This update for MozillaFirefox and mozilla-nss fixes the following issues: Security issues fixed :

  - Fixes in Firefox ESR 52.2 (bsc#1043960,MFSA 2017-16)

  - CVE-2017-7758: Out-of-bounds read in Opus encoder

  - CVE-2017-7749: Use-after-free during docshell reloading

  - CVE-2017-7751: Use-after-free with content viewer     listeners

  - CVE-2017-5472: Use-after-free using destroyed node when     regenerating trees

  - CVE-2017-5470: Memory safety bugs fixed in Firefox 54     and Firefox ESR 52.2

  - CVE-2017-7752: Use-after-free with IME input

  - CVE-2017-7750: Use-after-free with track elements

  - CVE-2017-7768: 32 byte arbitrary file read through     Mozilla Maintenance Service

  - CVE-2017-7778: Vulnerabilities in the Graphite 2 library

  - CVE-2017-7754: Out-of-bounds read in WebGL with     ImageInfo object

  - CVE-2017-7755: Privilege escalation through Firefox     Installer with same directory DLL files

  - CVE-2017-7756: Use-after-free and use-after-scope     logging XHR header errors

  - CVE-2017-7757: Use-after-free in IndexedDB

  - CVE-2017-7761: File deletion and privilege escalation     through Mozilla Maintenance Service helper.exe     application

  - CVE-2017-7763: Mac fonts render some unicode characters     as spaces

  - CVE-2017-7765: Mark of the Web bypass when saving     executable files

  - CVE-2017-7764: Domain spoofing with combination of     Canadian Syllabics and other unicode blocks

  - update to Firefox ESR 52.1 (bsc#1035082,MFSA 2017-12)

  - CVE-2016-10196: Vulnerabilities in Libevent library

  - CVE-2017-5443: Out-of-bounds write during BinHex     decoding

  - CVE-2017-5429: Memory safety bugs fixed in Firefox 53,     Firefox ESR 45.9, and Firefox ESR 52.1

  - CVE-2017-5464: Memory corruption with accessibility and     DOM manipulation

  - CVE-2017-5465: Out-of-bounds read in ConvolvePixel

  - CVE-2017-5466: Origin confusion when reloading isolated     data:text/html URL

  - CVE-2017-5467: Memory corruption when drawing Skia     content

  - CVE-2017-5460: Use-after-free in frame selection

  - CVE-2017-5461: Out-of-bounds write in Base64 encoding in     NSS

  - CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor

  - CVE-2017-5449: Crash during bidirectional unicode     manipulation with animation

  - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA     frames are sent with incorrect data

  - CVE-2017-5447: Out-of-bounds read during glyph     processing

  - CVE-2017-5444: Buffer overflow while parsing     application/http-index-format content

  - CVE-2017-5445: Uninitialized values used while parsing     application/http- index-format content

  - CVE-2017-5442: Use-after-free during style changes

  - CVE-2017-5469: Potential Buffer overflow in     flex-generated code

  - CVE-2017-5440: Use-after-free in txExecutionState     destructor during XSLT processing

  - CVE-2017-5441: Use-after-free with selection during     scroll events

  - CVE-2017-5439: Use-after-free in nsTArray Length()     during XSLT processing

  - CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT     processing

  - CVE-2017-5436: Out-of-bounds write with malicious font     in Graphite 2

  - CVE-2017-5435: Use-after-free during transaction     processing in the editor

  - CVE-2017-5434: Use-after-free during focus handling

  - CVE-2017-5433: Use-after-free in SMIL animation     functions

  - CVE-2017-5432: Use-after-free in text input selection

  - CVE-2017-5430: Memory safety bugs fixed in Firefox 53     and Firefox ESR 52.1

  - CVE-2017-5459: Buffer overflow in WebGL

  - CVE-2017-5462: DRBG flaw in NSS

  - CVE-2017-5455: Sandbox escape through internal feed     reader APIs

  - CVE-2017-5454: Sandbox escape allowing file system read     access through file picker

  - CVE-2017-5456: Sandbox escape allowing local file system     access

  - CVE-2017-5451: Addressbar spoofing with onblur event

  - General

  - CVE-2015-5276: Fix for C++11 std::random_device short     reads (bsc#945842) Bugfixes :

  - workaround for Firefox hangs (bsc#1031485, bsc#1025108)

  - Update to gcc-5-branch head.

  - Includes fixes for (bsc#966220), (bsc#962765),     (bsc#964468), (bsc#939460), (bsc#930496), (bsc#930392)     and (bsc#955382).

  - Add fix to revert accidential libffi ABI breakage on     AARCH64. (bsc#968771)

  - Build s390[x] with --with-tune=z9-109 --with-arch=z900     on SLE11 again. (bsc#954002)

  - Fix libffi include install. (bsc#935510)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has gcc packages installed that are affected by multiple vulnerabilities:

  - Multiple integer overflows in libgfortran might allow     remote attackers to execute arbitrary code or cause a     denial of service (Fortran application crash) via     vectors related to array allocation. (CVE-2014-5044)

  - The std::random_device class in libstdc++ in the GNU     Compiler Collection (aka GCC) before 4.9.4 does not     properly handle short reads from blocking sources, which     makes it easier for context-dependent attackers to     predict the random values via unspecified vectors.
    (CVE-2015-5276)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gcc packages installed that are affected by multiple vulnerabilities:

  - Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause     a denial of service (Fortran application crash) via vectors related to array allocation. (CVE-2014-5044)

  - The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not     properly handle short reads from blocking sources, which makes it easier for context-dependent attackers     to predict the random values via unspecified vectors. (CVE-2015-5276)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

This update for GCC 4.8 provides the following fixes :

  - Fix C++11 std::random_device short read issue that could     lead to predictable randomness. (CVE-2015-5276,     bsc#945842)

