firefox-52.5.0-1.0.1.AXS4
エラータID: AXSA:2017-2420:06
リリース日:
2017/11/29 Wednesday - 19:47
題名:
firefox-52.5.0-1.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- 現時点では CVE-2017-7826,CVE-2017-7828,CVE-2017-7830 の情報が
公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-7826
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
CVE-2017-7828
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
CVE-2017-7830
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-52.5.0-1.0.1.AXS4.src.rpm
MD5: f5198d8e5943af1e6b943a419d51f042
SHA-256: c3968b2d6b4fb16ecec08cee01200a9948b0e94786f2777f64f37543c2dfa740
Size: 370.11 MB
Asianux Server 4 for x86
- firefox-52.5.0-1.0.1.AXS4.i686.rpm
MD5: 77e5436340a1e38a2a29f1fa493a82dd
SHA-256: bba852075add10cecb952bc1d1a85610198512981cd1a7e7e6f14b3ef27c85e9
Size: 80.18 MB
Asianux Server 4 for x86_64
- firefox-52.5.0-1.0.1.AXS4.x86_64.rpm
MD5: 56828455752418ce41234c34ba71ee1e
SHA-256: 4b9e8ef8a37577a1a566b8796b765c3e038d1a7d68d72d4bcbb694f8e808cce0
Size: 79.71 MB - firefox-52.5.0-1.0.1.AXS4.i686.rpm
MD5: 77e5436340a1e38a2a29f1fa493a82dd
SHA-256: bba852075add10cecb952bc1d1a85610198512981cd1a7e7e6f14b3ef27c85e9
Size: 80.18 MB
English