Mon May 23 15:57:28 2022
EVENTS
 FREE
SOFTWARE
INSTITUTE
 POLITICS
 JOBS
 MEMBERS'
CORNER
 MAILING
LIST
NYLXS Mailing Lists and Archives
NYLXS Members have a lot to say and share but we don't keep many secrets. Join the Hangout Mailing List and say your peice.

DATE 2016-08-01

HANGOUT

2022-05-23 | 2022-04-23 | 2022-03-23 | 2022-02-23 | 2022-01-23 | 2021-12-23 | 2021-11-23 | 2021-10-23 | 2021-09-23 | 2021-08-23 | 2021-07-23 | 2021-06-23 | 2021-05-23 | 2021-04-23 | 2021-03-23 | 2021-02-23 | 2021-01-23 | 2020-12-23 | 2020-11-23 | 2020-10-23 | 2020-09-23 | 2020-08-23 | 2020-07-23 | 2020-06-23 | 2020-05-23 | 2020-04-23 | 2020-03-23 | 2020-02-23 | 2020-01-23 | 2019-12-23 | 2019-11-23 | 2019-10-23 | 2019-09-23 | 2019-08-23 | 2019-07-23 | 2019-06-23 | 2019-05-23 | 2019-04-23 | 2019-03-23 | 2019-02-23 | 2019-01-23 | 2018-12-23 | 2018-11-23 | 2018-10-23 | 2018-09-23 | 2018-08-23 | 2018-07-23 | 2018-06-23 | 2018-05-23 | 2018-04-23 | 2018-03-23 | 2018-02-23 | 2018-01-23 | 2017-12-23 | 2017-11-23 | 2017-10-23 | 2017-09-23 | 2017-08-23 | 2017-07-23 | 2017-06-23 | 2017-05-23 | 2017-04-23 | 2017-03-23 | 2017-02-23 | 2017-01-23 | 2016-12-23 | 2016-11-23 | 2016-10-23 | 2016-09-23 | 2016-08-23 | 2016-07-23 | 2016-06-23 | 2016-05-23 | 2016-04-23 | 2016-03-23 | 2016-02-23 | 2016-01-23 | 2015-12-23 | 2015-11-23 | 2015-10-23 | 2015-09-23 | 2015-08-23 | 2015-07-23 | 2015-06-23 | 2015-05-23 | 2015-04-23 | 2015-03-23 | 2015-02-23 | 2015-01-23 | 2014-12-23 | 2014-11-23 | 2014-10-23 | 2014-09-23 | 2014-08-23 | 2014-07-23 | 2014-06-23 | 2014-05-23 | 2014-04-23 | 2014-03-23 | 2014-02-23 | 2014-01-23 | 2013-12-23 | 2013-11-23 | 2013-10-23 | 2013-09-23 | 2013-08-23 | 2013-07-23 | 2013-06-23 | 2013-05-23 | 2013-04-23 | 2013-03-23 | 2013-02-23 | 2013-01-23 | 2012-12-23 | 2012-11-23 | 2012-10-23 | 2012-09-23 | 2012-08-23 | 2012-07-23 | 2012-06-23 | 2012-05-23 | 2012-04-23 | 2012-03-23 | 2012-02-23 | 2012-01-23 | 2011-12-23 | 2011-11-23 | 2011-10-23 | 2011-09-23 | 2011-08-23 | 2011-07-23 | 2011-06-23 | 2011-05-23 | 2011-04-23 | 2011-03-23 | 2011-02-23 | 2011-01-23 | 2010-12-23 | 2010-11-23 | 2010-10-23 | 2010-09-23 | 2010-08-23 | 2010-07-23 | 2010-06-23 | 2010-05-23 | 2010-04-23 | 2010-03-23 | 2010-02-23 | 2010-01-23 | 2009-12-23 | 2009-11-23 | 2009-10-23 | 2009-09-23 | 2009-08-23 | 2009-07-23 | 2009-06-23 | 2009-05-23 | 2009-04-23 | 2009-03-23 | 2009-02-23 | 2009-01-23 | 2008-12-23 | 2008-11-23 | 2008-10-23 | 2008-09-23 | 2008-08-23 | 2008-07-23 | 2008-06-23 | 2008-05-23 | 2008-04-23 | 2008-03-23 | 2008-02-23 | 2008-01-23 | 2007-12-23 | 2007-11-23 | 2007-10-23 | 2007-09-23 | 2007-08-23 | 2007-07-23 | 2007-06-23 | 2007-05-23 | 2007-04-23 | 2007-03-23 | 2007-02-23 | 2007-01-23 | 2006-12-23 | 2006-11-23 | 2006-10-23 | 2006-09-23 | 2006-08-23 | 2006-07-23 | 2006-06-23 | 2006-05-23 | 2006-04-23 | 2006-03-23 | 2006-02-23 | 2006-01-23 | 2005-12-23 | 2005-11-23 | 2005-10-23 | 2005-09-23 | 2005-08-23 | 2005-07-23 | 2005-06-23 | 2005-05-23 | 2005-04-23 | 2005-03-23 | 2005-02-23 | 2005-01-23 | 2004-12-23 | 2004-11-23 | 2004-10-23 | 2004-09-23 | 2004-08-23 | 2004-07-23 | 2004-06-23 | 2004-05-23 | 2004-04-23 | 2004-03-23 | 2004-02-23 | 2004-01-23 | 2003-12-23 | 2003-11-23 | 2003-10-23 | 2003-09-23 | 2003-08-23 | 2003-07-23 | 2003-06-23 | 2003-05-23 | 2003-04-23 | 2003-03-23 | 2003-02-23 | 2003-01-23 | 2002-12-23 | 2002-11-23 | 2002-10-23 | 2002-09-23 | 2002-08-23 | 2002-07-23 | 2002-06-23 | 2002-05-23 | 2002-04-23 | 2002-03-23 | 2002-02-23 | 2002-01-23 | 2001-12-23 | 2001-11-23 | 2001-10-23 | 2001-09-23 | 2001-08-23 | 2001-07-23 | 2001-06-23 | 2001-05-23 | 2001-04-23 | 2001-03-23 | 2001-02-23 | 2001-01-23 | 2000-12-23 | 2000-11-23 | 2000-10-23 | 2000-09-23 | 2000-08-23 | 2000-07-23 | 2000-06-23 | 2000-05-23 | 2000-04-23 | 2000-03-23 | 2000-02-23 | 2000-01-23 | 1999-12-23

