firefox-68.3.0-1.0.1.el7.AXS7

エラータID: AXSA:2019-4400:07

Release date: 
Monday, December 9, 2019 - 09:07
Subject: 
firefox-68.3.0-1.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 68.3.0 ESR.

Security Fix(es):

* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)

* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)

* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)

* Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)

* Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-17005
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17008
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17010

CVE-2019-17011
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17012
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2019-17005
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17008
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17010
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17011
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17012
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-68.3.0-1.0.1.el7.AXS7.src.rpm
    MD5: 082f0cc8ec59caf77c94c9fdedf47160
    SHA-256: 8ce23e87f9a5ee63a26fb0a2bc66f0c51f03010976b00abf3bd3e69b0e5da977
    Size: 504.27 MB

Asianux Server 7 for x86_64
  1. firefox-68.3.0-1.0.1.el7.AXS7.x86_64.rpm
    MD5: cdb109684813df0a7022399c1c2263c3
    SHA-256: 89624875eec6e462f2829a60a017d784936cd46ea0c48be505f48c03aa0d4a3c
    Size: 94.27 MB
  2. firefox-68.3.0-1.0.1.el7.AXS7.i686.rpm
    MD5: e016998687b8f3e778b2cc0fc9ac2b21
    SHA-256: 97fbcbdb02dd61ab1eef710cb6201f631ed8e716226ec540bd9964a93f27f1b4
    Size: 97.08 MB