| Summary: | Firefox 52.9.0 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, jim, sysadmin-bugs |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-64-OK MGA6-32-OK | ||
| Source RPM: | firefox | CVE: | |
| Status comment: | |||
|
Description
David Walser
2018-06-26 13:30:07 CEST
Advisory to come later. Updated packages in core/updates_testing: ======================== firefox-52.9.0-1.mga6 firefox-devel-52.9.0-1.mga6 firefox-af-52.9.0-1.mga6 firefox-an-52.9.0-1.mga6 firefox-ar-52.9.0-1.mga6 firefox-as-52.9.0-1.mga6 firefox-ast-52.9.0-1.mga6 firefox-az-52.9.0-1.mga6 firefox-bg-52.9.0-1.mga6 firefox-bn_IN-52.9.0-1.mga6 firefox-bn_BD-52.9.0-1.mga6 firefox-br-52.9.0-1.mga6 firefox-bs-52.9.0-1.mga6 firefox-ca-52.9.0-1.mga6 firefox-cs-52.9.0-1.mga6 firefox-cy-52.9.0-1.mga6 firefox-da-52.9.0-1.mga6 firefox-de-52.9.0-1.mga6 firefox-el-52.9.0-1.mga6 firefox-en_GB-52.9.0-1.mga6 firefox-en_US-52.9.0-1.mga6 firefox-en_ZA-52.9.0-1.mga6 firefox-eo-52.9.0-1.mga6 firefox-es_AR-52.9.0-1.mga6 firefox-es_CL-52.9.0-1.mga6 firefox-es_ES-52.9.0-1.mga6 firefox-es_MX-52.9.0-1.mga6 firefox-et-52.9.0-1.mga6 firefox-eu-52.9.0-1.mga6 firefox-fa-52.9.0-1.mga6 firefox-ff-52.9.0-1.mga6 firefox-fi-52.9.0-1.mga6 firefox-fr-52.9.0-1.mga6 firefox-fy_NL-52.9.0-1.mga6 firefox-ga_IE-52.9.0-1.mga6 firefox-gd-52.9.0-1.mga6 firefox-gl-52.9.0-1.mga6 firefox-gu_IN-52.9.0-1.mga6 firefox-he-52.9.0-1.mga6 firefox-hi_IN-52.9.0-1.mga6 firefox-hr-52.9.0-1.mga6 firefox-hsb-52.9.0-1.mga6 firefox-hu-52.9.0-1.mga6 firefox-hy_AM-52.9.0-1.mga6 firefox-id-52.9.0-1.mga6 firefox-is-52.9.0-1.mga6 firefox-it-52.9.0-1.mga6 firefox-ja-52.9.0-1.mga6 firefox-kk-52.9.0-1.mga6 firefox-km-52.9.0-1.mga6 firefox-kn-52.9.0-1.mga6 firefox-ko-52.9.0-1.mga6 firefox-lij-52.9.0-1.mga6 firefox-lt-52.9.0-1.mga6 firefox-lv-52.9.0-1.mga6 firefox-mai-52.9.0-1.mga6 firefox-mk-52.9.0-1.mga6 firefox-ml-52.9.0-1.mga6 firefox-mr-52.9.0-1.mga6 firefox-ms-52.9.0-1.mga6 firefox-nb_NO-52.9.0-1.mga6 firefox-nl-52.9.0-1.mga6 firefox-nn_NO-52.9.0-1.mga6 firefox-or-52.9.0-1.mga6 firefox-pa_IN-52.9.0-1.mga6 firefox-pl-52.9.0-1.mga6 firefox-pt_BR-52.9.0-1.mga6 firefox-pt_PT-52.9.0-1.mga6 firefox-ro-52.9.0-1.mga6 firefox-ru-52.9.0-1.mga6 firefox-si-52.9.0-1.mga6 firefox-sk-52.9.0-1.mga6 firefox-sl-52.9.0-1.mga6 firefox-sq-52.9.0-1.mga6 firefox-sr-52.9.0-1.mga6 firefox-sv_SE-52.9.0-1.mga6 firefox-ta-52.9.0-1.mga6 firefox-te-52.9.0-1.mga6 firefox-th-52.9.0-1.mga6 firefox-tr-52.9.0-1.mga6 firefox-uk-52.9.0-1.mga6 firefox-uz-52.9.0-1.mga6 firefox-vi-52.9.0-1.mga6 firefox-xh-52.9.0-1.mga6 firefox-zh_CN-52.9.0-1.mga6 firefox-zh_TW-52.9.0-1.mga6 from SRPMS: firefox-52.9.0-1.mga6.src.rpm firefox-l10n-52.9.0-1.mga6.src.rpm Assignee:
bugsquad =>
qa-bugs Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/ on mga6-64 plasma packages installed cleanly - firefox-52.9.0-1.mga6.x86_64 - firefox-en_GB-52.9.0-1.mga6.noarch commonly used web sites including youtube and video streaming - all OK flashplayer recognised at https://helpx.adobe.com/flash-player.html this update looks OK for mga6-64 CC:
(none) =>
jim
James Kerr
2018-06-27 11:00:14 CEST
Whiteboard:
(none) =>
MGA6-64-OK RedHat has issued an advisory for this today (June 28): https://access.redhat.com/errata/RHSA-2018:2113 Advisory: ======================== Updated firefox packages fix security vulnerability: Mozilla: Memory safety bugs fixed in Firefox ESR 52.9 (CVE-2018-5188). Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359). Mozilla: Use-after-free using focus() (CVE-2018-12360). Mozilla: Media recorder segmentation fault when track type is changed during capture (CVE-2018-5156). Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362). Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363). Mozilla: CSRF attacks through 307 redirects and NPAPI plugins (CVE-2018-12364). Mozilla: Compromised IPC child process can list local filenames (CVE-2018-12365). Mozilla: Invalid data handling during QCMS transformations (CVE-2018-12366). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5156 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12359 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12362 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12363 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12365 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12366 https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/ https://www.mozilla.org/security/known-vulnerabilities/firefox-esr/ https://access.redhat.com/errata/RHSA-2018:2113 Updated this on two 32-bit installs on different hardware, one Plasma, the other Xfce. Tried a few websites and bookmarks, all looks OK. OKing this for 32-bit, and validating... Keywords:
(none) =>
validated_update Just to confirm, I used the 64-bit version this morning on my laptop to read my newspaper, visit Facebook, and to write this comment. All looks good.
Dave Hodgins
2018-06-29 20:20:30 CEST
CC:
(none) =>
davidwhodgins An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0305.html Status:
NEW =>
RESOLVED |