firefox-24.8.0-2.0.1.AXS3
エラータID: AXSA:2014-523:05
リリース日:
2014/09/15 Monday - 11:12
題名:
firefox-24.8.0-2.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Mozilla Firefox のブラウザエンジンには,リモートの攻撃者がサービス拒否 (メモリ破壊とアプリケーションのクラッシュ) を引き起こす,あるいは任意のコードを実行する可能性のある詳細不明の脆弱性があります。(CVE-2014-1562)
- Mozilla Firefox の DirectionalityUtils.cpp には解放後使用の脆弱性が存在し,テキスト方向を設定する際に,テキストをレイアウトする間に不適切に処理されたテキストによって,リモートの攻撃者が任意のコードを実行する脆弱性があります。(CVE-2014-1567)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2014-1562
Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2014-1567
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-24.8.0-2.0.1.AXS3.src.rpm
MD5: 66d40432d94f3a888c1995055e5a3120
SHA-256: 2d6119f15c1b434426b283ff28a3b4edfbf9accfca8c99a7c017f8c1a1d13fa9
Size: 137.93 MB
Asianux Server 3 for x86
- firefox-24.8.0-2.0.1.AXS3.i386.rpm
MD5: 9f1847bd998c16f73a739f431ec8fd33
SHA-256: 04038a4c86c497aa925c193b2aa267504f0bb7e32d1412f5cf05cf63d6472090
Size: 49.11 MB
Asianux Server 3 for x86_64
- firefox-24.8.0-2.0.1.AXS3.x86_64.rpm
MD5: 1815e43b1277818144461ab6268612e2
SHA-256: 4eb3eb896b133d9e94d9bacb6b8bdce5168454f65bae326a91e5a84950d1b14c
Size: 50.22 MB