From Mageia wiki
Jump to: navigation, search

MGASA-2012-0353

Date: December 7th, 2012
Affected releases: 2


Description:
Updated iceape packages fix security issues:

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before
16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow
remote attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown vectors.
(CVE-2012-3982)

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13
allow remote attackers to cause a denial of service (memory corruption
and application crash) or possibly execute arbitrary code via unknown
vectors. (CVE-2012-3983)

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey
before 2.13 do not properly handle navigation away from a web page that
has a SELECT element's menu active, which allows remote attackers to
spoof page content via vectors involving absolute positioning and
scrolling. (CVE-2012-3984)

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey
before 2.13 do not properly implement the HTML5 Same Origin Policy,
which allows remote attackers to conduct cross-site scripting (XSS)
attacks by leveraging initial-origin access after document.domain has
been set. (CVE-2012-3985)

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird
before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13
do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils)
methods, which allows remote attackers to bypass intended access
restrictions via crafted JavaScript code. (CVE-2012-3986)

Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox
ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x
before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted
remote attackers to execute arbitrary code via vectors involving use
of mozRequestFullScreen to enter full-screen mode, and use of the
history.back method for backwards history navigation. (CVE-2012-3988)

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey
before 2.13 do not properly perform a cast of an unspecified variable
during use of the instanceof operator on a JavaScript object, which
allows remote attackers to execute arbitrary code or cause a denial of
service (assertion failure) via a crafted web site. (CVE-2012-3989)

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird
before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before
2.13 do not properly restrict JSAPI access to the GetProperty function,
which allows remote attackers to bypass the Same Origin Policy and
possibly have unspecified other impact via a crafted web site.
(CVE-2012-3991)

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird
before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before
2.13 allow remote attackers to conduct cross-site scripting (XSS)
attacks via a binary plugin that uses Object.defineProperty to shadow
the top object, and leverages the relationship between top.location
and the location property. (CVE-2012-3994)

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before
16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird
ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly
interact with failures of InstallTrigger methods, which allows remote
attackers to execute arbitrary JavaScript code with chrome privileges via
a crafted web site, related to an "XrayWrapper pollution" issue.
(CVE-2012-3993)

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before
16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird
ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access
to properties of a prototype for a standard class, which allows remote
attackers to execute arbitrary JavaScript code with chrome privileges via
a crafted web site. (CVE-2012-4184)

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird
before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before
2.13 do not properly manage history data, which allows remote attackers
to conduct cross-site scripting (XSS) attacks or obtain sensitive POST
content via vectors involving a location.hash write operation and history
navigation that triggers the loading of a URL into the history object.
(CVE-2012-3992)

The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox
ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x
before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to
execute arbitrary code or cause a denial of service (out-of-bounds read)
via unspecified vectors. (CVE-2012-3995)

Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn
function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8,
Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey
before 2.13 allows remote attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via unspecified vectors.
(CVE-2012-4179)

Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace
function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8,
Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey
before 2.13 allows remote attackers to execute arbitrary code via
unspecified vectors. (CVE-2012-4180)

Use-after-free vulnerability in the nsSMILAnimationController::DoSample
function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8,
Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey
before 2.13 allows remote attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via unspecified vectors.
(CVE-2012-4181)

Use-after-free vulnerability in the nsTextEditRules::WillInsert function
in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8,
Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey
before 2.13 allows remote attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via unspecified vectors.
(CVE-2012-4182)

Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures
function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8,
Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey
before 2.13 allows remote attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via unspecified vectors.
(CVE-2012-4183)

Buffer overflow in the nsCharTraits::length function in Mozilla Firefox
before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0,
Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows
remote attackers to execute arbitrary code or cause a denial of service
(heap memory corruption) via unspecified vectors. (CVE-2012-4185)

Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function
in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird
before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13
allows remote attackers to execute arbitrary code via unspecified vectors.
(CVE-2012-4186)

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird
before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13
do not properly manage a certain insPos variable, which allows remote
attackers to execute arbitrary code or cause a denial of service (heap
memory corruption and assertion failure) via unspecified vectors.
(CVE-2012-4187)

Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox
before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0,
Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows
remote attackers to execute arbitrary code via unspecified vectors.
(CVE-2012-4188)

Use-after-free vulnerability in the IME State Manager implementation in
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird
before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13
allows remote attackers to execute arbitrary code via unspecified vectors,
related to the nsIContent::GetNameSpaceID function. (CVE-2012-3990)

The FT2FontEntry::CreateFontEntry function in FreeType, as used in the
Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows
remote attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unspecified
vectors. (CVE-2012-4190)

The mozilla::net::FailDelayManager::Lookup function in the WebSockets
implementation in Mozilla Firefox before 16.0.1, Thunderbird before
16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a
denial of service (memory corruption and application crash) or possibly
execute arbitrary code via unspecified vectors. (CVE-2012-4191)

Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote
attackers to bypass the Same Origin Policy and read the properties of a
Location object via a crafted web site, a related issue to CVE-2012-4193.
(CVE-2012-4192)

Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird
before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before
2.13.1 omit a security check in the defaultValue function during the
unwrapping of security wrappers, which allows remote attackers to bypass
the Same Origin Policy and read the properties of a Location object, or
execute arbitrary JavaScript code, via a crafted web site. (CVE-2012-4193)

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird
before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before
2.13.2 do not prevent use of the valueOf method to shadow the location
object (aka window.location), which makes it easier for remote attackers
to conduct cross-site scripting (XSS) attacks via vectors involving a
plugin. (CVE-2012-4194)