Key: Value:

Key: Value:

MESSAGE
DATE 2016-08-10
FROM opensuse-security@opensuse.org
SUBJECT Subject: [Hangout-NYLXS] [security-announce] openSUSE-SU-2016:2026-1:
From hangout-bounces-at-nylxs.com Wed Aug 17 19:53:27 2016
Return-Path:
X-Original-To: archive-at-mrbrklyn.com
Delivered-To: archive-at-mrbrklyn.com
Received: from www.mrbrklyn.com (www.mrbrklyn.com [96.57.23.82])
by mrbrklyn.com (Postfix) with ESMTP id 6376D162A0A;
Wed, 17 Aug 2016 19:53:26 -0400 (EDT)
X-Original-To: hangout-at-nylxs.com
Delivered-To: hangout-at-nylxs.com
Received: by mrbrklyn.com (Postfix, from userid 1000)
id 75F46161914; Wed, 17 Aug 2016 19:53:23 -0400 (EDT)
Resent-From: Ruben Safir
Resent-Date: Wed, 17 Aug 2016 19:53:23 -0400
Resent-Message-ID: <20160817235323.GA31102-at-www.mrbrklyn.com>
Resent-To: hangout-at-nylxs.com
X-Original-To: ruben-at-mrbrklyn.com
Delivered-To: ruben-at-mrbrklyn.com
Received: from lists5.opensuse.org (lists5.opensuse.org [195.135.221.153])
by mrbrklyn.com (Postfix) with ESMTP id B5813161224
for ; Wed, 10 Aug 2016 19:09:12 -0400 (EDT)
Received: from baloo.opensuse.org (localhost [127.0.0.1])
by lists5.opensuse.org (Postfix) with SMTP id 7A8C711A34;
Wed, 10 Aug 2016 23:09:03 +0000 (UTC)
X-Original-To: opensuse-security-announce-at-lists5-opensuse.suse.de
Delivered-To: opensuse-security-announce-at-lists5-opensuse.suse.de
Received: from relay2.suse.de (relay2.suse.de [149.44.160.134])
by lists5.opensuse.org (Postfix) with ESMTP id 90698119EC
for ;
Wed, 10 Aug 2016 23:09:01 +0000 (UTC)
Received: from maintenance.suse.de (maintenance.nue.suse.com [149.44.176.14])
by relay2.suse.de (Postfix) with ESMTP id 8784B1A9A
for ;
Wed, 10 Aug 2016 23:09:01 +0000 (UTC)
Received: by maintenance.suse.de (Postfix, from userid 32005)
id 78169FFAC; Thu, 11 Aug 2016 01:09:01 +0200 (CEST)
From: opensuse-security-at-opensuse.org
To: opensuse-security-announce-at-opensuse.org
Message-Id: <20160810230901.78169FFAC-at-maintenance.suse.de>
Date: Thu, 11 Aug 2016 01:09:01 +0200 (CEST)
Precedence: bulk
Mailing-List: contact opensuse-security-announce+help-at-opensuse.org;
run by mlmmj
X-Mailinglist: opensuse-security-announce
List-Owner:
X-MIME-Notice: attachments may have been removed from this message
Subject: [Hangout-NYLXS] [security-announce] openSUSE-SU-2016:2026-1:
important: Security update for MozillaFirefox, mozilla-nss
X-BeenThere: hangout-at-nylxs.com
X-Mailman-Version: 2.1.17
Reply-To: NYLXS Discussions List
List-Id: NYLXS Discussions List
List-Unsubscribe: ,

