openSUSE Security Update : seamonkey (openSUSE-SU-2013:0875-1)

critical Nessus Plugin ID 74988

Synopsis

The remote openSUSE host is missing a security update.

Description

SeaMonkey was updated to the 2.17 release, fixing bugs and security issues :

- update to SeaMonkey 2.17 (bnc#813026)

- requires NSPR 4.9.5 and NSS 3.14.3

- mozilla-webrtc-ppc.patch included upstream

- MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards

- MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds write in Cairo library

- MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with Mesa graphics driver on Linux

- MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW protections allows cloning of protected nodes

- MFSA 2013-37/CVE-2013-0794 (bmo#626775) Bypass of tab-modal dialog origin disclosure

- MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site scripting (XSS) using timed history navigations

- MFSA 2013-39/CVE-2013-0792 (bmo#722831) Memory corruption while rendering grayscale PNG images

- use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch)

- revert to use GStreamer 0.10 on 12.3 (bnc#814101) (remove mozilla-gstreamer-1.patch)

Solution

Update the affected seamonkey packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=813026

https://bugzilla.novell.com/show_bug.cgi?id=814101

https://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html

Plugin Details

Severity: Critical

ID: 74988

File Name: openSUSE-2013-400.nasl

Version: 1.5

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:seamonkey-debuginfo, cpe:/o:novell:opensuse:12.3, p-cpe:/a:novell:opensuse:seamonkey-translations-other, p-cpe:/a:novell:opensuse:seamonkey-dom-inspector, p-cpe:/a:novell:opensuse:seamonkey, p-cpe:/a:novell:opensuse:seamonkey-translations-common, p-cpe:/a:novell:opensuse:seamonkey-venkman, p-cpe:/a:novell:opensuse:seamonkey-debugsource, p-cpe:/a:novell:opensuse:seamonkey-irc

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 4/25/2013

Reference Information

CVE: CVE-2013-0788, CVE-2013-0789, CVE-2013-0792, CVE-2013-0793, CVE-2013-0794, CVE-2013-0795, CVE-2013-0796, CVE-2013-0800