firefox-60.2.0-1.0.1.el7.AXS7
エラータID: AXSA:2018-3322:05
リリース日:
2018/09/19 Wednesday - 05:18
題名:
firefox-60.2.0-1.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Tor ブラウザには、firefox が file:// を適切に処理しないことを利用した巧妙な
ウェブサイトを介して、リモートの攻撃者がブラウザの匿名化の機構を迂回し、
クライアントのIPアドレスを特定することを可能とする、TorMoil としても知られる
脆弱性があります。(CVE-2017-16541)
- 現時点では CVE-2018-12376 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
- 現時点では CVE-2018-12377 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
- 現時点では CVE-2018-12378 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
- 現時点では CVE-2018-12379 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-16541
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
CVE-2018-12376
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
CVE-2018-12377
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
CVE-2018-12378
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
CVE-2018-12379
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-60.2.0-1.0.1.el7.AXS7.src.rpm
MD5: 28eda353d121aaefefbffdb69d3aa1e0
SHA-256: 6968a9ff1c94397eb399d3768b2d53fdb2d8c68a1a3610e5abb95a2b620b8ee2
Size: 415.66 MB
Asianux Server 7 for x86_64
- firefox-60.2.0-1.0.1.el7.AXS7.x86_64.rpm
MD5: db6f803ae2a5dc56259ea7c14e75dcec
SHA-256: 2e8fb6f5f8a76b48de49c0259aa46027215407ca44b319d55d06abf1e902c31a
Size: 90.58 MB - firefox-60.2.0-1.0.1.el7.AXS7.i686.rpm
MD5: a8eeac3a6e09bf08f938df11a1403ed1
SHA-256: 467e4fe2e474edf9f94a5693e9cfdba0a86434ac795da90411817957af2e5cca
Size: 92.34 MB