Tue Apr 16 05:06:24 2024
EVENTS
 FREE
SOFTWARE
INSTITUTE
 POLITICS
 JOBS
 MEMBERS'
CORNER
 MAILING
LIST
NYLXS Mailing Lists and Archives
NYLXS Members have a lot to say and share but we don't keep many secrets. Join the Hangout Mailing List and say your peice.

DATE 2016-08-01

HANGOUT

2024-04-16 | 2024-03-16 | 2024-02-16 | 2024-01-16 | 2023-12-16 | 2023-11-16 | 2023-10-16 | 2023-09-16 | 2023-08-16 | 2023-07-16 | 2023-06-16 | 2023-05-16 | 2023-04-16 | 2023-03-16 | 2023-02-16 | 2023-01-16 | 2022-12-16 | 2022-11-16 | 2022-10-16 | 2022-09-16 | 2022-08-16 | 2022-07-16 | 2022-06-16 | 2022-05-16 | 2022-04-16 | 2022-03-16 | 2022-02-16 | 2022-01-16 | 2021-12-16 | 2021-11-16 | 2021-10-16 | 2021-09-16 | 2021-08-16 | 2021-07-16 | 2021-06-16 | 2021-05-16 | 2021-04-16 | 2021-03-16 | 2021-02-16 | 2021-01-16 | 2020-12-16 | 2020-11-16 | 2020-10-16 | 2020-09-16 | 2020-08-16 | 2020-07-16 | 2020-06-16 | 2020-05-16 | 2020-04-16 | 2020-03-16 | 2020-02-16 | 2020-01-16 | 2019-12-16 | 2019-11-16 | 2019-10-16 | 2019-09-16 | 2019-08-16 | 2019-07-16 | 2019-06-16 | 2019-05-16 | 2019-04-16 | 2019-03-16 | 2019-02-16 | 2019-01-16 | 2018-12-16 | 2018-11-16 | 2018-10-16 | 2018-09-16 | 2018-08-16 | 2018-07-16 | 2018-06-16 | 2018-05-16 | 2018-04-16 | 2018-03-16 | 2018-02-16 | 2018-01-16 | 2017-12-16 | 2017-11-16 | 2017-10-16 | 2017-09-16 | 2017-08-16 | 2017-07-16 | 2017-06-16 | 2017-05-16 | 2017-04-16 | 2017-03-16 | 2017-02-16 | 2017-01-16 | 2016-12-16 | 2016-11-16 | 2016-10-16 | 2016-09-16 | 2016-08-16 | 2016-07-16 | 2016-06-16 | 2016-05-16 | 2016-04-16 | 2016-03-16 | 2016-02-16 | 2016-01-16 | 2015-12-16 | 2015-11-16 | 2015-10-16 | 2015-09-16 | 2015-08-16 | 2015-07-16 | 2015-06-16 | 2015-05-16 | 2015-04-16 | 2015-03-16 | 2015-02-16 | 2015-01-16 | 2014-12-16 | 2014-11-16 | 2014-10-16 | 2014-09-16 | 2014-08-16 | 2014-07-16 | 2014-06-16 | 2014-05-16 | 2014-04-16 | 2014-03-16 | 2014-02-16 | 2014-01-16 | 2013-12-16 | 2013-11-16 | 2013-10-16 | 2013-09-16 | 2013-08-16 | 2013-07-16 | 2013-06-16 | 2013-05-16 | 2013-04-16 | 2013-03-16 | 2013-02-16 | 