thunderbird-52.5.0-1.AXS4

エラータID: AXSA:2017-2439:07

リリース日: 
2017/12/05 Tuesday - 14:37
題名: 
thunderbird-52.5.0-1.AXS4
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- 現時点では CVE-2017-7826, CVE-2017-7828, CVE-2017-7830 の
情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2017-7826
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
CVE-2017-7828
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
CVE-2017-7830
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. thunderbird-52.5.0-1.AXS4.src.rpm
    MD5: cabdb0e4b18697f0ed73887d08535148
    SHA-256: 908c2f595d0a1e0e94beb73e6511925bf1aa42e78a4475a93f575da34088f51e
    Size: 400.37 MB

Asianux Server 4 for x86
  1. thunderbird-52.5.0-1.AXS4.i686.rpm
    MD5: 1639fe2810edccfed6a4b4314facb9b6
    SHA-256: 9ac4ef4bd2c23d3531cccfe2556200477d00bb7ebab5e04b6e84cad0da402729
    Size: 72.85 MB

Asianux Server 4 for x86_64
  1. thunderbird-52.5.0-1.AXS4.x86_64.rpm
    MD5: 3a9ad7cc562b96516a038ebbfd9117d1
    SHA-256: ede995555941198d252564dd504d596362e335ab29ea6ec527218edaa69ce077
    Size: 72.29 MB