firefox-52.5.0-1.0.1.el7.AXS7
エラータID: AXSA:2017-2416:07
リリース日:
2017/11/28 Tuesday - 17:17
題名:
firefox-52.5.0-1.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- 現時点では CVE-2017-7826,CVE-2017-7828,CVE-2017-7830 の情報が
公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-7826
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
CVE-2017-7828
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
CVE-2017-7830
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-52.5.0-1.0.1.el7.AXS7.src.rpm
MD5: 59cee022f3eb2a669c85b47027cb57d0
SHA-256: 687ec76642919bea2e2198e4ee1bd8a662a62298d0219e7cf647b9a0c869c96b
Size: 369.26 MB
Asianux Server 7 for x86_64
- firefox-52.5.0-1.0.1.el7.AXS7.x86_64.rpm
MD5: 12cd30c59e9981707388e6f2b27ae957
SHA-256: d44ff3fd8376c5dd66ac55cf2c02c36e4eaecb25ea15d5e6a03c19ccd9631bd3
Size: 83.23 MB - firefox-52.5.0-1.0.1.el7.AXS7.i686.rpm
MD5: 4752806f47ce4de92394bd92ede30731
SHA-256: 5ea01a43d40c9b5cd04a9c0cef7bb62129e9ca5c5c1d91e3c62e61237ae2f6d0
Size: 83.46 MB