2013-01-16 | 2012-12-16 | 2012-11-16 | 2012-10-16 | 2012-09-16 | 2012-08-16 | 2012-07-16 | 2012-06-16 | 2012-05-16 | 2012-04-16 | 2012-03-16 | 2012-02-16 | 2012-01-16 | 2011-12-16 | 2011-11-16 | 2011-10-16 | 2011-09-16 | 2011-08-16 | 2011-07-16 | 2011-06-16 | 2011-05-16 | 2011-04-16 | 2011-03-16 | 2011-02-16 | 2011-01-16 | 2010-12-16 | 2010-11-16 | 2010-10-16 | 2010-09-16 | 2010-08-16 | 2010-07-16 | 2010-06-16 | 2010-05-16 | 2010-04-16 | 2010-03-16 | 2010-02-16 | 2010-01-16 | 2009-12-16 | 2009-11-16 | 2009-10-16 | 2009-09-16 | 2009-08-16 | 2009-07-16 | 2009-06-16 | 2009-05-16 | 2009-04-16 | 2009-03-16 | 2009-02-16 | 2009-01-16 | 2008-12-16 | 2008-11-16 | 2008-10-16 | 2008-09-16 | 2008-08-16 | 2008-07-16 | 2008-06-16 | 2008-05-16 | 2008-04-16 | 2008-03-16 | 2008-02-16 | 2008-01-16 | 2007-12-16 | 2007-11-16 | 2007-10-16 | 2007-09-16 | 2007-08-16 | 2007-07-16 | 2007-06-16 | 2007-05-16 | 2007-04-16 | 2007-03-16 | 2007-02-16 | 2007-01-16 | 2006-12-16 | 2006-11-16 | 2006-10-16 | 2006-09-16 | 2006-08-16 | 2006-07-16 | 2006-06-16 | 2006-05-16 | 2006-04-16 | 2006-03-16 | 2006-02-16 | 2006-01-16 | 2005-12-16 | 2005-11-16 | 2005-10-16 | 2005-09-16 | 2005-08-16 | 2005-07-16 | 2005-06-16 | 2005-05-16 | 2005-04-16 | 2005-03-16 | 2005-02-16 | 2005-01-16 | 2004-12-16 | 2004-11-16 | 2004-10-16 | 2004-09-16 | 2004-08-16 | 2004-07-16 | 2004-06-16 | 2004-05-16 | 2004-04-16 | 2004-03-16 | 2004-02-16 | 2004-01-16 | 2003-12-16 | 2003-11-16 | 2003-10-16 | 2003-09-16 | 2003-08-16 | 2003-07-16 | 2003-06-16 | 2003-05-16 | 2003-04-16 | 2003-03-16 | 2003-02-16 | 2003-01-16 | 2002-12-16 | 2002-11-16 | 2002-10-16 | 2002-09-16 | 2002-08-16 | 2002-07-16 | 2002-06-16 | 2002-05-16 | 2002-04-16 | 2002-03-16 | 2002-02-16 | 2002-01-16 | 2001-12-16 | 2001-11-16 | 2001-10-16 | 2001-09-16 | 2001-08-16 | 2001-07-16 | 2001-06-16 | 2001-05-16 | 2001-04-16 | 2001-03-16 | 2001-02-16 | 2001-01-16 | 2000-12-16 | 2000-11-16 | 2000-10-16 | 2000-09-16 | 2000-08-16 | 2000-07-16 | 2000-06-16 | 2000-05-16 | 2000-04-16 | 2000-03-16 | 2000-02-16 | 2000-01-16 | 1999-12-16

