Mandriva has issued an advisory on November 21: http://www.mandriva.com/en/support/security/advisories/?dis=mes5&name=MDVSA-2012:173 Updated packages uploaded for Mageia 1 and Mageia 2. Source RPMs: firefox-10.0.11-1.mga1.src.rpm firefox-10.0.11-1.mga2.src.rpm firefox-l10n-10.0.11-1.mga1.src.rpm firefox-l10n-10.0.11-1.mga2.src.rpm Advisory: ======================== Updated firefox packages fix security vulnerabilities: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2012-5842). Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution (CVE-2012-4202). Mozilla security researcher moz_bug_r_a4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious web content being able to perform a cross-site scripting (XSS) attack or stealing a copy of a local file if the user has installed an add-on vulnerable to this attack (CVE-2012-4201). Mozilla developer Bobby Holley reported that security wrappers filter at the time of property access, but once a function is returned, the caller can use this function without further security checks. This affects cross-origin wrappers, allowing for write actions on objects when only read actions should be properly allowed. This can lead to cross-site scripting (XSS) attacks (CVE-2012-5841). Security researcher Masato Kinugawa found when HZ-GB-2312 charset encoding is used for text, the ~ character will destroy another character near the chunk delimiter. This can lead to a cross-site scripting (XSS) attack in pages encoded in HZ-GB-2312 (CVE-2012-4207). Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute's value is set to top. This can allow for possible cross-site scripting (XSS) attacks through plugins (CVE-2012-4209). Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution (CVE-2012-4210). Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840). Security researcher miaubiz used the Address Sanitizer tool to discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release (CVE-2012-5833, CVE-2012-5835). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4210 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842 http://www.mozilla.org/security/announce/2012/mfsa2012-91.html http://www.mozilla.org/security/announce/2012/mfsa2012-92.html http://www.mozilla.org/security/announce/2012/mfsa2012-93.html http://www.mozilla.org/security/announce/2012/mfsa2012-100.html http://www.mozilla.org/security/announce/2012/mfsa2012-101.html http://www.mozilla.org/security/announce/2012/mfsa2012-103.html http://www.mozilla.org/security/announce/2012/mfsa2012-104.html http://www.mozilla.org/security/announce/2012/mfsa2012-105.html http://www.mozilla.org/security/announce/2012/mfsa2012-106.html http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html http://www.mandriva.com/en/support/security/advisories/?dis=mes5&name=MDVSA-2012:173
Whiteboard: (none) => MGA1TOO
Testing complete mga2 32 Spellcheck, java, flash, https
Whiteboard: MGA1TOO => MGA1TOO mga2-32-OK
Testing complete mga2 64
Whiteboard: MGA1TOO mga2-32-OK => MGA1TOO mga2-32-OK mga2-64-OK
Testing complete Mageia 1 and 2, i586 and x86-64. Could someone from the sysadmin team push the srpms firefox-10.0.11-1.mga2.src.rpm firefox-l10n-10.0.11-1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpms firefox-10.0.11-1.mga1.src.rpm firefox-l10n-10.0.11-1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated firefox packages fix security vulnerabilities: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2012-5842). Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution (CVE-2012-4202). Mozilla security researcher moz_bug_r_a4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious web content being able to perform a cross-site scripting (XSS) attack or stealing a copy of a local file if the user has installed an add-on vulnerable to this attack (CVE-2012-4201). Mozilla developer Bobby Holley reported that security wrappers filter at the time of property access, but once a function is returned, the caller can use this function without further security checks. This affects cross-origin wrappers, allowing for write actions on objects when only read actions should be properly allowed. This can lead to cross-site scripting (XSS) attacks (CVE-2012-5841). Security researcher Masato Kinugawa found when HZ-GB-2312 charset encoding is used for text, the ~ character will destroy another character near the chunk delimiter. This can lead to a cross-site scripting (XSS) attack in pages encoded in HZ-GB-2312 (CVE-2012-4207). Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute's value is set to top. This can allow for possible cross-site scripting (XSS) attacks through plugins (CVE-2012-4209). Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution (CVE-2012-4210). Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840). Security researcher miaubiz used the Address Sanitizer tool to discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release (CVE-2012-5833, CVE-2012-5835). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4210 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5842 http://www.mozilla.org/security/announce/2012/mfsa2012-91.html http://www.mozilla.org/security/announce/2012/mfsa2012-92.html http://www.mozilla.org/security/announce/2012/mfsa2012-93.html http://www.mozilla.org/security/announce/2012/mfsa2012-100.html http://www.mozilla.org/security/announce/2012/mfsa2012-101.html http://www.mozilla.org/security/announce/2012/mfsa2012-103.html http://www.mozilla.org/security/announce/2012/mfsa2012-104.html http://www.mozilla.org/security/announce/2012/mfsa2012-105.html http://www.mozilla.org/security/announce/2012/mfsa2012-106.html http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html http://www.mandriva.com/en/support/security/advisories/?dis=mes5&name=MDVSA-2012:173 https://bugs.mageia.org/show_bug.cgi?id=8180
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: MGA1TOO mga2-32-OK mga2-64-OK => MGA1TOO mga2-32-OK mga2-64-OK MGA1-64-OK MGA1-32-OK
mga2 needs another round of tests as dmorgan rebuilt the package :(
CC: (none) => sander.lepikHardware: i586 => AllWhiteboard: MGA1TOO mga2-32-OK mga2-64-OK MGA1-64-OK MGA1-32-OK => MGA1TOO MGA1-64-OK MGA1-32-OK
well it's exatly the same package (without the rebuild)
No it's OK, the package that was previously validated was restored to updates_testing.
Whiteboard: MGA1TOO MGA1-64-OK MGA1-32-OK => MGA1TOO MGA1-64-OK MGA1-32-OK MGA2-32-OK MGA2-64-OK
21:47 < tmb> dmorgan did not restore 10.0 series, he did a rebuild wich now picked up the new sqlite wich is only in updates_testing :/ 21:47 < leuhmanu> :( 21:47 < tmb> and I have already pushed firefox before noticing :/
Keywords: validated_update => (none)Whiteboard: MGA1TOO MGA1-64-OK MGA1-32-OK MGA2-32-OK MGA2-64-OK => MGA1TOO MGA1-64-OK MGA1-32-OK
If it's already been pushed, what can be done now?
adding dmorgan so he know what's going (if he still read his email)
CC: (none) => dmorganec
ok fixing
Already fixed by tmb. He deleted sqlite from updates_testing and resubmitted again revision 320512 to the build system.
thomas so you pushed the new sqlite too ?
ok
Revalidating... new packages match on binary level and requires on those that was validated initially.... Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0342
Keywords: (none) => validated_updateStatus: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXEDWhiteboard: MGA1TOO MGA1-64-OK MGA1-32-OK => MGA1TOO MGA1-64-OK MGA1-32-OK MGA2-32-OK MGA2-64-OK