Re: Security ERRATA Critical: firefox on SL5.x, SL6.x i386/x86_64

Thu, 17 Dec 2015 09:57:12 -0800 

Connie,
What's this "<unknown program name>(7363)/ KStartupInfo::createNewStartupId:" that I'm seeing with this morning's update? 

Message appeared twice in the "Updating" portion following:

Updating   : selinux-policy-3.7.19-279.el6_7.8.noarch
and
Updating   : filezilla-3.7.3-3.el6.x86_64

and once in the "Installing" section following

kernel-devel-2.6.32-573.12.1.el6.x86_64

Also appeared twice in the "Cleanup" section following:

 Cleanup    : x2goagent-3.5.0.32-2.el6.x86_64
and
Cleanup    : kernel-headers-2.6.32-573.3.1.el6.x86_64

I fail to see any pattern that would lead me to understanding.

yum.log does not have any complaints.

TIA

Clint

Clint Bowman                    INTERNET:       cl...@ecy.wa.gov
Air Quality Modeler             INTERNET:       cl...@math.utah.edu
Department of Ecology           VOICE:          (360) 407-6815
PO Box 47600                    FAX:            (360) 407-7534
Olympia, WA 98504-7600

        USPS:           PO Box 47600, Olympia, WA 98504-7600
        Parcels:        300 Desmond Drive, Lacey, WA 98503-1274

On Thu, 17 Dec 2015, Connie Sieh wrote:


Synopsis:          Critical: firefox security update
Advisory ID:       SLSA-2015:2657-1
Issue Date:        2015-12-16
CVE Numbers:       CVE-2015-7201
                  CVE-2015-7210
                  CVE-2015-7212
                  CVE-2015-7205
                  CVE-2015-7213
                  CVE-2015-7222
                  CVE-2015-7214
--

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2015-7201, CVE-2015-7205, CVE-2015-7210,
CVE-2015-7212, CVE-2015-7213, CVE-2015-7222)

A flaw was found in the way Firefox handled content using the 'data:' and
'view-source:' URIs. An attacker could use this flaw to bypass the same-
origin policy and read data from cross-site URLs and local files.
(CVE-2015-7214)

5.0 ESR, which corrects these issues. After installing the update, Firefox
must be restarted for the changes to take effect.
--

SL5
 x86_64
   firefox-38.5.0-2.el5_11.i386.rpm
   firefox-38.5.0-2.el5_11.x86_64.rpm
   firefox-debuginfo-38.5.0-2.el5_11.i386.rpm
   firefox-debuginfo-38.5.0-2.el5_11.x86_64.rpm
 i386
   firefox-38.5.0-2.el5_11.i386.rpm
   firefox-debuginfo-38.5.0-2.el5_11.i386.rpm
SL6
 x86_64
   firefox-38.5.0-2.el6_7.x86_64.rpm
   firefox-debuginfo-38.5.0-2.el6_7.x86_64.rpm
   firefox-38.5.0-2.el6_7.i686.rpm
   firefox-debuginfo-38.5.0-2.el6_7.i686.rpm
 i386
   firefox-38.5.0-2.el6_7.i686.rpm
   firefox-debuginfo-38.5.0-2.el6_7.i686.rpm


- Scientific Linux Development Team















    











					Reply via email to