List-Archive:
List-Post:
List-Help:
List-Subscribe: ,

MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: hangout-bounces-at-nylxs.com
Sender: "hangout"

openSUSE Security Update: Security update for MozillaFirefox, mozilla-nss
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:2026-1
Rating: important
References: #984126 #984403 #984637 #986541 #991809
Cross-References: CVE-2016-0718 CVE-2016-2830 CVE-2016-2835
CVE-2016-2836 CVE-2016-2837 CVE-2016-2838
CVE-2016-2839 CVE-2016-5250 CVE-2016-5251
CVE-2016-5252 CVE-2016-5254 CVE-2016-5255
CVE-2016-5258 CVE-2016-5259 CVE-2016-5260
CVE-2016-5261 CVE-2016-5262 CVE-2016-5263
CVE-2016-5264 CVE-2016-5265 CVE-2016-5266
CVE-2016-5268
Affected Products:
openSUSE 13.1
______________________________________________________________________________

An update that fixes 22 vulnerabilities is now available.

Description:

Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and
deliver various improvements.

The following major changes are included:

- Process separation (e10s) is enabled for some users
- Add-ons that have not been verified and signed by Mozilla will not load
- WebRTC enhancements
- The media parser has been redeveloped using the Rust programming language
- better Canvas performance with speedy Skia support
- Now requires NSS 3.24

The following security issues were fixed: (boo#991809)

- CVE-2016-2835/CVE-2016-2836: Miscellaneous memory safety hazards
- CVE-2016-2830: Favicon network connection can persist when page is closed
- CVE-2016-2838: Buffer overflow rendering SVG with bidirectional content
- CVE-2016-2839: Cairo rendering crash due to memory allocation issue with
FFmpeg 0.10
- CVE-2016-5251: Location bar spoofing via data URLs with
malformed/invalid mediatypes
- CVE-2016-5252: Stack underflow during 2D graphics rendering
- CVE-2016-0718: Out-of-bounds read during XML parsing in Expat library
- CVE-2016-5254: Use-after-free when using alt key and toplevel menus
- CVE-2016-5255: Crash in incremental garbage collection in JavaScript
- CVE-2016-5258: Use-after-free in DTLS during WebRTC session shutdown
- CVE-2016-5259: Use-after-free in service workers with nested sync events
- CVE-2016-5260: Form input type change from password to text can store
plain text password in session restore file
- CVE-2016-5261: Integer overflow in WebSockets during data buffering
- CVE-2016-5262: Scripts on marquee tag can execute in sandboxed iframes
- CVE-2016-2837: Buffer overflow in ClearKey Content Decryption Module
(CDM) during video playback
- CVE-2016-5263: Type confusion in display transformation
- CVE-2016-5264: Use-after-free when applying SVG effects
- CVE-2016-5265: Same-origin policy violation using local HTML file and
saved shortcut file
- CVE-2016-5266: Information disclosure and local file manipulation
through drag and drop
- CVE-2016-5268: Spoofing attack through text injection into internal
error pages
- CVE-2016-5250: Information disclosure through Resource Timing API during
page navigation

The following non-security changes are included:

- The AppData description and screenshots were updated.
- Fix Firefox crash on startup on i586 (boo#986541)
- The Selenium WebDriver may have caused Firefox to crash at startup
- fix build issues with gcc/binutils combination used in Leap 42.2
(boo#984637)
- Fix running on 48bit va aarch64 (boo#984126)
- fix XUL dialog button order under KDE session (boo#984403)

Mozilla NSS was updated to 3.24 as a dependency.

