MGASA-2017-0081

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0081.html

Import Source

https://advisories.mageia.org/MGASA-2017-0081.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2017-0081

Related

Published

2017-03-23T21:21:35Z

Modified

2017-03-23T20:51:58Z

Summary

Updated firefox packages fix security vulnerability

Details

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405).

Also, the nss package has been updated to version 3.28.3, in which the Next Protocol Negotiation (NPN) extension has been replaced by the Application-Layer Protocol Negotiation (ALPN) extension and which now supports the Finite Field Diffie-Hellman Ephemeral Parameters (FFDHE) negotiation.

Due to the nss update, the sqlite3 package has been updated to version 3.10.2.

Additionally, an error in the nss package has been corrected, where it was failing to build against the system rootcerts package and instead was using a bundled version, which could have caused the rootcerts that NSS used to be outdated at times (mga#20053). The nss package has now been built against the latest rootcerts, which have also been updated.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / rootcerts

Package

Name: rootcerts
Purl: pkg:rpm/mageia/rootcerts?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20170209.00-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / sqlite3

Package

Name: sqlite3
Purl: pkg:rpm/mageia/sqlite3?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.2-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / nss

Package

Name: nss
Purl: pkg:rpm/mageia/nss?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.28.3-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / firefox

Package

Name: firefox
Purl: pkg:rpm/mageia/firefox?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

45.8.0-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / firefox-l10n

Package

Name: firefox-l10n
Purl: pkg:rpm/mageia/firefox-l10n?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

45.8.0-1.mga5

Ecosystem specific

{
    "section": "core"
}