Bug 18278

Summary: Firefox 38.8
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/685285/
Whiteboard: has_procedure advisory mga5-32-ok mga5-64-ok
Source RPM: firefox CVE:
Status comment:

Description David Walser 2016-04-27 18:18:29 CEST 
RedHat has issued an advisory on April 26:
https://rhn.redhat.com/errata/RHSA-2016-0695.html

Updated package uploaded for Mageia 5.

Advisory:
========================

Updated firefox packages fix security vulnerabilities:

Multiple flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox
(CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2814).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2814
https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-44/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-47/
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
https://rhn.redhat.com/errata/RHSA-2016-0695.html
========================

Updated packages in core/updates_testing:
========================
firefox-38.8.0-1.mga5
firefox-devel-38.8.0-1.mga5
firefox-af-38.8.0-1.mga5
firefox-an-38.8.0-1.mga5
firefox-ar-38.8.0-1.mga5
firefox-as-38.8.0-1.mga5
firefox-ast-38.8.0-1.mga5
firefox-az-38.8.0-1.mga5
firefox-be-38.8.0-1.mga5
firefox-bg-38.8.0-1.mga5
firefox-bn_IN-38.8.0-1.mga5
firefox-bn_BD-38.8.0-1.mga5
firefox-br-38.8.0-1.mga5
firefox-bs-38.8.0-1.mga5
firefox-ca-38.8.0-1.mga5
firefox-cs-38.8.0-1.mga5
firefox-cy-38.8.0-1.mga5
firefox-da-38.8.0-1.mga5
firefox-de-38.8.0-1.mga5
firefox-el-38.8.0-1.mga5
firefox-en_GB-38.8.0-1.mga5
firefox-en_US-38.8.0-1.mga5
firefox-en_ZA-38.8.0-1.mga5
firefox-eo-38.8.0-1.mga5
firefox-es_AR-38.8.0-1.mga5
firefox-es_CL-38.8.0-1.mga5
firefox-es_ES-38.8.0-1.mga5
firefox-es_MX-38.8.0-1.mga5
firefox-et-38.8.0-1.mga5
firefox-eu-38.8.0-1.mga5
firefox-fa-38.8.0-1.mga5
firefox-ff-38.8.0-1.mga5
firefox-fi-38.8.0-1.mga5
firefox-fr-38.8.0-1.mga5
firefox-fy_NL-38.8.0-1.mga5
firefox-ga_IE-38.8.0-1.mga5
firefox-gd-38.8.0-1.mga5
firefox-gl-38.8.0-1.mga5
firefox-gu_IN-38.8.0-1.mga5
firefox-he-38.8.0-1.mga5
firefox-hi_IN-38.8.0-1.mga5
firefox-hr-38.8.0-1.mga5
firefox-hsb-38.8.0-1.mga5
firefox-hu-38.8.0-1.mga5
firefox-hy_AM-38.8.0-1.mga5
firefox-id-38.8.0-1.mga5
firefox-is-38.8.0-1.mga5
firefox-it-38.8.0-1.mga5
firefox-ja-38.8.0-1.mga5
firefox-kk-38.8.0-1.mga5
firefox-km-38.8.0-1.mga5
firefox-kn-38.8.0-1.mga5
firefox-ko-38.8.0-1.mga5
firefox-lij-38.8.0-1.mga5
firefox-lt-38.8.0-1.mga5
firefox-lv-38.8.0-1.mga5
firefox-mai-38.8.0-1.mga5
firefox-mk-38.8.0-1.mga5
firefox-ml-38.8.0-1.mga5
firefox-mr-38.8.0-1.mga5
firefox-ms-38.8.0-1.mga5
firefox-nb_NO-38.8.0-1.mga5
firefox-nl-38.8.0-1.mga5
firefox-nn_NO-38.8.0-1.mga5
firefox-or-38.8.0-1.mga5
firefox-pa_IN-38.8.0-1.mga5
firefox-pl-38.8.0-1.mga5
firefox-pt_BR-38.8.0-1.mga5
firefox-pt_PT-38.8.0-1.mga5
firefox-ro-38.8.0-1.mga5
firefox-ru-38.8.0-1.mga5
firefox-si-38.8.0-1.mga5
firefox-sk-38.8.0-1.mga5
firefox-sl-38.8.0-1.mga5
firefox-sq-38.8.0-1.mga5
firefox-sr-38.8.0-1.mga5
firefox-sv_SE-38.8.0-1.mga5
firefox-ta-38.8.0-1.mga5
firefox-te-38.8.0-1.mga5
firefox-th-38.8.0-1.mga5
firefox-tr-38.8.0-1.mga5
firefox-uk-38.8.0-1.mga5
firefox-uz-38.8.0-1.mga5
firefox-vi-38.8.0-1.mga5
firefox-xh-38.8.0-1.mga5
firefox-zh_CN-38.8.0-1.mga5
firefox-zh_TW-38.8.0-1.mga5

from SRPMS:
firefox-38.8.0-1.mga5.src.rpm
firefox-l10n-38.8.0-1.mga5.src.rpm
Comment 1 claire robinson 2016-04-27 18:39:36 CEST 
Testing complete mga5 64

No regressions noticed. Spellcheck, https, flash, bookmarks, html5, javascript, addons.

https://html5test.com/
http://browserbench.org/JetStream/

Whiteboard: (none) => has_procedure mga5-64-ok

Comment 2 claire robinson 2016-04-28 17:45:47 CEST 
Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 3 claire robinson 2016-04-28 17:51:15 CEST 
Advisory uploaded.

Whiteboard: has_procedure mga5-64-ok => has_procedure advisory mga5-64-ok

Comment 4 David Walser 2016-04-29 11:28:49 CEST 
Working fine on Mageia 5 i586.

Whiteboard: has_procedure advisory mga5-64-ok => has_procedure advisory mga5-32-ok mga5-64-ok

Comment 5 Mageia Robot 2016-04-29 19:22:23 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0158.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED