mozilla-nspr-32bit-4.12-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10297-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z mozilla-nspr-32bit-4.12-2.1 on GA media These are all security issues fixed in the mozilla-nspr-32bit-4.12-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10297 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2014-1545/ SUSE CVE CVE-2014-1545 page https://www.suse.com/security/cve/CVE-2015-7183/ SUSE CVE CVE-2015-7183 page openSUSE Tumbleweed mozilla-nspr-4.12-2.1 mozilla-nspr-32bit-4.12-2.1 mozilla-nspr-devel-4.12-2.1 mozilla-nspr-4.12-2.1 as a component of openSUSE Tumbleweed mozilla-nspr-32bit-4.12-2.1 as a component of openSUSE Tumbleweed mozilla-nspr-devel-4.12-2.1 as a component of openSUSE Tumbleweed Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. CVE-2014-1545 openSUSE Tumbleweed:mozilla-nspr-32bit-4.12-2.1 openSUSE Tumbleweed:mozilla-nspr-4.12-2.1 openSUSE Tumbleweed:mozilla-nspr-devel-4.12-2.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1545.html CVE-2014-1545 Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. CVE-2015-7183 openSUSE Tumbleweed:mozilla-nspr-32bit-4.12-2.1 openSUSE Tumbleweed:mozilla-nspr-4.12-2.1 openSUSE Tumbleweed:mozilla-nspr-devel-4.12-2.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7183.html CVE-2015-7183 https://bugzilla.suse.com/952810 SUSE Bug 952810 https://bugzilla.suse.com/962977 SUSE Bug 962977