firefox-68.3.0-1.0.1.el7.AXS7
エラータID: AXSA:2019-4400:07
リリース日:
2019/12/09 Monday - 09:07
題名:
firefox-68.3.0-1.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Firefoxには、プレーンテキストのシリアライザが、ol要素の個数長を持つ
固定長配列を処理可能でしたが、静的配列がメモリ破壊や、クラッシュを
引き起こす脆弱性があります。 (CVE-2019-17005)
- Firefoxでは、入れ子になっているワーカで、ワーカの破壊を引き起こす
ことができ、クラッシュする脆弱性があります。(CVE-2019-17008)
- Firefoxには、フィンガープリンティング対策で優先順位の確認時に、
競合状態にあるとクラッシュする脆弱性があります。(CVE-2019-17010)
- Firefoxには、特定状況下で、DoCShellからのドキュメントの取り出し時に
競合状態が発生し、クラッシュする脆弱性があります。(CVE-2019-17011)
- Firefoxには、メモリの安全性に関するバグが発見されており、メモリ破壊と
任意コードが実行可能な脆弱性がありました。(CVE-2019-17012)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-17005
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17008
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17010
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17011
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17012
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-68.3.0-1.0.1.el7.AXS7.src.rpm
MD5: 082f0cc8ec59caf77c94c9fdedf47160
SHA-256: 8ce23e87f9a5ee63a26fb0a2bc66f0c51f03010976b00abf3bd3e69b0e5da977
Size: 504.27 MB
Asianux Server 7 for x86_64
- firefox-68.3.0-1.0.1.el7.AXS7.x86_64.rpm
MD5: cdb109684813df0a7022399c1c2263c3
SHA-256: 89624875eec6e462f2829a60a017d784936cd46ea0c48be505f48c03aa0d4a3c
Size: 94.27 MB - firefox-68.3.0-1.0.1.el7.AXS7.i686.rpm
MD5: e016998687b8f3e778b2cc0fc9ac2b21
SHA-256: 97fbcbdb02dd61ab1eef710cb6201f631ed8e716226ec540bd9964a93f27f1b4
Size: 97.08 MB
English