Thread: [Cucumber-linux-security] firefox (security update is available)
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
Menu
▾
▴
cucumber-linux-security
|
From: Z5T1 <z5...@z5...> - 2017-04-22 23:07:56
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0.alpha Here are the details from the Cucumber 1.0.alpha changelog: +----------------+ Sat Apr 22 18:22:12 EDT 2017 xapps-general/firefox updated from 52.0.2 to 52.1 to fix some security issues. For more information see: https://www.mozilla.org/en-US/firefox/52.1.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0.alpha i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.alpha/cucumber-i686/xapps-general/firefox-52.1.0esr-i686-1.txz Cucumber 1.0.alpha x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.alpha/cucumber-x86_64/xapps-general/firefox-52.1.0esr-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg <insert_package_filename> ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-06-15 17:35:44
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0.beta Here are the details from the Cucumber 1.0.beta changelog: +----------------+ Thu Jun 15 12:59:26 EDT 2017 xapps-general/firefox upgraded from 52.1.0esr to 52.2.0esr to fix several security vulnerabilities. For more information see: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0.beta i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.beta/cucumber-i686/xapps-general/firefox-52.2.0esr-i686-1.txz Cucumber 1.0.beta x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.beta/cucumber-x86_64/xapps-general/firefox-52.2.0esr-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg firefox-52.2.0esr-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-08-10 16:39:47
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Aug 10 11:48:55 EDT 2017 xapps-general/firefox upgraded from 52.2.0 to 52.3.0 to fix some security vulnerabilities. For more information see: https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found at the following location: Cucumber 1.0 i686: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/xapps-general/firefox-52.3.0esr-i686-1.txz Cucumber 1.0 x86_64: http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/xapps-general/firefox-52.3.0esr-x86_64-1.txz To upgrade the package manually, download the new package and run the following command (as root): # upgradepkg firefox-52.3.0esr-i686-1.txz ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-09-28 20:52:24
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Sep 28 12:02:16 EDT 2017 xapps-general/firefox upgraded from 52.3.0 to 52.4.0 for fix several security vulnerabilities: CVE-2017-7793: Use-after-free with Fetch API CVE-2017-7818: Use-after-free during ARIA array manipulation CVE-2017-7819: Use-after-free while resizing images in design mode CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces CVE-2017-7823: CSP sandbox directive did not create a unique origin CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 For More information see: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/ http://security.cucumberlinux.com/security/details.php?id=56 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-56 [mfsa2017-22] (http://security.cucumberlinux.com/security/details.php?id=56) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-10-10 17:12:03
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Tue Oct 10 12:34:03 EDT 2017 xapps-general/firefox upgraded from 52.4.0 to 52.4.1 to fix a couple of potential crash related issues. Note that these issues allegedly affect Mac OS only, however we will upgrade to be safe as Mozilla tends to push out other security updates in these releases that they don't tell us little people about until weeks later. For more information see: http://security.cucumberlinux.com/security/details.php?id=71 https://www.mozilla.org/en-US/firefox/52.4.1/releasenotes/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-71 (http://security.cucumberlinux.com/security/details.php?id=71) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Z5T1 <z5...@z5...> - 2017-11-14 19:15:18
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Alpha Here are the details from the Cucumber 1.0 changelog: +----------------+ Tue Nov 14 10:39:46 EST 2017 xapps-general/firefox upgraded from 52.4.1 to 52.5.0 for "various security fixes." Unfortunately, Mozilla doesn't like to make the details of their security fixes publicly available until several weeks after they are released, so we are unable to provide more information at this time. For more information see: https://www.mozilla.org/en-US/firefox/52.5.0/releasenotes/ http://security.cucumberlinux.com/security/details.php?id=128 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-128 (http://security.cucumberlinux.com/security/details.php?id=128) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-11-30 01:10:18
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Wed Nov 29 19:33:04 EST 2017 xapps-general/firefox upgraded from 52.5.0 to 52.5.1. This release probably contains security fixes, but Unfortunately, Mozilla doesn't like to make the details of their security fixes publicly available until several weeks after they are released, so we are unable to provide more information at this time. We have upgraded to be safe. For more information see: http://security.cucumberlinux.com/security/details.php?id=165 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-165 [NULL] (http://security.cucumberlinux.com/security/details.php?id=165) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-12-08 20:24:15
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Dec 8 10:09:47 EST 2017 xapps-general/firefox upgraded from 52.5.1 to 52.5.2 to fix CVE-2017-7843, a security vulnerability that allows a website to write persistent data to your browser's database while in private browsing mode (it is not supposed to be possible for data to persist across multiple private browsing sessions). For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-7843 http://security.cucumberlinux.com/security/details.php?id=175 https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-175 [CVE-2017-7843] (http://security.cucumberlinux.com/security/details.php?id=175) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <z5...@z5...> - 2017-12-28 14:09:25
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Thu Dec 28 08:29:41 EST 2017 xapps-general/firefox upgraded from 52.5.2 to 52.5.3. This release probably contains security fixes, but Unfortunately, Mozilla doesn't like to make the details of their security fixes publicly available until several weeks after they are released, so we are unable to provide more information at this time. We have upgraded to be safe. For more information see: http://security.cucumberlinux.com/security/details.php?id=193 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-193 [NULL] (http://security.cucumberlinux.com/security/details.php?id=193) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-01-20 19:55:32