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox
ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x
before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine
the calling document and principal in its return value, which makes it
easier for remote attackers to conduct cross-site scripting (XSS) attacks
via a crafted web site, and makes it easier for remote attackers to
execute arbitrary JavaScript code by leveraging certain add-on behavior.
(CVE-2012-4195)

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird
before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before
2.13.2 allow remote attackers to bypass the Same Origin Policy and read
the Location object via a prototype property-injection attack that defeats
certain protection mechanisms for this object. (CVE-2012-4196)

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before
17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow
remote attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown vectors.
(CVE-2012-5842)

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14
allow remote attackers to cause a denial of service (memory corruption
and application crash) or possibly execute arbitrary code via unknown
vectors. (CVE-2012-5843)

Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function
in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11,
Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and
SeaMonkey before 2.14 allows remote attackers to execute arbitrary code
via a crafted GIF image. (CVE-2012-4202)

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox
ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x
before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context
during the handling of JavaScript code that sets the location.href
property, which allows remote attackers to conduct cross-site scripting
(XSS) attacks or read arbitrary files by leveraging a sandboxed add-on.
(CVE-2012-4201)

Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before
2.14 allow remote attackers to execute arbitrary code or cause a denial of
service (application crash) via vectors involving the setting of Cascading
Style Sheets (CSS) properties in conjunction with SVG text. (CVE-2012-5836)

The str_unescape function in the JavaScript engine in Mozilla Firefox
before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows
remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and application crash) via unspecified vectors.
(CVE-2012-4204)

Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before
2.14 assign the system principal, rather than the sandbox principal, to
XMLHttpRequest objects created in sandboxes, which allows remote attackers
to conduct cross-site request forgery (CSRF) attacks or obtain sensitive
information by leveraging a sandboxed add-on. (CVE-2012-4205)

The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird
before 17.0, and SeaMonkey before 2.14 does not consider the compartment
during property filtering, which allows remote attackers to bypass intended
chrome-only restrictions on reading DOM object properties via a crafted web
site. (CVE-2012-4208)

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird
before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before
2.14 implement cross-origin wrappers with a filtering behavior that does
not properly restrict write actions, which allows remote attackers to
conduct cross-site scripting (XSS) attacks via a crafted web site.
(CVE-2012-5841)

The HZ-GB-2312 character-set implementation in Mozilla Firefox before
17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0,
Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not
properly handle a ~ (tilde) character in proximity to a chunk delimiter,
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via a crafted document. (CVE-2012-4207)

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird
before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before
2.14 do not prevent use of a "top" frame name-attribute value to access
the location property, which makes it easier for remote attackers to
conduct cross-site scripting (XSS) attacks via vectors involving a
binary plugin. (CVE-2012-4209)

Use-after-free vulnerability in the XPCWrappedNative::Mark function in
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey
before 2.14 allows remote attackers to execute arbitrary code or cause
a denial of service (heap memory corruption) via unspecified vectors.
(CVE-2012-4212)

Use-after-free vulnerability in the nsEditor::FindNextLeafNode function
in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey
before 2.14 allows remote attackers to execute arbitrary code or cause
a denial of service (heap memory corruption) via unspecified vectors.
(CVE-2012-4213)

Use-after-free vulnerability in the nsTextEditorState::PrepareEditor
function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11,
Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and
SeaMonkey before 2.14 allows remote attackers to execute arbitrary code
or cause a denial of service (heap memory corruption) via unspecified
vectors, a different vulnerability than CVE-2012-5840. (CVE-2012-4214)

Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent
function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11,
Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey
before 2.14 allows remote attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via unspecified vectors.
(CVE-2012-4215)

Use-after-free vulnerability in the gfxFont::GetFontEntry function in
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird
before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before
2.14 allows remote attackers to execute arbitrary code or cause a denial
of service (heap memory corruption) via unspecified vectors.
(CVE-2012-4216)

Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates
function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and
SeaMonkey before 2.14 allows remote attackers to execute arbitrary code
or cause a denial of service (heap memory corruption) via unspecified
vectors. (CVE-2012-4217)

Use-after-free vulnerability in the
BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox
before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows
remote attackers to execute arbitrary code or cause a denial of service
(heap memory corruption) via unspecified vectors. (CVE-2012-4218)

Heap-based buffer overflow in the nsWindow::OnExposeEvent function in
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11,
Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and
SeaMonkey before 2.14 allows remote attackers to execute arbitrary code
via unspecified vectors. (CVE-2012-5829)

Heap-based buffer overflow in the
gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox
before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0,
Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows
remote attackers to execute arbitrary code via unspecified vectors.
(CVE-2012-5839)

Use-after-free vulnerability in the nsTextEditorState::PrepareEditor
function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11,
Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and
SeaMonkey before 2.14 allows remote attackers to execute arbitrary code
or cause a denial of service (heap memory corruption) via unspecified
vectors, a different vulnerability than CVE-2012-4214. (CVE-2012-5840)

Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR
10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before
10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to
execute arbitrary code via an HTML document. (CVE-2012-5830)

The texImage2D implementation in the WebGL subsystem in Mozilla Firefox
before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0,
Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not
properly interact with Mesa drivers, which allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via function calls involving certain values of
the level parameter. (CVE-2012-5833)

Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0,
Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird
ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote
attackers to execute arbitrary code or cause a denial of service (invalid
write operation) via crafted data. (CVE-2012-5835)

The copyTexImage2D implementation in the WebGL subsystem in Mozilla
Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14
allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via large image
dimensions. (CVE-2012-5838)


Updated Packages:
iceape-2.14.1-1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5843
https://bugs.mageia.org/show_bug.cgi?id=8275