firefox-60.2.2-1.0.1.AXS4

エラータID: AXSA:2018-3355:07

リリース日: 
2018/10/11 Thursday - 05:46
題名: 
firefox-60.2.2-1.0.1.AXS4
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

[Security Fix]
- 現時点では CVE-2018-12386, CVE-2018-12387 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2018-12386
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.
CVE-2018-12387
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. firefox-60.2.2-1.0.1.AXS4.src.rpm
    MD5: afe022ff30fbecf644a60788441dd08e
    SHA-256: 3f47996aa630ca196f78eb2c4fddcb29a5a1bc650b2783639b813d6ff6b20cad
    Size: 415.39 MB

Asianux Server 4 for x86
  1. firefox-60.2.2-1.0.1.AXS4.i686.rpm
    MD5: c9b85affe63883697a5dbb7e22ab8ba5
    SHA-256: 1d7dad8c1971e4d066aff3c37e7e6f7cb5b329109017943c06a8a5fef966ce68
    Size: 114.56 MB

Asianux Server 4 for x86_64
  1. firefox-60.2.2-1.0.1.AXS4.x86_64.rpm
    MD5: 39aa0c34598b02215fb576c4a2b77168
    SHA-256: 37644ad4f46ab6e45499910429b9544297b348baa590eae80d489ba46cb8f8c3
    Size: 114.76 MB
  2. firefox-60.2.2-1.0.1.AXS4.i686.rpm
    MD5: c9b85affe63883697a5dbb7e22ab8ba5
    SHA-256: 1d7dad8c1971e4d066aff3c37e7e6f7cb5b329109017943c06a8a5fef966ce68
    Size: 114.56 MB