firefox-78.4.0-1.0.1.el7.AXS7
エラータID: AXSA:2020-877:22
リリース日:
2020/11/09 Monday - 12:59
題名:
firefox-78.4.0-1.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Firefoxには、任意コード実行に繋がるメモリ破壊の脆弱性があります。(CVE-2020-15683)
- Firefoxには、巧妙に細工されたHTMLを通じて、リモートの攻撃者がメモリ破壊や
クラッシュを引き起こせるuse-after-free を起こす脆弱性があります。(CVE-2020-15969)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-15683
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.
CVE-2020-15969
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-78.4.0-1.0.1.el7.AXS7.src.rpm
MD5: 59466a2380795fe499672a1428fae183
SHA-256: 9160794071ec27d9215abbe56851bc001032ccd4f640b0f6c5f8fe7f2470c3ee
Size: 678.28 MB
Asianux Server 7 for x86_64
- firefox-78.4.0-1.0.1.el7.AXS7.x86_64.rpm
MD5: fac7895f40ad2f260d90964446676862
SHA-256: df2d86440851a2c93290e40db032f646f4eefbe80422b06996e235d8ff6e5e3e
Size: 104.87 MB - firefox-78.4.0-1.0.1.el7.AXS7.i686.rpm
MD5: b75b919cc92661b3078f40af881ada91
SHA-256: bd018537856751cee5d9e331bf3cd390f3c3905db4bc426ee93de4246f7026a6
Size: 106.57 MB