Key: Value:

Key: Value:

MESSAGE
DATE 2016-08-10
FROM opensuse-security@opensuse.org
SUBJECT Subject: [Hangout-NYLXS] [security-announce] openSUSE-SU-2016:2026-1:
openSUSE Security Update: Security update for MozillaFirefox, mozilla-nss
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:2026-1
Rating: important
References: #984126 #984403 #984637 #986541 #991809
Cross-References: CVE-2016-0718 CVE-2016-2830 CVE-2016-2835
CVE-2016-2836 CVE-2016-2837 CVE-2016-2838
CVE-2016-2839 CVE-2016-5250 CVE-2016-5251
CVE-2016-5252 CVE-2016-5254 CVE-2016-5255
CVE-2016-5258 CVE-2016-5259 CVE-2016-5260
CVE-2016-5261 CVE-2016-5262 CVE-2016-5263
CVE-2016-5264 CVE-2016-5265 CVE-2016-5266
CVE-2016-5268
Affected Products:
openSUSE 13.1
______________________________________________________________________________

An update that fixes 22 vulnerabilities is now available.

Description:

Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and
deliver various improvements.

The following major changes are included:

- Process separation (e10s) is enabled for some users
- Add-ons that have not been verified and signed by Mozilla will not load
- WebRTC enhancements
- The media parser has been redeveloped using the Rust programming language
- better Canvas performance with speedy Skia support
- Now requires NSS 3.24

The following security issues were fixed: (boo#991809)

- CVE-2016-2835/CVE-2016-2836: Miscellaneous memory safety hazards
- CVE-2016-2830: Favicon network connection can persist when page is closed
- CVE-2016-2838: Buffer overflow rendering SVG with bidirectional content
- CVE-2016-2839: Cairo rendering crash due to memory allocation issue with
FFmpeg 0.10
- CVE-2016-5251: Location bar spoofing via data URLs with
malformed/invalid mediatypes
- CVE-2016-5252: Stack underflow during 2D graphics rendering
- CVE-2016-0718: Out-of-bounds read during XML parsing in Expat library
- CVE-2016-5254: Use-after-free when using alt key and toplevel menus
- CVE-2016-5255: Crash in incremental garbage collection in JavaScript
- CVE-2016-5258: Use-after-free in DTLS during WebRTC session shutdown
- CVE-2016-5259: Use-after-free in service workers with nested sync events
- CVE-2016-5260: Form input type change from password to text can store
plain text password in session restore file
- CVE-2016-5261: Integer overflow in WebSockets during data buffering
- CVE-2016-5262: Scripts on marquee tag can execute in sandboxed iframes
- CVE-2016-2837: Buffer overflow in ClearKey Content Decryption Module
(CDM) during video playback
- CVE-2016-5263: Type confusion in display transformation
- CVE-2016-5264: Use-after-free when applying SVG effects
- CVE-2016-5265: Same-origin policy violation using local HTML file and
saved shortcut file
- CVE-2016-5266: Information disclosure and local file manipulation
through drag and drop
- CVE-2016-5268: Spoofing attack through text injection into internal
error pages
- CVE-2016-5250: Information disclosure through Resource Timing API during
page navigation

The following non-security changes are included:

- The AppData description and screenshots were updated.
- Fix Firefox crash on startup on i586 (boo#986541)
- The Selenium WebDriver may have caused Firefox to crash at startup
- fix build issues with gcc/binutils combination used in Leap 42.2
(boo#984637)
- Fix running on 48bit va aarch64 (boo#984126)
- fix XUL dialog button order under KDE session (boo#984403)

Mozilla NSS was updated to 3.24 as a dependency.

Changes in mozilla-nss:

- NSS softoken updated with latest NIST guidance
- NSS softoken updated to allow NSS to run in FIPS Level 1 (no password)
- Various added and deprecated functions
- Remove most code related to SSL v2, including the ability to actively
send a SSLv2-compatible client hello.
- Protect against the Cachebleed attack.
- Disable support for DTLS compression.
- Improve support for TLS 1.3. This includes support for DTLS 1.3.
(experimental)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch 2016-960=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i586 x86_64):

MozillaFirefox-48.0-119.1
MozillaFirefox-branding-upstream-48.0-119.1
MozillaFirefox-buildsymbols-48.0-119.1
MozillaFirefox-debuginfo-48.0-119.1
MozillaFirefox-debugsource-48.0-119.1
MozillaFirefox-devel-48.0-119.1
MozillaFirefox-translations-common-48.0-119.1
MozillaFirefox-translations-other-48.0-119.1
libfreebl3-3.24-83.1
libfreebl3-debuginfo-3.24-83.1
libsoftokn3-3.24-83.1
libsoftokn3-debuginfo-3.24-83.1
mozilla-nss-3.24-83.1
mozilla-nss-certs-3.24-83.1
mozilla-nss-certs-debuginfo-3.24-83.1
mozilla-nss-debuginfo-3.24-83.1
mozilla-nss-debugsource-3.24-83.1
mozilla-nss-devel-3.24-83.1
mozilla-nss-sysinit-3.24-83.1
mozilla-nss-sysinit-debuginfo-3.24-83.1
mozilla-nss-tools-3.24-83.1
mozilla-nss-tools-debuginfo-3.24-83.1

