Hi,
The SL6 x86_64 packages don't seem to be there yet...?
(The others seem fine; thank you.)
> On 24 Jan 2018, at 15:35, Pat Riehecky <[log in to unmask]> wrote:
>
> Synopsis: Critical: firefox security update
> Advisory ID: SLSA-2018:0122-1
> Issue Date: 2018-01-24
> CVE Numbers: CVE-2018-5089
> CVE-2018-5091
> CVE-2018-5095
> CVE-2018-5096
> CVE-2018-5097
> CVE-2018-5098
> CVE-2018-5099
> CVE-2018-5102
> CVE-2018-5103
> CVE-2018-5104
> CVE-2018-5117
> --
>
> This update upgrades Firefox to version 52.6.0 ESR.
>
> Security Fix(es):
>
> * Multiple flaws were found in the processing of malformed web content. A
> web page containing malicious content could cause Firefox to crash or,
> potentially, execute arbitrary code with the privileges of the user
> running Firefox. (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095,
> CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102,
> CVE-2018-5103, CVE-2018-5104, CVE-2018-5117)
>
> * To mitigate timing-based side-channel attacks similar to "Spectre" and
> "Meltdown", the resolution of performance.now() has been reduced from 5s
> to 20s.
> --
>
> SL6
> x86_64
> firefox-52.6.0-1.el6_9.x86_64.rpm
> firefox-debuginfo-52.6.0-1.el6_9.x86_64.rpm
> firefox-52.6.0-1.el6_9.i686.rpm
> firefox-debuginfo-52.6.0-1.el6_9.i686.rpm
> i386
> firefox-52.6.0-1.el6_9.i686.rpm
> firefox-debuginfo-52.6.0-1.el6_9.i686.rpm
> SL7
> x86_64
> firefox-52.6.0-1.el7_4.x86_64.rpm
> firefox-debuginfo-52.6.0-1.el7_4.x86_64.rpm
> firefox-52.6.0-1.el7_4.i686.rpm
> firefox-debuginfo-52.6.0-1.el7_4.i686.rpm
>
> - Scientific Linux Development Team
>
Chris Cooke, School of Informatics, University of Edinburgh.
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
|