Changes in mozilla-nss:

- NSS softoken updated with latest NIST guidance
- NSS softoken updated to allow NSS to run in FIPS Level 1 (no password)
- Various added and deprecated functions
- Remove most code related to SSL v2, including the ability to actively
send a SSLv2-compatible client hello.
- Protect against the Cachebleed attack.
- Disable support for DTLS compression.
- Improve support for TLS 1.3. This includes support for DTLS 1.3.
(experimental)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch 2016-960=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i586 x86_64):

MozillaFirefox-48.0-119.1
MozillaFirefox-branding-upstream-48.0-119.1
MozillaFirefox-buildsymbols-48.0-119.1
MozillaFirefox-debuginfo-48.0-119.1
MozillaFirefox-debugsource-48.0-119.1
MozillaFirefox-devel-48.0-119.1
MozillaFirefox-translations-common-48.0-119.1
MozillaFirefox-translations-other-48.0-119.1
libfreebl3-3.24-83.1
libfreebl3-debuginfo-3.24-83.1
libsoftokn3-3.24-83.1
libsoftokn3-debuginfo-3.24-83.1
mozilla-nss-3.24-83.1
mozilla-nss-certs-3.24-83.1
mozilla-nss-certs-debuginfo-3.24-83.1
mozilla-nss-debuginfo-3.24-83.1
mozilla-nss-debugsource-3.24-83.1
mozilla-nss-devel-3.24-83.1
mozilla-nss-sysinit-3.24-83.1
mozilla-nss-sysinit-debuginfo-3.24-83.1
mozilla-nss-tools-3.24-83.1
mozilla-nss-tools-debuginfo-3.24-83.1

- openSUSE 13.1 (x86_64):

libfreebl3-32bit-3.24-83.1
libfreebl3-debuginfo-32bit-3.24-83.1
libsoftokn3-32bit-3.24-83.1
libsoftokn3-debuginfo-32bit-3.24-83.1
mozilla-nss-32bit-3.24-83.1
mozilla-nss-certs-32bit-3.24-83.1
mozilla-nss-certs-debuginfo-32bit-3.24-83.1
mozilla-nss-debuginfo-32bit-3.24-83.1
mozilla-nss-sysinit-32bit-3.24-83.1
mozilla-nss-sysinit-debuginfo-32bit-3.24-83.1


References:

https://www.suse.com/security/cve/CVE-2016-0718.html
https://www.suse.com/security/cve/CVE-2016-2830.html
https://www.suse.com/security/cve/CVE-2016-2835.html
https://www.suse.com/security/cve/CVE-2016-2836.html
https://www.suse.com/security/cve/CVE-2016-2837.html
https://www.suse.com/security/cve/CVE-2016-2838.html
https://www.suse.com/security/cve/CVE-2016-2839.html
https://www.suse.com/security/cve/CVE-2016-5250.html
https://www.suse.com/security/cve/CVE-2016-5251.html
https://www.suse.com/security/cve/CVE-2016-5252.html
https://www.suse.com/security/cve/CVE-2016-5254.html
https://www.suse.com/security/cve/CVE-2016-5255.html
https://www.suse.com/security/cve/CVE-2016-5258.html
https://www.suse.com/security/cve/CVE-2016-5259.html
https://www.suse.com/security/cve/CVE-2016-5260.html
https://www.suse.com/security/cve/CVE-2016-5261.html
https://www.suse.com/security/cve/CVE-2016-5262.html
https://www.suse.com/security/cve/CVE-2016-5263.html
https://www.suse.com/security/cve/CVE-2016-5264.html
https://www.suse.com/security/cve/CVE-2016-5265.html
https://www.suse.com/security/cve/CVE-2016-5266.html
https://www.suse.com/security/cve/CVE-2016-5268.html
https://bugzilla.suse.com/984126
https://bugzilla.suse.com/984403
https://bugzilla.suse.com/984637
https://bugzilla.suse.com/986541
https://bugzilla.suse.com/991809

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe-at-opensuse.org
For additional commands, e-mail: opensuse-security-announce+help-at-opensuse.org
_______________________________________________
hangout mailing list
hangout-at-nylxs.com
http://www.nylxs.com/

