firefox-24.8.0-1.0.1.AXS4
エラータID: AXSA:2014-520:04
リリース日:
2014/09/12 Friday - 20:07
題名:
firefox-24.8.0-1.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Mozilla Firefox のブラウザエンジンには,リモートの攻撃者がサービス拒否 (メモリ破壊とアプリケーションのクラッシュ) を引き起こす,あるいは任意のコードを実行する可能性のある詳細不明の脆弱性があります。(CVE-2014-1562)
- Mozilla Firefox の DirectionalityUtils.cpp には解放後使用の脆弱性が存在し,テキスト方向を設定する際に,テキストをレイアウトする間に不適切に処理されたテキストによって,リモートの攻撃者が任意のコードを実行する脆弱性があります。(CVE-2014-1567)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2014-1562
Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2014-1567
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-24.8.0-1.0.1.AXS4.src.rpm
MD5: 1481d73151e76c0824b57859ba69d86e
SHA-256: 9d05346ccb5692d922bcb67d98c7b8e04b46f14dd71fd288d875dd970f4d18ae
Size: 137.47 MB
Asianux Server 4 for x86
- firefox-24.8.0-1.0.1.AXS4.i686.rpm
MD5: 635098a8a483e6ec5841cf2e610517e8
SHA-256: cbe7323f1a96a1be11803b06c3fbf56e8a1c3ff237fdffbe7f3d9001e613eb24
Size: 46.78 MB
Asianux Server 4 for x86_64
- firefox-24.8.0-1.0.1.AXS4.x86_64.rpm
MD5: 6e351faf83758203a246c8d076e495a3
SHA-256: 9a66ca81f1e04550f7041f92b6cc19660b4e83bde212f92134db9c50f652b456
Size: 46.33 MB - firefox-24.8.0-1.0.1.AXS4.i686.rpm
MD5: 635098a8a483e6ec5841cf2e610517e8
SHA-256: cbe7323f1a96a1be11803b06c3fbf56e8a1c3ff237fdffbe7f3d9001e613eb24
Size: 46.78 MB