- openSUSE 13.1 (x86_64):

libfreebl3-32bit-3.24-83.1
libfreebl3-debuginfo-32bit-3.24-83.1
libsoftokn3-32bit-3.24-83.1
libsoftokn3-debuginfo-32bit-3.24-83.1
mozilla-nss-32bit-3.24-83.1
mozilla-nss-certs-32bit-3.24-83.1
mozilla-nss-certs-debuginfo-32bit-3.24-83.1
mozilla-nss-debuginfo-32bit-3.24-83.1
mozilla-nss-sysinit-32bit-3.24-83.1
mozilla-nss-sysinit-debuginfo-32bit-3.24-83.1


References:

https://www.suse.com/security/cve/CVE-2016-0718.html
https://www.suse.com/security/cve/CVE-2016-2830.html
https://www.suse.com/security/cve/CVE-2016-2835.html
https://www.suse.com/security/cve/CVE-2016-2836.html
https://www.suse.com/security/cve/CVE-2016-2837.html
https://www.suse.com/security/cve/CVE-2016-2838.html
https://www.suse.com/security/cve/CVE-2016-2839.html
https://www.suse.com/security/cve/CVE-2016-5250.html
https://www.suse.com/security/cve/CVE-2016-5251.html
https://www.suse.com/security/cve/CVE-2016-5252.html
https://www.suse.com/security/cve/CVE-2016-5254.html
https://www.suse.com/security/cve/CVE-2016-5255.html
https://www.suse.com/security/cve/CVE-2016-5258.html
https://www.suse.com/security/cve/CVE-2016-5259.html
https://www.suse.com/security/cve/CVE-2016-5260.html
https://www.suse.com/security/cve/CVE-2016-5261.html
https://www.suse.com/security/cve/CVE-2016-5262.html
https://www.suse.com/security/cve/CVE-2016-5263.html
https://www.suse.com/security/cve/CVE-2016-5264.html
https://www.suse.com/security/cve/CVE-2016-5265.html
https://www.suse.com/security/cve/CVE-2016-5266.html
https://www.suse.com/security/cve/CVE-2016-5268.html
https://bugzilla.suse.com/984126
https://bugzilla.suse.com/984403
https://bugzilla.suse.com/984637
https://bugzilla.suse.com/986541
https://bugzilla.suse.com/991809

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe-at-opensuse.org
For additional commands, e-mail: opensuse-security-announce+help-at-opensuse.org
_______________________________________________
hangout mailing list
hangout-at-nylxs.com
http://www.nylxs.com/

