Hi,

The SL6 x86_64 packages don't seem to be there yet...?
(The others seem fine; thank you.)

On 24 Jan 2018, at 15:35, Pat Riehecky <[log in to unmask]> wrote:

Synopsis:          Critical: firefox security update
Advisory ID:       SLSA-2018:0122-1
Issue Date:        2018-01-24
CVE Numbers:       CVE-2018-5089
                  CVE-2018-5091
                  CVE-2018-5095
                  CVE-2018-5096
                  CVE-2018-5097
                  CVE-2018-5098
                  CVE-2018-5099
                  CVE-2018-5102
                  CVE-2018-5103
                  CVE-2018-5104
                  CVE-2018-5117
--

This update upgrades Firefox to version 52.6.0 ESR.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095,
CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102,
CVE-2018-5103, CVE-2018-5104, CVE-2018-5117)

* To mitigate timing-based side-channel attacks similar to "Spectre" and
"Meltdown", the resolution of performance.now() has been reduced from 5s
to 20s.
--

SL6
 x86_64
   firefox-52.6.0-1.el6_9.x86_64.rpm
   firefox-debuginfo-52.6.0-1.el6_9.x86_64.rpm
   firefox-52.6.0-1.el6_9.i686.rpm
   firefox-debuginfo-52.6.0-1.el6_9.i686.rpm
 i386
   firefox-52.6.0-1.el6_9.i686.rpm
   firefox-debuginfo-52.6.0-1.el6_9.i686.rpm
SL7
 x86_64
   firefox-52.6.0-1.el7_4.x86_64.rpm
   firefox-debuginfo-52.6.0-1.el7_4.x86_64.rpm
   firefox-52.6.0-1.el7_4.i686.rpm
   firefox-debuginfo-52.6.0-1.el7_4.i686.rpm

- Scientific Linux Development Team


Chris Cooke, School of Informatics, University of Edinburgh.