firefox-78.4.0-2.0.1.AXS4

エラータID: AXSA:2020-834:21

リリース日: 
2020/10/29 Thursday - 06:21
題名: 
firefox-78.4.0-2.0.1.AXS4
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- Firefoxには、任意コード実行に繋がるメモリ破壊の脆弱性があります。(CVE-2020-15683)

- Firefoxには、巧妙に細工されたHTMLを通じて、リモートの攻撃者がメモリ破壊や
クラッシュを引き起こせるuse-after-free を起こす脆弱性があります。(CVE-2020-15969)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2020-15683
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.
CVE-2020-15969
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. firefox-78.4.0-2.0.1.AXS4.src.rpm
    MD5: 62c2ba48c532f02429a3a61b44af31dc
    SHA-256: 381a2216e86927df416de30851daf4cf0f4219ec4f53dc03c37f8d277573b2d2
    Size: 694.70 MB

Asianux Server 4 for x86
  1. firefox-78.4.0-2.0.1.AXS4.i686.rpm
    MD5: 23da20dd531e38882a3c9e5734a9486d
    SHA-256: c7f6f5500dbdc06b25b4c33a16aa77ae87cf39d59aa7634e06e027998c6fb1d9
    Size: 133.52 MB

Asianux Server 4 for x86_64
  1. firefox-78.4.0-2.0.1.AXS4.x86_64.rpm
    MD5: 2bc086dbe4b41743b00eb44fe417305f
    SHA-256: 97848220c7dfb1dd062f22dca8a4c7f8e411788e1748719844f9f8d87ec1dc70
    Size: 130.17 MB
  2. firefox-78.4.0-2.0.1.AXS4.i686.rpm
    MD5: 23da20dd531e38882a3c9e5734a9486d
    SHA-256: c7f6f5500dbdc06b25b4c33a16aa77ae87cf39d59aa7634e06e027998c6fb1d9
    Size: 133.52 MB