RedHat has issued an advisory today (March 8): https://rhn.redhat.com/errata/RHSA-2017-0461.html They have also updated nss: https://rhn.redhat.com/errata/RHEA-2017-0460.html We'll have a rootcerts update to go with that as well. Currently this is stuck because nss failed to build: https://bugs.mageia.org/show_bug.cgi?id=20053 http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20170307221222.akien.duvel.43725/log/nss-3.28.3-2.mga6/build.0.20170307221302.log All of the updates are in SVN except for nss in Mageia 5.
(In reply to David Walser from comment #0) > RedHat has issued an advisory today (March 8): > https://rhn.redhat.com/errata/RHSA-2017-0461.html > > They have also updated nss: > https://rhn.redhat.com/errata/RHEA-2017-0460.html > > We'll have a rootcerts update to go with that as well. > > Currently this is stuck because nss failed to build: > https://bugs.mageia.org/show_bug.cgi?id=20053 > http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/ > 20170307221222.akien.duvel.43725/log/nss-3.28.3-2.mga6/build.0. > 20170307221302.log > > All of the updates are in SVN except for nss in Mageia 5. Assigning to all packagers collectively, since there are no registered maintainer for those packages.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
David, I just submitted the update for 5/rootcerts which looks like it built ok - but is just sitting in updates/testing now. It is basically the same update we did for cauldron. Same question for 5/sqlite3. An update for 5 was needed to build the new nss so I made it to 3.17.0 which will be needed for firefox 52. I have the nss-3.28.3 update ready (which itself should be a good test for whether rootcerts works right) but I can't push it until both rootcerts and sqlite3 is there. Please advise - Is the correct procedure to open a bug and run these through QA like usual?
CC: (none) => mrambo
When you push packages in core/updates_testing, they will build against packages of core/release, core/updates AND core/updates_testing. It means that you should push them all in turn to core/updates_testing, and get them all validated together as part of the Firefox update.
Updated package uploaded for Mageia 5. Advisory: ======================== Updated firefox package fixes multiple security issues: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405). Updated packages in core/updates_testing: ======================== firefox-45.8.0-1.mga5 from firefox-45.8.0-1.mga5.src.rpm
Assignee: pkg-bugs => qa-bugs
Tested on MGA5 i586. All seems Ok, except that as rootcerts are updated, minitube fails again...
CC: (none) => lists.jjorge
Blocks: (none) => 20053
Advisory: ======================== Updated nss and firefox packages fix security issues: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405). Also, the nss package has been updated to version 3.28.3, in which the Next Protocol Negotiation (NPN) extension has been replaced by the Application-Layer Protocol Negotiation (ALPN) extension and which now supports the Finite Field Diffie-Hellman Ephemeral Parameters (FFDHE) negotiation. Due to the nss update, the sqlite3 package has been updated to version 3.10.2. Additionally, an error in the nss package has been corrected, where it was failing to build against the system rootcerts package and instead was using a bundled version, which could have caused the rootcerts that NSS used to be outdated at times (mga#20053). The nss package has now been built against the latest rootcerts, which have also been updated. