| Summary: | firefox new security issues fixed in 45.6 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | youpburden <youpburden> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | luigiwalser, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://lwn.net/Vulnerabilities/709140/ | ||
| Whiteboard: | MGA5-32-OK MGA5-64-OK advisory | ||
| Source RPM: | firefox-45.5.1-1.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
youpburden
2016-12-14 15:41:03 CET
Thanks for the report. Update in progress. CC:
(none) =>
luigiwalser RedHat has issued an advisory for this today (December 14): https://rhn.redhat.com/errata/RHSA-2016-2946.html Advisory for the pending update will be as follows. Advisory: ======================== Updated firefox packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2016-9893, CVE-2016-9899, CVE-2016-9895, CVE-2016-9897, CVE-2016-9898, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9904, CVE-2016-9905). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905 https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/ https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ https://rhn.redhat.com/errata/RHSA-2016-2946.html ======================== Updated packages in core/updates_testing: ================ firefox-45.6.0-1.mga5 firefox-af-45.6.0-1.mga5 firefox-an-45.6.0-1.mga5 firefox-ar-45.6.0-1.mga5 firefox-as-45.6.0-1.mga5 firefox-ast-45.6.0-1.mga5 firefox-az-45.6.0-1.mga5 firefox-be-45.6.0-1.mga5 firefox-bg-45.6.0-1.mga5 firefox-bn_BD-45.6.0-1.mga5 firefox-bn_IN-45.6.0-1.mga5 firefox-br-45.6.0-1.mga5 firefox-bs-45.6.0-1.mga5 firefox-ca-45.6.0-1.mga5 firefox-cs-45.6.0-1.mga5 firefox-cy-45.6.0-1.mga5 firefox-da-45.6.0-1.mga5 firefox-de-45.6.0-1.mga5 firefox-devel-45.6.0-1.mga5 firefox-el-45.6.0-1.mga5 firefox-en_GB-45.6.0-1.mga5 firefox-en_US-45.6.0-1.mga5 firefox-en_ZA-45.6.0-1.mga5 firefox-eo-45.6.0-1.mga5 firefox-es_AR-45.6.0-1.mga5 firefox-es_CL-45.6.0-1.mga5 firefox-es_ES-45.6.0-1.mga5 firefox-es_MX-45.6.0-1.mga5 firefox-et-45.6.0-1.mga5 firefox-eu-45.6.0-1.mga5 firefox-fa-45.6.0-1.mga5 firefox-ff-45.6.0-1.mga5 firefox-fi-45.6.0-1.mga5 firefox-fr-45.6.0-1.mga5 firefox-fy_NL-45.6.0-1.mga5 firefox-ga_IE-45.6.0-1.mga5 firefox-gd-45.6.0-1.mga5 firefox-gl-45.6.0-1.mga5 firefox-gu_IN-45.6.0-1.mga5 firefox-he-45.6.0-1.mga5 firefox-hi_IN-45.6.0-1.mga5 firefox-hr-45.6.0-1.mga5 firefox-hsb-45.6.0-1.mga5 firefox-hu-45.6.0-1.mga5 firefox-hy_AM-45.6.0-1.mga5 firefox-id-45.6.0-1.mga5 firefox-is-45.6.0-1.mga5 firefox-it-45.6.0-1.mga5 firefox-ja-45.6.0-1.mga5 firefox-kk-45.6.0-1.mga5 firefox-km-45.6.0-1.mga5 firefox-kn-45.6.0-1.mga5 firefox-ko-45.6.0-1.mga5 firefox-lij-45.6.0-1.mga5 firefox-lt-45.6.0-1.mga5 firefox-lv-45.6.0-1.mga5 firefox-mai-45.6.0-1.mga5 firefox-mk-45.6.0-1.mga5 firefox-ml-45.6.0-1.mga5 firefox-mr-45.6.0-1.mga5 firefox-ms-45.6.0-1.mga5 firefox-nb_NO-45.6.0-1.mga5 firefox-nl-45.6.0-1.mga5 firefox-nn_NO-45.6.0-1.mga5 firefox-or-45.6.0-1.mga5 firefox-pa_IN-45.6.0-1.mga5 firefox-pl-45.6.0-1.mga5 firefox-pt_BR-45.6.0-1.mga5 firefox-pt_PT-45.6.0-1.mga5 firefox-ro-45.6.0-1.mga5 firefox-ru-45.6.0-1.mga5 firefox-si-45.6.0-1.mga5 firefox-sk-45.6.0-1.mga5 firefox-sl-45.6.0-1.mga5 firefox-sq-45.6.0-1.mga5 firefox-sr-45.6.0-1.mga5 firefox-sv_SE-45.6.0-1.mga5 firefox-ta-45.6.0-1.mga5 firefox-te-45.6.0-1.mga5 firefox-th-45.6.0-1.mga5 firefox-tr-45.6.0-1.mga5 firefox-uk-45.6.0-1.mga5 firefox-uz-45.6.0-1.mga5 firefox-vi-45.6.0-1.mga5 firefox-xh-45.6.0-1.mga5 firefox-zh_CN-45.6.0-1.mga5 firefox-zh_TW-45.6.0-1.mga5 from SRPMS: firefox-45.6.0-1.mga5.src.rpm firefox-l10n-45.6.0-1.mga5.src.rpm
David Walser
2016-12-14 18:17:18 CET
URL:
(none) =>
https://lwn.net/Vulnerabilities/709140/ Builds are in progress. Packages should be available by the end of the day. Advisory and package list in Comment 2. Assignee:
bugsquad =>
qa-bugs MGA5-64 & MGA5-32 real hardware and virtualbox machines. Packages installed : 32 bit : firefox-45.5.1-1.mga5.i586.rpm firefox-fr-45.5.1-1.mga5 64 bit : firefox-45.5.1-1.mga5.x86_64.rpm firefox-fr-45.5.1-1.mga5 both arch are working fine, here's my procedure : Launch the application Try some menus and modify options (home page, bookmarks ...) play some video from website Do a HTML5 and performance test to check if there is a regression. Install some extensions (adblock, noscript ...) Sync with an online accounts my previous tabs, preferences, bookmarks ... (firefox sync) Packages updated : 32 bit : firefox-45.6.0-1.mga5.i586.rpm firefox-fr-45.6.0-1.mga5 64 bit : firefox-45.6.0-1.mga5.x86_64.rpm firefox-fr-45.6.0-1.mga5 Everything is working fine, the performance and HTML5 tests are successfull and give good results. It's ok for me on 32 & 64 bits. rpm -qa | grep firefox firefox-45.6.0-1.mga5 firefox-fr-45.6.0-1.mga5
youpburden
2016-12-15 18:31:17 CET
Keywords:
(none) =>
validated_update
RĂ©mi Verschelde
2016-12-15 19:35:51 CET
Whiteboard:
MGA5-32-OK MGA5-64-OK =>
MGA5-32-OK MGA5-64-OK advisory An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0420.html Status:
NEW =>
RESOLVED |