  - Fix linker segmentation fault when building SLOF on     ppc64le. (bsc#949000)

  - Fix no_instrument_function attribute handling on PPC64     with

    -mprofile-kernel. (bsc#947791)

  - Fix internal compiler error with aarch64 target using     PCH and builtin functions. (bsc#947772)

  - Fix libffi issues on aarch64. (bsc#948168)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the gcc packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - The std::random_device class in libstdc++ in the GNU     Compiler Collection (aka GCC) before 4.9.4 does not     properly handle short reads from blocking sources,     which makes it easier for context-dependent attackers     to predict the random values via unspecified     vectors.(CVE-2015-5276)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for GCC 4.8 provides the following fixes :

  - Fix C++11 std::random_device short read issue that could     lead to predictable randomness. (CVE-2015-5276,     bsc#945842)

  - Fix linker segmentation fault when building SLOF on     ppc64le. (bsc#949000)

  - Fix no_instrument_function attribute handling on PPC64     with -mprofile-kernel. (bsc#947791)

  - Fix internal compiler error with aarch64 target using     PCH and builtin functions. (bsc#947772)

  - Fix libffi issues on aarch64. (bsc#948168)

The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements.

The following security issue has been fixed :

  - Fix C++11 std::random_device short read issue that could     lead to predictable randomness. (CVE-2015-5276,     bsc#945842)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the gcc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :

  - The std::random_device class in libstdc++ in the GNU     Compiler Collection (aka GCC) before 4.9.4 does not     properly handle short reads from blocking sources,     which makes it easier for context-dependent attackers     to predict the random values via unspecified     vectors.(CVE-2015-5276)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements.

The following security issue has been fixed :

  - Fix C++11 std::random_device short read issue that could     lead to predictable randomness. (CVE-2015-5276,     bsc#945842)

The following non-security issues have been fixed :

  - Enable frame pointer for TARGET_64BIT_MS_ABI when stack     is misaligned. Fixes internal compiler error when     building Wine. (bsc#966220)

  - Fix a PowerPC specific issue in gcc-go that broke     compilation of newer versions of Docker. (bsc#964468)

  - Fix HTM built-ins on PowerPC. (bsc#955382)

  - Fix libgo certificate lookup. (bsc#953831)

  - Suppress deprecated-declarations warnings for inline     definitions of deprecated virtual methods. (bsc#939460)

  - Build s390[x] with '--with-tune=z9-109 --with-arch=z900'     on SLE11 again. (bsc#954002)

  - Revert accidental libffi ABI breakage on aarch64.
    (bsc#968771)

  - On x86_64, set default 32bit code generation to
    -march=x86-64 rather than -march=i586.

  - Add experimental File System TS library. This update was     imported from the SUSE:SLE-12:Update update project.

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - gcc: integer overflow flaws in libgfortran (CVE-2014-5044)

  - Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.
    (CVE-2002-2439)

  - The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not     properly handle short reads from blocking sources, which makes it easier for context-dependent attackers     to predict the random values via unspecified vectors. (CVE-2015-5276)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - gcc: integer overflow flaws in libgfortran (CVE-2014-5044)

  - The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not     properly handle short reads from blocking sources, which makes it easier for context-dependent attackers     to predict the random values via unspecified vectors. (CVE-2015-5276)

  - Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to     execute arbitrary code via a crafted executable, which triggers a buffer overflow. (CVE-2016-2226)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

ID	Name	Product	Family	Published	Updated	Severity
102694	SUSE SLES11 Security Update : MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (SUSE-SU-2017:2235-1)	Nessus	SuSE Local Security Checks	8/23/2017	1/19/2021	critical
132504	NewStart CGSL CORE 5.05 / MAIN 5.05 : gcc Multiple Vulnerabilities (NS-SA-2019-0233)	Nessus	NewStart CGSL Local Security Checks	12/31/2019	1/14/2021	critical
160739	NewStart CGSL CORE 5.04 / MAIN 5.04 : gcc Multiple Vulnerabilities (NS-SA-2022-0019)	Nessus	NewStart CGSL Local Security Checks	5/9/2022	5/9/2022	critical
86648	SUSE SLED12 / SLES12 Security Update : gcc48 (SUSE-SU-2015:1833-1)	Nessus	SuSE Local Security Checks	10/29/2015	1/6/2021	medium
135512	EulerOS 2.0 SP3 : gcc (EulerOS-SA-2020-1383)	Nessus	Huawei Local Security Checks	4/15/2020	3/18/2024	medium
86960	openSUSE Security Update : gcc48 (openSUSE-2015-723)	Nessus	SuSE Local Security Checks	11/20/2015	1/19/2021	medium
90303	SUSE SLED11 / SLES11 Security Update : gcc5 (SUSE-SU-2016:0908-2)	Nessus	SuSE Local Security Checks	4/1/2016	1/6/2021	medium
124964	EulerOS Virtualization 3.0.1.0 : gcc (EulerOS-SA-2019-1461)	Nessus	Huawei Local Security Checks	5/14/2019	5/22/2024	medium
90562	openSUSE Security Update : gcc5 (openSUSE-2016-472)	Nessus	SuSE Local Security Checks	4/18/2016	1/19/2021	medium
90420	SUSE SLED12 / SLES12 Security Update : gcc5 (SUSE-SU-2016:0963-1)	Nessus	SuSE Local Security Checks	4/8/2016	1/6/2021	medium
198339	RHEL 6 : gcc (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	6/3/2024	6/3/2024	critical
198409	RHEL 7 : gcc (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	6/3/2024	7/11/2024	critical

Detections

Analytics

Plugins Search

critical

critical

critical

medium

medium

medium

medium

medium

medium

medium

critical

critical