AXSA:2019-4415:08

Release date: 
Friday, December 20, 2019 - 17:12
Subject: 
firefox-68.3.0-1.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 68.3.0 ESR.

Security Fix(es):

* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)

* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)

* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)

* Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)

* Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-17005
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17008
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17010
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17011
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17012
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-68.3.0-1.0.1.AXS4.src.rpm
    MD5: 5cb71fa92dd9411a5adf1b6979e2be7c
    SHA-256: 16512ec37e02e604fc9298648cd0668d47a483bcc337a36df7354385db9441c0
    Size: 504.27 MB

Asianux Server 4 for x86
  1. firefox-68.3.0-1.0.1.AXS4.i686.rpm
    MD5: 39c68cd92145fc6ac6b0db3ddbbffb64
    SHA-256: 9bf5ac64c0978ccb1d7bc65859cd3a214158252603ef0d0fdd4ebe3d9a8b83eb
    Size: 118.22 MB

Asianux Server 4 for x86_64
  1. firefox-68.3.0-1.0.1.AXS4.x86_64.rpm
    MD5: f5911fff0f4b95a533348abd868191c4
    SHA-256: 63a689bb34a86327f1ceabba584f89db11c3e4ab7330ce50749dd14a980a8d39
    Size: 118.32 MB
  2. firefox-68.3.0-1.0.1.AXS4.i686.rpm
    MD5: 39c68cd92145fc6ac6b0db3ddbbffb64
    SHA-256: 9bf5ac64c0978ccb1d7bc65859cd3a214158252603ef0d0fdd4ebe3d9a8b83eb
    Size: 118.22 MB
Copyright© 2007-2015 Asianux. All rights reserved.