libmozjs-78-0-78.15.0-5.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14381-1 Final 1 1 2024-10-02T00:00:00Z current 2024-10-02T00:00:00Z 2024-10-02T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libmozjs-78-0-78.15.0-5.1 on GA media These are all security issues fixed in the libmozjs-78-0-78.15.0-5.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14381 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WR4SNIPTL3MVBAVRYUOIK4QCPYAXEF3S/ E-Mail link for openSUSE-SU-2024:14381-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-45490/ SUSE CVE CVE-2024-45490 page https://www.suse.com/security/cve/CVE-2024-45491/ SUSE CVE CVE-2024-45491 page https://www.suse.com/security/cve/CVE-2024-45492/ SUSE CVE CVE-2024-45492 page openSUSE Tumbleweed libmozjs-78-0-78.15.0-5.1 mozjs78-78.15.0-5.1 mozjs78-devel-78.15.0-5.1 libmozjs-78-0-78.15.0-5.1 as a component of openSUSE Tumbleweed mozjs78-78.15.0-5.1 as a component of openSUSE Tumbleweed mozjs78-devel-78.15.0-5.1 as a component of openSUSE Tumbleweed An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. CVE-2024-45490 openSUSE Tumbleweed:libmozjs-78-0-78.15.0-5.1 openSUSE Tumbleweed:mozjs78-78.15.0-5.1 openSUSE Tumbleweed:mozjs78-devel-78.15.0-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WR4SNIPTL3MVBAVRYUOIK4QCPYAXEF3S/ https://www.suse.com/security/cve/CVE-2024-45490.html CVE-2024-45490 https://bugzilla.suse.com/1229930 SUSE Bug 1229930 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). CVE-2024-45491 openSUSE Tumbleweed:libmozjs-78-0-78.15.0-5.1 openSUSE Tumbleweed:mozjs78-78.15.0-5.1 openSUSE Tumbleweed:mozjs78-devel-78.15.0-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WR4SNIPTL3MVBAVRYUOIK4QCPYAXEF3S/ https://www.suse.com/security/cve/CVE-2024-45491.html CVE-2024-45491 https://bugzilla.suse.com/1229930 SUSE Bug 1229930 https://bugzilla.suse.com/1229931 SUSE Bug 1229931 An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). CVE-2024-45492 openSUSE Tumbleweed:libmozjs-78-0-78.15.0-5.1 openSUSE Tumbleweed:mozjs78-78.15.0-5.1 openSUSE Tumbleweed:mozjs78-devel-78.15.0-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WR4SNIPTL3MVBAVRYUOIK4QCPYAXEF3S/ https://www.suse.com/security/cve/CVE-2024-45492.html CVE-2024-45492 https://bugzilla.suse.com/1229930 SUSE Bug 1229930 https://bugzilla.suse.com/1229932 SUSE Bug 1229932