Univention Bugzilla – Full Text Bug Listing |
Summary: | Firefox: Security issues from 38.5 (4.0) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Daniel Tröder <troeder> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann, walkenhorst |
Version: | UCS 4.0 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 4.0-4-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | |||
Bug Depends on: | 40272 | ||
Bug Blocks: | 40274 |
Description
Arvid Requate
2015-12-16 19:53:01 CET
Firefox ESR 38.5.2: * Prevent MD5 Downgrade in TLS 1.2 Signatures (CVE-2015-7575) Updated and build in 66955, 66956, 66959. OK: announce_errata -V firefox-??.yaml OK: apt-get install firefox-en=1:38.4.0esr-ucs-4.0.61.201511191931 OK: apt-get install firefox-en # 1:38.5.2esr-ucs-4.1.63.201601260929 OK: apt-get purge firefox-en OK: apt-get install firefox-en OK: apt-get remove firefox-en OK: apt-get purge firefox-en OK: apt-get install firefox-de=1:38.4.0esr-ucs-4.0.66.201511191929 OK: apt-get install firefox-de # 1:38.5.2esr-ucs-4.1.68.201601260931 OK: apt-get purge firefox-de OK: apt-get install firefox-de OK: apt-get remove firefox-de OK: apt-get purge firefox-de OK: https://www.google.de/ OK: https://www.univention.de/ OK: https://forge.univention.org/ OK: http://www.tagesschau.de/ OK: https://www.youtube.com/ OK: about: 38.5.2 OK: amd64 OK. i386 OK: firefox-??.yaml OK: errata-announce -V firefox-en.yaml OK: errata-announce -V firefox-de.yaml r66973 | Bug #40272,Bug #40273,Bug #40274 Firefox: CVE-2015-7575 Note: ESR 38.6 will be released later today: https://wiki.mozilla.org/RapidRelease/Calendar#Future_branch_dates Firefox ESR 38.6 fixes these issues: * global-buffer-overflow (write) at BufferSubData (CVE-2016-1935) * Memory safety bugs fixed in Firefox ESR 38.6 and Firefox 44. (CVE-2016-1930) * Prevent MD5 Downgrade in TLS 1.2 Signatures (CVE-2015-7575) [again? strange, maybe an updated patch?] Updated and compiled: 66987 + 66989 OK: apt-get install firefox-en=1:38.4.0esr-ucs-4.0.61.201511191931 OK: apt-get install firefox-en # 1:38.6.0esr-ucs-4.0.68.201601270954 OK: apt-get purge firefox-en OK: apt-get install firefox-en OK: apt-get remove firefox-en OK: apt-get purge firefox-en OK: apt-get install firefox-de=1:38.4.0esr-ucs-4.0.66.201511191929 OK: apt-get install firefox-de # 1:38.6.0esr-ucs-4.0.72.201601270956 OK: apt-get purge firefox-de OK: apt-get install firefox-de OK: apt-get remove firefox-de OK: apt-get purge firefox-de OK: https://www.google.de/ OK: https://www.univention.de/ OK: https://forge.univention.org/ OK: http://www.tagesschau.de/ OK: https://www.youtube.com/ OK: about: # 38.6 OK: amd64 OK: i386 OK: errata-announce -V firefox-en.yaml OK: errata-announce -V firefox-de.yaml OK: firefox-??.yaml |