Advisories ยป MGASA-2015-0234

Updated Firefox, Thunderbird & sqlite3 packages fix security vulnerabilities

Publication date: 18 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-2708 , CVE-2015-2710 , CVE-2015-2713 , CVE-2015-2716 , CVE-2015-3414 , CVE-2015-3415 , CVE-2015-3416

Description

Updated firefox, thunderbird, and sqlite3 packages fix security
vulnerabilities:

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox or Thunderbird to
crash or, potentially, execute arbitrary code with the privileges of the
user running it (CVE-2015-2708, CVE-2015-2710, CVE-2015-2713).

A heap-based buffer overflow flaw was found in the way Firefox and
Thunderbird processed compressed XML data. An attacker could create
specially crafted compressed XML content that, when processed by Firefox
or Thunderbird, could cause it to crash or execute arbitrary code with the
privileges of the user running it (CVE-2015-2716).

SQLite before 3.8.9 does not properly implement the dequoting of
collation-sequence names, which allows context-dependent attackers to
cause a denial of service (uninitialized memory access and application
crash) or possibly have unspecified other impact via a crafted COLLATE
clause, as demonstrated by COLLATE at the end of a SELECT statement
(CVE-2015-3414).

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9
does not properly implement comparison operators, which allows
context-dependent attackers to cause a denial of service (invalid
free operation) or possibly have unspecified other impact via a
crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE
TABLE statement (CVE-2015-3415).

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does
not properly handle precision and width values during floating-point
conversions, which allows context-dependent attackers to cause a
denial of service (integer overflow and stack-based buffer overflow)
or possibly have unspecified other impact via large integers in a
crafted printf function call in a SELECT statement (CVE-2015-3416).

The sqlite3 package has been updated to version 3.10.8, fixing the
CVE-2015-3414, CVE-2015-3415, and CVE-2015-3416 security issues, also
fixing heap overflow and other possible issues found by fuzzing, as well
as containing many other bug fixes and enhancements.

The nss package has been updated to version 3.19, containing multiple root
certificate updates, security enhancements, and other bug fixes.
                

References

SRPMS

4/core