| Summary: | Firefox 68.7 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, herman.viaene, jim, joselp, sysadmin-bugs, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-32-OK MGA7-64-OK | ||
| Source RPM: | firefox | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-04-06 14:25:25 CEST
David Walser
2020-04-06 18:55:04 CEST
Assignee:
bugsquad =>
qa-bugs I have installed in MGA7-64 VirtualBox. No issues, works fine, addons ok, preferences, bookmarks ok. Greetings!! CC:
(none) =>
joselp MGA7-64 Plasma on Lenovo B50 No installation issues Usual newspapersite with text, pictures and video all OK. Addon for Belgian eid card also OK. Good for me. CC:
(none) =>
herman.viaene Advisory: ======================== Updated firefox packages fix security vulnerabilities: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure (CVE-2020-6821). On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code (CVE-2020-6822). Mozilla developers Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2020-6825). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6821 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6822 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6825 https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/ on mga7-64 kernel-desktop plasma packages installed cleanly: - firefox-68.7.0-1.mga7.x86_64 - firefox-en_GB-68.7.0-1.mga7.noarch - firefox-en_US-68.7.0-1.mga7.noarch no regressions observed looks OK for mga7-64 CC:
(none) =>
jim i5-2500, integrated Intel graphics, wired Internet, 64-bit Plasma system. Everything looks good here, too. CC:
(none) =>
andrewsfarm Dell Inspiron 5100, running a 32-bit Xfce system. Packages installed cleanly. Looks OK here, too. Giving it a 32-bit OK. Whiteboard:
(none) =>
MGA7-32-OK x86_64 $ uname -a Linux localhost 5.5.15-desktop-3.mga7 #1 SMP Sat Apr 4 19:06:09 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux Installed English version. Works fine. CC:
(none) =>
brtians1 I think we're good. Validating. Advisory in Comment 3. CC:
(none) =>
sysadmin-bugs
Thomas Backlund
2020-04-08 18:46:19 CEST
CC:
(none) =>
tmb RedHat has issued an advisory for this today (April 8): https://access.redhat.com/errata/RHSA-2020:1406 An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0163.html Resolution:
(none) =>
FIXED |