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410 https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/ https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ http://www.sqlite.org/releaselog/3_8_11_1.html http://www.sqlite.org/releaselog/3_9_2.html http://www.sqlite.org/releaselog/3_10_2.html https://rhn.redhat.com/errata/RHSA-2017-0461.html https://rhn.redhat.com/errata/RHEA-2017-0460.html https://bugs.mageia.org/show_bug.cgi?id=20053 https://bugs.mageia.org/show_bug.cgi?id=20419 ======================== Updated packages in core/updates_testing: ======================== rootcerts-20170209.00-1.mga5 rootcerts-java-20170209.00-1.mga5 lemon-3.10.2-1.mga5 libsqlite3_0-3.10.2-1.mga5 libsqlite3-devel-3.10.2-1.mga5 libsqlite3-static-devel-3.10.2-1.mga5 sqlite3-debuginfo-3.10.2-1.mga5 sqlite3-tcl-3.10.2-1.mga5 sqlite3-tools-3.10.2-1.mga5 nss-doc-3.28.3-1.mga5 libnss3-3.28.3-1.mga5 libnss-devel-3.28.3-1.mga5 libnss-static-devel-3.28.3-1.mga5 nss-3.28.3-1.mga5 nss-debuginfo-3.28.3-1.mga5 firefox-45.8.0-1.mga5 firefox-af-45.8.0-1.mga5 firefox-an-45.8.0-1.mga5 firefox-ar-45.8.0-1.mga5 firefox-as-45.8.0-1.mga5 firefox-ast-45.8.0-1.mga5 firefox-az-45.8.0-1.mga5 firefox-be-45.8.0-1.mga5 firefox-bg-45.8.0-1.mga5 firefox-bn_BD-45.8.0-1.mga5 firefox-bn_IN-45.8.0-1.mga5 firefox-br-45.8.0-1.mga5 firefox-bs-45.8.0-1.mga5 firefox-ca-45.8.0-1.mga5 firefox-cs-45.8.0-1.mga5 firefox-cy-45.8.0-1.mga5 firefox-da-45.8.0-1.mga5 firefox-de-45.8.0-1.mga5 firefox-devel-45.8.0-1.mga5 firefox-el-45.8.0-1.mga5 firefox-en_GB-45.8.0-1.mga5 firefox-en_US-45.8.0-1.mga5 firefox-en_ZA-45.8.0-1.mga5 firefox-eo-45.8.0-1.mga5 firefox-es_AR-45.8.0-1.mga5 firefox-es_CL-45.8.0-1.mga5 firefox-es_ES-45.8.0-1.mga5 firefox-es_MX-45.8.0-1.mga5 firefox-et-45.8.0-1.mga5 firefox-eu-45.8.0-1.mga5 firefox-fa-45.8.0-1.mga5 firefox-ff-45.8.0-1.mga5 firefox-fi-45.8.0-1.mga5 firefox-fr-45.8.0-1.mga5 firefox-fy_NL-45.8.0-1.mga5 firefox-ga_IE-45.8.0-1.mga5 firefox-gd-45.8.0-1.mga5 firefox-gl-45.8.0-1.mga5 firefox-gu_IN-45.8.0-1.mga5 firefox-he-45.8.0-1.mga5 firefox-hi_IN-45.8.0-1.mga5 firefox-hr-45.8.0-1.mga5 firefox-hsb-45.8.0-1.mga5 firefox-hu-45.8.0-1.mga5 firefox-hy_AM-45.8.0-1.mga5 firefox-id-45.8.0-1.mga5 firefox-is-45.8.0-1.mga5 firefox-it-45.8.0-1.mga5 firefox-ja-45.8.0-1.mga5 firefox-kk-45.8.0-1.mga5 firefox-km-45.8.0-1.mga5 firefox-kn-45.8.0-1.mga5 firefox-ko-45.8.0-1.mga5 firefox-lij-45.8.0-1.mga5 firefox-lt-45.8.0-1.mga5 firefox-lv-45.8.0-1.mga5 firefox-mai-45.8.0-1.mga5 firefox-mk-45.8.0-1.mga5 firefox-ml-45.8.0-1.mga5 firefox-mr-45.8.0-1.mga5 firefox-ms-45.8.0-1.mga5 firefox-nb_NO-45.8.0-1.mga5 firefox-nl-45.8.0-1.mga5 firefox-nn_NO-45.8.0-1.mga5 firefox-or-45.8.0-1.mga5 firefox-pa_IN-45.8.0-1.mga5 firefox-pl-45.8.0-1.mga5 firefox-pt_BR-45.8.0-1.mga5 firefox-pt_PT-45.8.0-1.mga5 firefox-ro-45.8.0-1.mga5 firefox-ru-45.8.0-1.mga5 firefox-si-45.8.0-1.mga5 firefox-sk-45.8.0-1.mga5 firefox-sl-45.8.0-1.mga5 firefox-sq-45.8.0-1.mga5 firefox-sr-45.8.0-1.mga5 firefox-sv_SE-45.8.0-1.mga5 firefox-ta-45.8.0-1.mga5 firefox-te-45.8.0-1.mga5 firefox-th-45.8.0-1.mga5 firefox-tr-45.8.0-1.mga5 firefox-uk-45.8.0-1.mga5 firefox-uz-45.8.0-1.mga5 firefox-vi-45.8.0-1.mga5 firefox-xh-45.8.0-1.mga5 firefox-zh_CN-45.8.0-1.mga5 firefox-zh_TW-45.8.0-1.mga5 from SRPMS: rootcerts-20170209.00-1.mga5.src.rpm sqlite3-3.10.2-1.mga5.src.rpm nss-3.28.2-1.mga5.src.rpm firefox-45.8.0-1.mga5.src.rpm firefox-l10n-45.8.0-1.mga5.src.rpm
