Bug 17625

Summary: Firefox 38.6
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: davidwhodgins, sysadmin-bugs, wrw105
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/673772/
Whiteboard: has_procedure mga5-32-ok mga5-64-ok advisory
Source RPM: firefox CVE:
Status comment:

Description David Walser 2016-01-26 22:33:17 CET 
Upstream has released version 38.6 today (January 26):
https://www.mozilla.org/en-US/firefox/38.6.0/releasenotes/

It fixes a couple of security issues:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935
https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/

Updated packages uploaded for Mageia 5.

Preliminary advisory below.

Advisory:
========================

Updated firefox packages fix security vulnerabilities:

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox (CVE-2016-1930).

Security researcher Aki Helin used the Address Sanitizer tool to find a
buffer overflow write when rendering some WebGL content. This leads to a
potentially exploitable crash (CVE-2016-1935).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935
https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
========================

Updated packages in core/updates_testing:
========================
firefox-38.6.0-1.mga5
firefox-devel-38.6.0-1.mga5
firefox-af-38.6.0-1.mga5
firefox-an-38.6.0-1.mga5
firefox-ar-38.6.0-1.mga5
firefox-as-38.6.0-1.mga5
firefox-ast-38.6.0-1.mga5
firefox-az-38.6.0-1.mga5
firefox-be-38.6.0-1.mga5
firefox-bg-38.6.0-1.mga5
firefox-bn_IN-38.6.0-1.mga5
firefox-bn_BD-38.6.0-1.mga5
firefox-br-38.6.0-1.mga5
firefox-bs-38.6.0-1.mga5
firefox-ca-38.6.0-1.mga5
firefox-cs-38.6.0-1.mga5
firefox-cy-38.6.0-1.mga5
firefox-da-38.6.0-1.mga5
firefox-de-38.6.0-1.mga5
firefox-el-38.6.0-1.mga5
firefox-en_GB-38.6.0-1.mga5
firefox-en_US-38.6.0-1.mga5
firefox-en_ZA-38.6.0-1.mga5
firefox-eo-38.6.0-1.mga5
firefox-es_AR-38.6.0-1.mga5
firefox-es_CL-38.6.0-1.mga5
firefox-es_ES-38.6.0-1.mga5
firefox-es_MX-38.6.0-1.mga5
firefox-et-38.6.0-1.mga5
firefox-eu-38.6.0-1.mga5
firefox-fa-38.6.0-1.mga5
firefox-ff-38.6.0-1.mga5
firefox-fi-38.6.0-1.mga5
firefox-fr-38.6.0-1.mga5
firefox-fy_NL-38.6.0-1.mga5
firefox-ga_IE-38.6.0-1.mga5
firefox-gd-38.6.0-1.mga5
firefox-gl-38.6.0-1.mga5
firefox-gu_IN-38.6.0-1.mga5
firefox-he-38.6.0-1.mga5
firefox-hi_IN-38.6.0-1.mga5
firefox-hr-38.6.0-1.mga5
firefox-hsb-38.6.0-1.mga5
firefox-hu-38.6.0-1.mga5
firefox-hy_AM-38.6.0-1.mga5
firefox-id-38.6.0-1.mga5
firefox-is-38.6.0-1.mga5
firefox-it-38.6.0-1.mga5
firefox-ja-38.6.0-1.mga5
firefox-kk-38.6.0-1.mga5
firefox-km-38.6.0-1.mga5
firefox-kn-38.6.0-1.mga5
firefox-ko-38.6.0-1.mga5
firefox-lij-38.6.0-1.mga5
firefox-lt-38.6.0-1.mga5
firefox-lv-38.6.0-1.mga5
firefox-mai-38.6.0-1.mga5
firefox-mk-38.6.0-1.mga5
firefox-ml-38.6.0-1.mga5
firefox-mr-38.6.0-1.mga5
firefox-ms-38.6.0-1.mga5
firefox-nb_NO-38.6.0-1.mga5
firefox-nl-38.6.0-1.mga5
firefox-nn_NO-38.6.0-1.mga5
firefox-or-38.6.0-1.mga5
firefox-pa_IN-38.6.0-1.mga5
firefox-pl-38.6.0-1.mga5
firefox-pt_BR-38.6.0-1.mga5
firefox-pt_PT-38.6.0-1.mga5
firefox-ro-38.6.0-1.mga5
firefox-ru-38.6.0-1.mga5
firefox-si-38.6.0-1.mga5
firefox-sk-38.6.0-1.mga5
firefox-sl-38.6.0-1.mga5
firefox-sq-38.6.0-1.mga5
firefox-sr-38.6.0-1.mga5
firefox-sv_SE-38.6.0-1.mga5
firefox-ta-38.6.0-1.mga5
firefox-te-38.6.0-1.mga5
firefox-th-38.6.0-1.mga5
firefox-tr-38.6.0-1.mga5
firefox-uk-38.6.0-1.mga5
firefox-uz-38.6.0-1.mga5
firefox-vi-38.6.0-1.mga5
firefox-xh-38.6.0-1.mga5
firefox-zh_CN-38.6.0-1.mga5
firefox-zh_TW-38.6.0-1.mga5

from SRPMS:
firefox-38.6.0-1.mga5.src.rpm
firefox-l10n-38.6.0-1.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2016-01-27 15:00:18 CET 
RedHat has issued an advisory for this today (January 27):
https://rhn.redhat.com/errata/RHSA-2016-0071.html

Advisory:
========================

Updated firefox packages fix security vulnerabilities:

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox (CVE-2016-1930, CVE-2016-1935).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935
https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
https://rhn.redhat.com/errata/RHSA-2016-0071.html
Comment 2 Bill Wilkinson 2016-01-27 15:03:48 CET 
Tested mga5-64:

general browsing, JetStream for JavaScript, Acid3 for rendering, youtube video for flash (habanera sax quartet yoi!), javatester for java.

All OK.

CC: (none) => wrw105
Whiteboard: (none) => has_procedure mga5-64-ok

Comment 3 David Walser 2016-01-27 16:33:44 CET 
Working fine Mageia 5 i586 also.

Whiteboard: has_procedure mga5-64-ok => has_procedure mga5-32-ok mga5-64-ok

Comment 4 James Kerr 2016-01-27 17:31:44 CET 
Testing on mga5-64

Packages installed from testing:
- firefox-38.6.0-1.mga5.x86_64
- firefox-en_GB-38.6.0-1.mga5.noarch

Packages installed cleanly. No regressions noted.

OK for mga5-64
Comment 5 James Kerr 2016-01-27 17:45:26 CET 
Testing on mga5-32

Packages installed from testing:
firefox-en_GB-38.6.0-1.mga5.noarch
firefox-38.6.0-1.mga5.i586

Packages installed cleanly. No regressions noted.

OK for mga5-32
Comment 6 James Kerr 2016-01-27 17:50:36 CET 
This update is now validated.

The advisory in comment#2 needs to be uploaded to SVN.

The packages can then be pushed to updates.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 7 James Kerr 2016-01-27 17:53:49 CET 
Correction - the advisory is in comment#1
David Walser 2016-01-27 22:57:34 CET

URL: (none) => http://lwn.net/Vulnerabilities/673772/

Dave Hodgins 2016-01-28 20:20:55 CET

CC: (none) => davidwhodgins
Whiteboard: has_procedure mga5-32-ok mga5-64-ok => has_procedure mga5-32-ok mga5-64-ok advisory

Comment 8 Mageia Robot 2016-01-29 12:04:10 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0041.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED