firefox-52.7.2-1.0.1.AXS4

エラータID: AXSA:2018-2628:03

Release date: 
Tuesday, March 20, 2018 - 19:42
Subject: 
firefox-52.7.2-1.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 52.7.2 ESR.

Security Fix(es):

* Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-5146
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2018-5146
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-52.7.2-1.0.1.AXS4.src.rpm
    MD5: d0be20cc40f3404e37330870bea868be
    SHA-256: 52fe0005e4762e19e91a8614c71188f36044a7baef1cd61eb1a7d8b6f1cedc00
    Size: 368.52 MB

Asianux Server 4 for x86
  1. firefox-52.7.2-1.0.1.AXS4.i686.rpm
    MD5: 5df951dfb29f1722245563feada0391a
    SHA-256: c2060143df365852366aff6a1f0c40b5f1a106828da8d76a5f7bec3e9b7758ab
    Size: 79.78 MB

Asianux Server 4 for x86_64
  1. firefox-52.7.2-1.0.1.AXS4.x86_64.rpm
    MD5: 80c2c0cb6549e9da04f0553e5e52b24f
    SHA-256: 332e7c6f96dea48acac6af48b256ed680326edf1bebfc9e1956ccdf7163e17b8
    Size: 79.33 MB
  2. firefox-52.7.2-1.0.1.AXS4.i686.rpm
    MD5: 5df951dfb29f1722245563feada0391a
    SHA-256: c2060143df365852366aff6a1f0c40b5f1a106828da8d76a5f7bec3e9b7758ab
    Size: 79.78 MB