There was a report on IRC that Thunderbird (in Cauldron) is crashing with the updated NSS (but Mageia 5 would probably also be affected), so it may be that TB 45.8 needs to go out with this, or that the following fix in NSS from upstream will take care of that issue: http://pkgs.fedoraproject.org/cgit/rpms/nss.git/commit/?h=f24&id=51ea22c0ae95bbc2c76f4c0b1166ca646402a122
On mga5-64 Packages updated cleanly: - firefox-45.8.0-1.mga5.x86_64 - firefox-en_GB-45.8.0-1.mga5.noarch - lib64nss3-3.28.3-1.mga5.x86_64 - lib64sqlite3_0-3.10.2-1.mga5.x86_64 - nss-3.28.3-1.mga5.x86_64 - rootcerts-20170209.00-1.mga5.noarch - sqlite3-tools-3.10.2-1.mga5.x86_64 All seems to be OK TB has not crashed as yet, but it is not heavily used on my test platform.
CC: (none) => jim
x86_64 real harware. Installed all of those packages referred to in comment 8 and: - lib64nss-devel - sqlite3-tcl - lib64sqlite3-devel - lib64sqlite3-static-devel - lemon - rootcerts-java-20170209.00-1 Restarted firefox and all seems to be well. Will see how it goes.
CC: (none) => tarazed25
M5 x64 real hardware with AMD/ATI/Radeon video Updated all the packages from the list already installed on my system (like Comment 8, + a couple). Ran Firefox through its paces on the BBC site, videos with sound. Using it now. Looks OK.
CC: (none) => lewyssmith
FYI Mozilla just released Firefox 52.0.1 with the following security fix: https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/ I've seen no 45.8.1esr so either 45 is not affected or there's a patch to backport.
(In reply to Samuel Verschelde from comment #11) > FYI Mozilla just released Firefox 52.0.1 with the following security fix: > > https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/ > > I've seen no 45.8.1esr so either 45 is not affected or there's a patch to > backport. What I heard is that issue was a regression in 52, so 45 isn't affected.
Created attachment 9121 [details] Crash backtrace I updated Firefox to 45.8.0-1.mga6 and it always crashes on start now.
CC: (none) => krnekit
Blocks: (none) => 20420
(In reply to Nikita Krupenko from comment #13) > I updated Firefox to 45.8.0-1.mga6 and it always crashes on start now. Same problem here, with firefox-45.8.0-2.mga6.
(In reply to Nikita Krupenko from comment #13) > Created attachment 9121 [details] > Crash backtrace > > I updated Firefox to 45.8.0-1.mga6 and it always crashes on start now. Please report this in a new bug report. This one is about the Mageia 5 update candidate.
(In reply to Rémi Verschelde from comment #15) > (In reply to Nikita Krupenko from comment #13) > > Created attachment 9121 [details] > > Crash backtrace > > > > I updated Firefox to 45.8.0-1.mga6 and it always crashes on start now. > > Please report this in a new bug report. This one is about the Mageia 5 > update candidate. Done, bug 20542
Checked this out with the 64-bit server kernel on an Athlon X2/nvidia340 machine, both before and after updating to the proposed 4.4.55 kernel. Looks good, no issues noted.
CC: (none) => andrewsfarm
Checked this out on a Sempron 3100+/nvidia304 machine, both in 64-bit and 32-bit, both before and after updating to the proposed 4.4.55 server kernels. Looks good, no issues noted.
Keywords: (none) => validated_updateWhiteboard: (none) => advisory MGA5-64-OK MGA5-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0081.html
Status: NEW => RESOLVEDResolution: (none) => FIXED