firefox-68.11.0-1.0.1.AXS4
エラータID: AXSA:2020-254:16
リリース日:
2020/08/04 Tuesday - 12:49
題名:
firefox-68.11.0-1.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Firefox、Thunderbird には、クロスオリジンリダイレクトの結果が漏洩してしまう脆弱性があります。
(CVE-2020-15652)
- Firefox、Thunderbird にはメモリ安全性のバグが存在し、それらのうちのいくつかにメモリ破壊や
任意のコードを実行できる可能性のある脆弱性があります。(CVE-2020-15659)
- Firefox、Thunderbird には開放後使用の脆弱性が存在し、巧妙に細工された HTML ページによって、
リモートの攻撃者がヒープベースのメモリを破壊する可能性のある脆弱性があります。
(CVE-2020-6463)
- Firefox、Thunderbird には不適切な実装が存在し、巧妙に細工された SCTP ストリームによって、
特権的なネットワークの地位を利用した攻撃者がヒープベースのメモリ破壊を行う可能性の
ある脆弱性があります。(CVE-2020-6514)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-15652
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-15659
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-6463
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6514
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-68.11.0-1.0.1.AXS4.src.rpm
MD5: e5a6bb473ddd37bf1f693c7d175bc0fc
SHA-256: 50f528e531ca00eefbf4ece1d9cde471e5f071a66b60ef6eb7fc18c48947cb66
Size: 512.96 MB
Asianux Server 4 for x86
- firefox-68.11.0-1.0.1.AXS4.i686.rpm
MD5: aacb5bddcb206f138d360e67638b33f4
SHA-256: 5acff266df53a68ee6c9ec71ecb43a029b203181e9f408152ac3f7cad86c251c
Size: 118.47 MB
Asianux Server 4 for x86_64
- firefox-68.11.0-1.0.1.AXS4.x86_64.rpm
MD5: eb22ee91f916652c6c21cc1a14b78de4
SHA-256: 77509f17321777299e583472c407a210a57aaa9d016c2669f384ad1e057bbc0b
Size: 118.57 MB - firefox-68.11.0-1.0.1.AXS4.i686.rpm
MD5: aacb5bddcb206f138d360e67638b33f4
SHA-256: 5acff266df53a68ee6c9ec71ecb43a029b203181e9f408152ac3f7cad86c251c
Size: 118.47 MB
English