
<patchinfo incident="9788"> <issue tracker="bnc" id="1119105">VUL-0: MozillaFirefox,MozillaThunderbird: 64.0, 60.4.0 ESR security releases</issue> <issue tracker="bnc" id="1097410">VUL-0: CVE-2018-0495: Novel side-channel attack "ROHNP"- Key Extraction Side Channel in Multiple Crypto Libraries</issue> <issue tracker="bnc" id="1119069">VUL-0: CVE-2018-12404: mozilla-nss: nss: Cache side-channel variant of the Bleichenbacher attack</issue> <issue tracker="bnc" id="1106873">VUL-0: CVE-2018-12384: mozilla-nss: ServerHello.random is all zero when handling a v2-compatible ClientHello</issue> <issue tracker="cve" id="2018-17466"/> <issue tracker="cve" id="2018-18494"/> <issue tracker="cve" id="2018-18492"/> <issue tracker="cve" id="2018-18493"/> <issue tracker="cve" id="2018-12405"/> <issue tracker="cve" id="2018-18498"/> <issue tracker="cve" id="2018-0495"/> <issue tracker="cve" id="2018-12404"/> <issue tracker="cve" id="2018-12384"/> <category>security</category> <rating>important</rating> <packager>cgrobertson</packager> <description>This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) </description> <summary>Security update for MozillaFirefox, mozilla-nspr and mozilla-nss</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor