Subject: | |
From: | |
Reply To: | |
Date: | Sat, 8 Aug 2015 09:18:19 +0100 |
Content-Type: | multipart/signed |
Parts/Attachments: |
|
|
On Sat, 2015-08-08 at 03:31 +0000, Pat Riehecky wrote:
> Synopsis: Important: firefox security update
> Advisory ID: SLSA-2015:1581-1
> Issue Date: 2015-08-07
> CVE Numbers: CVE-2015-4495
> --
>
> A flaw was discovered in Mozilla Firefox that could be used to violate the
> same-origin policy and inject web script into a non-privileged part of the
> built-in PDF file viewer (PDF.js). An attacker could create a malicious
> web page that, when viewed by a victim, could steal arbitrary files
> (including private SSH keys, the /etc/passwd file, and other potentially
> sensitive files) from the system running Firefox. (CVE-2015-4495)
>
> After installing the update, Firefox must be restarted for the changes
> to take effect.
> --
>
> SL5
> x86_64
> firefox-38.1.1-1.el5_11.i386.rpm
> firefox-38.1.1-1.el5_11.x86_64.rpm
> firefox-debuginfo-38.1.1-1.el5_11.i386.rpm
> firefox-debuginfo-38.1.1-1.el5_11.x86_64.rpm
> i386
> firefox-38.1.1-1.el5_11.i386.rpm
> firefox-debuginfo-38.1.1-1.el5_11.i386.rpm
> SL6
> x86_64
> firefox-38.1.1-1.el6_7.x86_64.rpm
> firefox-debuginfo-38.1.1-1.el6_7.x86_64.rpm
> firefox-38.1.1-1.el6_7.i686.rpm
> firefox-debuginfo-38.1.1-1.el6_7.i686.rpm
> i386
> firefox-38.1.1-1.el6_7.i686.rpm
> firefox-debuginfo-38.1.1-1.el6_7.i686.rpm
> SL7
> x86_64
> firefox-38.1.1-1.el7_1.x86_64.rpm
> firefox-debuginfo-38.1.1-1.el7_1.x86_64.rpm
> firefox-38.1.1-1.el7_1.i686.rpm
> firefox-debuginfo-38.1.1-1.el7_1.i686.rpm
>
> - Scientific Linux Development Team
Hi,
Seems the 6x repo has not been updated for inclusion of this update as
none showing on a clean 'yum update' though the rpm is there.
Regards
Phil
--
Twitter: @philwyett
Jappix (xmpp chat): [log in to unmask]
|
|
|