| Summary: | Firefox 68.3 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | herman.viaene, jim, joselp, lists.jjorge, sysadmin-bugs, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-32-OK MGA7-64-OK | ||
| Source RPM: | firefox, firefox-l10n, nspr | CVE: | |
| Status comment: | |||
| Bug Depends on: | 25792 | ||
| Bug Blocks: | |||
|
Description
Nicolas Salguero
2019-12-04 11:03:34 CET
Nicolas Salguero
2019-12-04 11:03:50 CET
Whiteboard:
(none) =>
MGA7TOO
Nicolas Salguero
2019-12-04 11:05:09 CET
Source RPM:
(none) =>
firefox, firefox-l10n, nspr Since it's already built, go ahead and include the nspr update with this update. If Bugzilla was working from here on Monday evening, I was going to say that it is not needed, because it has no changes except for the version number and will only be required by nss 3.48, which isn't out yet, so we wouldn't really need it until the next Firefox update, but now is fine too. Whiteboard:
MGA7TOO =>
(none)
David Walser
2019-12-04 13:32:01 CET
Depends on:
(none) =>
25792 I can't install firefox 68.3. No appear it in the testing repositories, only appear language packages. CC:
(none) =>
joselp
Nicolas Salguero
2019-12-04 14:11:20 CET
Blocks:
(none) =>
25821
David Walser
2019-12-05 16:59:17 CET
Blocks:
25821 =>
(none) Suggested advisory: ======================== Use-after-free in worker destruction. (CVE-2019-17008) Stack corruption due to incorrect number of arguments in WebRTC code. (CVE-2019-13722) Updater temporary files accessible to unprivileged processes. (CVE-2019-17009) Use-after-free when performing device orientation checks. (CVE-2019-17010) Buffer overflow in plain text serializer. (CVE-2019-17005) Use-after-free when retrieving a document in antitracking. (CVE-2019-17011) Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3. (CVE-2019-17012) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13722 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17009 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012 https://www.mozilla.org/en-US/firefox/68.3.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/ ======================== Updated packages in core/updates_testing: ======================== firefox-68.3.0-1.mga7 firefox-devel-68.3.0-1.mga7 firefox-af-68.3.0-1.mga7 firefox-an-68.3.0-1.mga7 firefox-ar-68.3.0-1.mga7 firefox-ast-68.3.0-1.mga7 firefox-az-68.3.0-1.mga7 firefox-bg-68.3.0-1.mga7 firefox-bn-68.3.0-1.mga7 firefox-br-68.3.0-1.mga7 firefox-bs-68.3.0-1.mga7 firefox-ca-68.3.0-1.mga7 firefox-cs-68.3.0-1.mga7 firefox-cy-68.3.0-1.mga7 firefox-da-68.3.0-1.mga7 firefox-de-68.3.0-1.mga7 firefox-el-68.3.0-1.mga7 firefox-en_GB-68.3.0-1.mga7 firefox-en_US-68.3.0-1.mga7 firefox-eo-68.3.0-1.mga7 firefox-es_AR-68.3.0-1.mga7 firefox-es_CL-68.3.0-1.mga7 firefox-es_ES-68.3.0-1.mga7 firefox-es_MX-68.3.0-1.mga7 firefox-et-68.3.0-1.mga7 firefox-eu-68.3.0-1.mga7 firefox-fa-68.3.0-1.mga7 firefox-ff-68.3.0-1.mga7 firefox-fi-68.3.0-1.mga7 firefox-fr-68.3.0-1.mga7 firefox-fy_NL-68.3.0-1.mga7 firefox-ga_IE-68.3.0-1.mga7 firefox-gd-68.3.0-1.mga7 firefox-gl-68.3.0-1.mga7 firefox-gu_IN-68.3.0-1.mga7 firefox-he-68.3.0-1.mga7 firefox-hi_IN-68.3.0-1.mga7 firefox-hr-68.3.0-1.mga7 firefox-hsb-68.3.0-1.mga7 firefox-hu-68.3.0-1.mga7 firefox-hy_AM-68.3.0-1.mga7 firefox-id-68.3.0-1.mga7 firefox-is-68.3.0-1.mga7 firefox-it-68.3.0-1.mga7 firefox-ja-68.3.0-1.mga7 firefox-kk-68.3.0-1.mga7 firefox-km-68.3.0-1.mga7 firefox-kn-68.3.0-1.mga7 firefox-ko-68.3.0-1.mga7 firefox-lij-68.3.0-1.mga7 firefox-lt-68.3.0-1.mga7 firefox-lv-68.3.0-1.mga7 firefox-mk-68.3.0-1.mga7 firefox-mr-68.3.0-1.mga7 firefox-ms-68.3.0-1.mga7 firefox-nb_NO-68.3.0-1.mga7 firefox-nl-68.3.0-1.mga7 firefox-nn_NO-68.3.0-1.mga7 firefox-pa_IN-68.3.0-1.mga7 firefox-pl-68.3.0-1.mga7 firefox-pt_BR-68.3.0-1.mga7 firefox-pt_PT-68.3.0-1.mga7 firefox-ro-68.3.0-1.mga7 firefox-ru-68.3.0-1.mga7 firefox-si-68.3.0-1.mga7 firefox-sk-68.3.0-1.mga7 firefox-sl-68.3.0-1.mga7 firefox-sq-68.3.0-1.mga7 firefox-sr-68.3.0-1.mga7 firefox-sv_SE-68.3.0-1.mga7 firefox-ta-68.3.0-1.mga7 firefox-te-68.3.0-1.mga7 firefox-th-68.3.0-1.mga7 firefox-tr-68.3.0-1.mga7 firefox-uk-68.3.0-1.mga7 firefox-uz-68.3.0-1.mga7 firefox-vi-68.3.0-1.mga7 firefox-xh-68.3.0-1.mga7 firefox-zh_CN-68.3.0-1.mga7 firefox-zh_TW-68.3.0-1.mga7 lib(64)nspr4-4.24-1.mga7 lib(64)nspr-devel-4.24-1.mga7 from SRPMS: firefox-68.3.0-1.mga7.src.rpm firefox-l10n-68.3.0-1.mga7.src.rpm nspr-4.24-1.mga7.src.rpm Assignee:
bugsquad =>
qa-bugs MGA7-64 Plasma on Lenovo B50 No installation issues. Tested usual newspapersite and one of my own pages: all OK. CC:
(none) =>
herman.viaene MGA7-32 all ok, even heavy Youtube playing. CC:
(none) =>
lists.jjorge on mga7-64 kernel-desktop plasma packages installed cleanly: - lib64nss3-3.47.1-1.mga7.x86_64 - nss-3.47.1-1.mga7.x86_64 - rootcerts-20191126.00-1.mga7.noarch - rootcerts-java-20191126.00-1.mga7.noarch - firefox-68.3.0-1.mga7.x86_64 - firefox-en_GB-68.3.0-1.mga7.noarch - firefox-en_US-68.3.0-1.mga7.noarch - lib64nspr4-4.24-1.mga7.x86_64 no regressions observed looks OK for mga7-64 CC:
(none) =>
jim
David Walser
2019-12-08 16:40:39 CET
Whiteboard:
MGA7-32-OK =>
MGA7-32-OK MGA7-64-OK
Thomas Backlund
2019-12-08 18:40:18 CET
Keywords:
(none) =>
advisory, validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0376.html Resolution:
(none) =>
FIXED RedHat has issued an advisory for this on December 5: https://access.redhat.com/errata/RHSA-2019:4107 |