  1. 2016-08-03 IEEE Engineering in Medicine and Biology Society <noreply-at-embs.org> Subject: [Hangout-NYLXS] MNMC 2016 Registration is Now Open
  2. 2016-08-10 Ron Guerin <ron-at-vnetworx.net> Re: [Hangout-NYLXS] ( going to meetings anymore ? ) | | new,
  3. 2016-08-11 mrbrklyn <mrbrklyn-at-panix.com> Re: [Hangout-NYLXS] ( going to meetings anymore ? ) | | new,
  4. 2016-08-07 John Chludzinski <john.chludzinski-at-vivaldi.net> Re: [Hangout-NYLXS] Are these books outdated?
  5. 2016-08-10 Raul Piper <raulpblooper-at-gmail.com> Re: [Hangout-NYLXS] Are these books outdated?
  6. 2016-08-10 Raul Piper <raulpblooper-at-gmail.com> Re: [Hangout-NYLXS] Are these books outdated?
  7. 2016-08-11 Raul Piper <raulpblooper-at-gmail.com> Re: [Hangout-NYLXS] Are these books outdated?
  8. 2016-08-11 Raul Piper <raulpblooper-at-gmail.com> Re: [Hangout-NYLXS] Are these books outdated?
  9. 2016-08-11 Raul Piper <raulpblooper-at-gmail.com> Re: [Hangout-NYLXS] Are these books outdated?
  10. 2016-08-10 John Chludzinski <john.chludzinski-at-vivaldi.net> Re: [Hangout-NYLXS] Are these books outdated?
  11. 2016-08-11 Aleksander Alekseev <afiskon-at-devzen.ru> Re: [Hangout-NYLXS] Are these books outdated?
  12. 2016-08-15 Raul Piper <raulpblooper-at-gmail.com> Re: [Hangout-NYLXS] Are these books outdated?
  13. 2016-08-10 John Chludzinski <john.chludzinski-at-vivaldi.net> Re: [Hangout-NYLXS] Are these books outdated?
  14. 2016-08-10 Greg KH <greg-at-kroah.com> Re: [Hangout-NYLXS] Are these books outdated?
  15. 2016-08-14 Andrey Skvortsov <andrej.skvortzov-at-gmail.com> Re: [Hangout-NYLXS] Are these books outdated?
  16. 2016-08-11 Stefan Wahren <info-at-lategoodbye.de> Re: [Hangout-NYLXS] Are these books outdated?
  17. 2016-08-15 Aleksander Alekseev <afiskon-at-devzen.ru> Re: [Hangout-NYLXS] Are these books outdated?
  18. 2016-08-14 Stefan Wahren <info-at-lategoodbye.de> Re: [Hangout-NYLXS] Are these books outdated?
  19. 2016-08-16 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout-NYLXS] Duck Duck Go is offially Dead
  20. 2016-08-16 From: "Mancini, Sabin (DFS)" <Sabin.Mancini-at-dfs.ny.gov> Re: [Hangout-NYLXS] Duck Duck Go is offially Dead | | Duck Duck Go
  21. 2016-08-16 Rick Moen <rick-at-linuxmafia.com> Re: [Hangout-NYLXS] Duck Duck Go is offially Dead
  22. 2016-08-16 From: "Ruben.Safir" <ruben.safir-at-my.liu.edu> Re: [Hangout-NYLXS] Duck Duck Go is offially Dead
  23. 2016-08-16 Rick Moen <rick-at-linuxmafia.com> Re: [Hangout-NYLXS] Duck Duck Go is offially Dead
  24. 2016-08-17 mrbrklyn <mrbrklyn-at-panix.com> Re: [Hangout-NYLXS] Duck Duck Go is offially Dead
  25. 2016-08-09 From: "IEEE Communications Society"<CommunicationsSociety-at-comsoc.org> Subject: [Hangout-NYLXS] Tech Insights: Intel's vision for SoC FPGAs
  26. 2016-08-10 opensuse-security-at-opensuse.org Subject: [Hangout-NYLXS] [security-announce] openSUSE-SU-2016:2026-1:
  27. 2016-08-29 Gabor Szabo <gabor-at-szabgab.com> Subject: [Hangout-NYLXS] [Perlweekly] #266 - Podcasts and video Interviewes
  28. 2016-08-26 Amy Rothenberg <Amy.Rothenberg-at-liu.edu> Subject: [Hangout-NYLXS] FW: FW: IT Civil Service Exams
  29. 2016-08-30 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout-NYLXS] Fwd: [isoc-ny] ** APPLY NOW!!! Applications Open
  30. 2016-08-25 From: "SUSE" <einfo-at-suse.com> Subject: [Hangout-NYLXS] =?utf-8?q?Join_the_Party=E2=80=9425_Years_of_Linu?=
  31. 2016-08-22 Gabor Szabo <gabor-at-szabgab.com> Subject: [Hangout-NYLXS] [Perlweekly] #265 - Someone please stop these Perl

NYLXS are Do'ers and the first step of Doing is Joining! Join NYLXS and make a difference in your community today!