LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

December 2015

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS December 2015

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security ERRATA Critical: firefox on SL5.x, SL6.x i386/x86_64
From:	Clint Bowman <[log in to unmask]>
Reply To:	Clint Bowman <[log in to unmask]>
Date:	Thu, 17 Dec 2015 09:56:32 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (91 lines)

Connie,

What's this "<unknown program name>(7363)/ 
KStartupInfo::createNewStartupId:" that I'm seeing with this morning's 
update?

Message appeared twice in the "Updating" portion following:

Updating   : selinux-policy-3.7.19-279.el6_7.8.noarch
and
Updating   : filezilla-3.7.3-3.el6.x86_64

and once in the "Installing" section following

kernel-devel-2.6.32-573.12.1.el6.x86_64

Also appeared twice in the "Cleanup" section following:

  Cleanup    : x2goagent-3.5.0.32-2.el6.x86_64
and
Cleanup    : kernel-headers-2.6.32-573.3.1.el6.x86_64

I fail to see any pattern that would lead me to understanding.

yum.log does not have any complaints.

TIA

Clint

Clint Bowman			INTERNET:	[log in to unmask]
Air Quality Modeler		INTERNET:	[log in to unmask]
Department of Ecology		VOICE:		(360) 407-6815
PO Box 47600			FAX:		(360) 407-7534
Olympia, WA 98504-7600

         USPS:           PO Box 47600, Olympia, WA 98504-7600
         Parcels:        300 Desmond Drive, Lacey, WA 98503-1274

On Thu, 17 Dec 2015, Connie Sieh wrote:

> Synopsis:          Critical: firefox security update
> Advisory ID:       SLSA-2015:2657-1
> Issue Date:        2015-12-16
> CVE Numbers:       CVE-2015-7201
>                   CVE-2015-7210
>                   CVE-2015-7212
>                   CVE-2015-7205
>                   CVE-2015-7213
>                   CVE-2015-7222
>                   CVE-2015-7214
> --
>
> Several flaws were found in the processing of malformed web content. A web
> page containing malicious content could cause Firefox to crash or,
> potentially, execute arbitrary code with the privileges of the user
> running Firefox. (CVE-2015-7201, CVE-2015-7205, CVE-2015-7210,
> CVE-2015-7212, CVE-2015-7213, CVE-2015-7222)
>
> A flaw was found in the way Firefox handled content using the 'data:' and
> 'view-source:' URIs. An attacker could use this flaw to bypass the same-
> origin policy and read data from cross-site URLs and local files.
> (CVE-2015-7214)
>
> 5.0 ESR, which corrects these issues. After installing the update, Firefox
> must be restarted for the changes to take effect.
> --
>
> SL5
>  x86_64
>    firefox-38.5.0-2.el5_11.i386.rpm
>    firefox-38.5.0-2.el5_11.x86_64.rpm
>    firefox-debuginfo-38.5.0-2.el5_11.i386.rpm
>    firefox-debuginfo-38.5.0-2.el5_11.x86_64.rpm
>  i386
>    firefox-38.5.0-2.el5_11.i386.rpm
>    firefox-debuginfo-38.5.0-2.el5_11.i386.rpm
> SL6
>  x86_64
>    firefox-38.5.0-2.el6_7.x86_64.rpm
>    firefox-debuginfo-38.5.0-2.el6_7.x86_64.rpm
>    firefox-38.5.0-2.el6_7.i686.rpm
>    firefox-debuginfo-38.5.0-2.el6_7.i686.rpm
>  i386
>    firefox-38.5.0-2.el6_7.i686.rpm
>    firefox-debuginfo-38.5.0-2.el6_7.i686.rpm
>
>
> - Scientific Linux Development Team
>

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV