Hi,

The SL6 x86_64 packages don't seem to be there yet...?
(The others seem fine; thank you.)

> On 24 Jan 2018, at 15:35, Pat Riehecky <[log in to unmask]> wrote:
> 
> Synopsis:          Critical: firefox security update
> Advisory ID:       SLSA-2018:0122-1
> Issue Date:        2018-01-24
> CVE Numbers:       CVE-2018-5089
>                   CVE-2018-5091
>                   CVE-2018-5095
>                   CVE-2018-5096
>                   CVE-2018-5097
>                   CVE-2018-5098
>                   CVE-2018-5099
>                   CVE-2018-5102
>                   CVE-2018-5103
>                   CVE-2018-5104
>                   CVE-2018-5117
> --
> 
> This update upgrades Firefox to version 52.6.0 ESR.
> 
> Security Fix(es):
> 
> * Multiple flaws were found in the processing of malformed web content. A
> web page containing malicious content could cause Firefox to crash or,
> potentially, execute arbitrary code with the privileges of the user
> running Firefox. (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095,
> CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102,
> CVE-2018-5103, CVE-2018-5104, CVE-2018-5117)
> 
> * To mitigate timing-based side-channel attacks similar to "Spectre" and
> "Meltdown", the resolution of performance.now() has been reduced from 5s
> to 20s.
> --
> 
> SL6
>  x86_64
>    firefox-52.6.0-1.el6_9.x86_64.rpm
>    firefox-debuginfo-52.6.0-1.el6_9.x86_64.rpm
>    firefox-52.6.0-1.el6_9.i686.rpm
>    firefox-debuginfo-52.6.0-1.el6_9.i686.rpm
>  i386
>    firefox-52.6.0-1.el6_9.i686.rpm
>    firefox-debuginfo-52.6.0-1.el6_9.i686.rpm
> SL7
>  x86_64
>    firefox-52.6.0-1.el7_4.x86_64.rpm
>    firefox-debuginfo-52.6.0-1.el7_4.x86_64.rpm
>    firefox-52.6.0-1.el7_4.i686.rpm
>    firefox-debuginfo-52.6.0-1.el7_4.i686.rpm
> 
> - Scientific Linux Development Team
> 

Chris Cooke, School of Informatics, University of Edinburgh.




The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.