  1. 2016-08-03 IEEE Engineering in Medicine and Biology Society <noreply-at-embs.org> Subject: [Hangout-NYLXS] MNMC 2016 Registration is Now Open
  2. 2016-08-10 Ron Guerin <ron-at-vnetworx.net> Re: [Hangout-NYLXS] ( going to meetings anymore ? ) | | new,
  3. 2016-08-11 mrbrklyn <mrbrklyn-at-panix.com> Re: [Hangout-NYLXS] ( going to meetings anymore ? ) | | new,
  4. 2016-08-07 John Chludzinski <john.chludzinski-at-vivaldi.net> Re: [Hangout-NYLXS] Are these books outdated?
  5. 2016-08-10 Raul Piper <raulpblooper-at-gmail.com> Re: [Hangout-NYLXS] Are these books outdated?
  6. 2016-08-10 Raul Piper <raulpblooper-at-gmail.com> Re: [Hangout-NYLXS] Are these books outdated?
  7. 2016-08-11 Raul Piper <raulpblooper-at-gmail.com> Re: [Hangout-NYLXS] Are these books outdated?
  8. 2016-08-11 Raul Piper <raulpblooper-at-gmail.com> Re: [Hangout-NYLXS] Are these books outdated?
  9. 2016-08-11 Raul Piper <raulpblooper-at-gmail.com> Re: [Hangout-NYLXS] Are these books outdated?
  10. 2016-08-10 John Chludzinski <john.chludzinski-at-vivaldi.net> Re: [Hangout-NYLXS] Are these books outdated?
  11. 2016-08-11 Aleksander Alekseev <afiskon-at-devzen.ru> Re: [Hangout-NYLXS] Are these books outdated?
  12. 2016-08-15 Raul Piper <raulpblooper-at-gmail.com> Re: [Hangout-NYLXS] Are these books outdated?
  13. 2016-08-10 John Chludzinski <john.chludzinski-at-vivaldi.net> Re: [Hangout-NYLXS] Are these books outdated?
  14. 2016-08-10 Greg KH <greg-at-kroah.com> Re: [Hangout-NYLXS] Are these books outdated?
  15. 2016-08-14 Andrey Skvortsov <andrej.skvortzov-at-gmail.com> Re: [Hangout-NYLXS] Are these books outdated?
  16. 2016-08-11 Stefan Wahren <info-at-lategoodbye.de> Re: [Hangout-NYLXS] Are these books outdated?
  17. 2016-08-15 Aleksander Alekseev <afiskon-at-devzen.ru> Re: [Hangout-NYLXS] Are these books outdated?
  18. 2016-08-14 Stefan Wahren <info-at-lategoodbye.de> Re: [Hangout-NYLXS] Are these books outdated?
  19. 2016-08-16 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout-NYLXS] Duck Duck Go is offially Dead
  20. 2016-08-16 From: "Mancini, Sabin (DFS)" <Sabin.Mancini-at-dfs.ny.gov> Re: [Hangout-NYLXS] Duck Duck Go is offially Dead | | Duck Duck Go
  21. 2016-08-16 Rick Moen <rick-at-linuxmafia.com> Re: [Hangout-NYLXS] Duck Duck Go is offially Dead
  22. 2016-08-16 From: "Ruben.Safir" <ruben.safir-at-my.liu.edu> Re: [Hangout-NYLXS] Duck Duck Go is offially Dead
  23. 2016-08-16 Rick Moen <rick-at-linuxmafia.com> Re: [Hangout-NYLXS] Duck Duck Go is offially Dead
  24. 2016-08-17 mrbrklyn <mrbrklyn-at-panix.com> Re: [Hangout-NYLXS] Duck Duck Go is offially Dead
  25. 2016-08-09 From: "IEEE Communications Society"<CommunicationsSociety-at-comsoc.org> Subject: [Hangout-NYLXS] Tech Insights: Intel's vision for SoC FPGAs
  26. 2016-08-10 opensuse-security-at-opensuse.org Subject: [Hangout-NYLXS] [security-announce] openSUSE-SU-2016:2026-1:
  27. 2016-08-29 Gabor Szabo <gabor-at-szabgab.com> Subject: [Hangout-NYLXS] [Perlweekly] #266 - Podcasts and video Interviewes
  28. 2016-08-26 Amy Rothenberg <Amy.Rothenberg-at-liu.edu> Subject: [Hangout-NYLXS] FW: FW: IT Civil Service Exams
  29. 2016-08-30 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout-NYLXS] Fwd: [isoc-ny] ** APPLY NOW!!! Applications Open
  30. 2016-08-25 From: "SUSE" <einfo-at-suse.com> Subject: [Hangout-NYLXS] =?utf-8?q?Join_the_Party=E2=80=9425_Years_of_Linu?=
  31. 2016-08-22 Gabor Szabo <gabor-at-szabgab.com> Subject: [Hangout-NYLXS] [Perlweekly] #265 - Someone please stop these Perl

NYLXS are Do'ers and the first step of Doing is Joining! Join NYLXS and make a difference in your community today!