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Sat Jan 20 14:23:24 EST 2018 xapps-general/firefox upgraded from 52.5.3 to 52.6.0. This release probably contains security fixes, but Unfortunately, Mozilla doesn't like to make the details of their security fixes publicly available until several weeks after they are released, so we are unable to provide more information at this time. We have upgraded to be safe. For more information see: http://security.cucumberlinux.com/security/details.php?id=239 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-239 (http://security.cucumberlinux.com/security/details.php?id=239) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-13 21:59:55
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Sat Mar 10 16:08:05 EST 2018 xapps-general/firefox upgraded from 52.6.0esr to 52.7.0esr. This update probably contains several security fixes; however, Mozilla doesn't disclose information about any security fixes until several weeks after they have been release. We have updated to be safe. For more information see: http://security.cucumberlinux.com/security/details.php?id=320 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-320 (http://security.cucumberlinux.com/security/details.php?id=320) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-17 19:16:38
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Sat Mar 17 14:42:10 EDT 2018 xapps-general/firefox upgraded from 52.7.0 to 52.7.2 to fix CVE-2018-5146, an out of bounds write security vulnerability in libvorbis. For more information see: http://security.cucumberlinux.com/security/details.php?id=328 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146 https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-328 [CVE-2018-5146] (http://security.cucumberlinux.com/security/details.php?id=328) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-03-28 01:27:50
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 RC Here are the details from the Cucumber 1.0 changelog: +----------------+ Tue Mar 27 11:13:03 EDT 2018 xapps-general/firefox upgraded from 52.7.2 to 52.7.3 to fix CVE-2018-5148, a use after free vulnerability in the compositor that resulted in a potentially exploitable crash. For more information see: https://security.cucumberlinux.com/security/details.php?id=347 https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-347 (http://security.cucumberlinux.com/security/details.php?id=347) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-01 00:02:41
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon Apr 30 17:11:03 EDT 2018 xapps-general/firefox upgraded from 52.7.3esr to 52.7.4esr. Given that this is an off schedule release, thie update almost certainly contains security fixes; however, Mozilla doesn't like to disclose information about any security fixes until a while after the fixes have been released. We have updated to be safe. For more information see: https://security.cucumberlinux.com/security/details.php?id=379 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-379 (https://security.cucumberlinux.com/security/details.php?id=379) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-10 14:17:21
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu May 10 09:40:13 EDT 2018 xapps-general/firefox upgraded from 52.7.4 to 52.8.0 to fix several security vulnerabilities: CVE-2018-5183: Backport critical security fixes in Skia CVE-2018-5154: Use-after-free with SVG animations and clip paths CVE-2018-5155: Use-after-free with SVG animations and text paths CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer CVE-2018-5159: Integer overflow and out-of-bounds write in Skia CVE-2018-5168: Lightweight themes can be installed without user interaction CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 For more information see: https://security.cucumberlinux.com/security/details.php?id=386 https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-386 [Several CVEs] (https://security.cucumberlinux.com/security/details.php?id=386) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-05-17 16:53:29
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu May 17 12:07:42 EDT 2018 xapps-general/firefox upgraded from 60.0esr to 60.0.1esr. Being that this is an off schedule point release, this release almost certainly contains security fixes. Unfortunately, Mozilla doesn't like to disclose information about security fixes until a while after the fixes have been released. We have updated to be safe. For more information see: https://security.cucumberlinux.com/security/details.php?id=400 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-400 (https://security.cucumberlinux.com/security/details.php?id=400) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-06-06 22:14:14
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Wed Jun 6 17:00:59 EDT 2018 xapps-general/firefox upgraded from 60.0.1esr to 60.0.2esr. Being that this is an off schedule point release, it likely contains security fixes. Unfortunately Mozilla doesn't like to release any information about security fixes or even disclose if a release is a security fix until a week or two after its release, so we have no way of knowing for sure. We have updated to be safe. For more information see: https://security.cucumberlinux.com/security/details.php?id=423 That page will be updated as more information becomes available. * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-423 [NULL] (https://security.cucumberlinux.com/security/details.php?id=423) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-06-26 22:01:06
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Jun 26 17:57:23 EDT 2018 xapps-general/firefox upgraded from 60.0.2esr to 60.1.0esr to fix several security vulnerabilities: - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-12361: Integer overflow in SwizzleData - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12371: Integer overflow in Skia library during edge builder allocation - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming - CVE-2018-12368: No warning when opening executable SettingContent-ms files - CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments - CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1 - CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 For more information see: https://security.cucumberlinux.com/security/details.php?id=444 https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-444 [NULL] (https://security.cucumberlinux.com/security/details.php?id=444) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-09-04 19:12:00
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Sep 4 14:57:23 EDT 2018 xapps-general/firefox upgraded from 60.1.0esr to 60.2.0esr. This update likely contains security fixes; however, Mozilla does not like to publicly disclose any details for security updates until the updated version of Firefox has been available for a couple of weeks. This makes it difficult to know for sure what has been fixes, so we have upgraded just to be safe. For more information see: https://security.cucumberlinux.com/security/details.php?id=541 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-541 (https://security.cucumberlinux.com/security/details.php?id=541) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-09-23 15:19:14
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sun Sep 23 11:10:32 EDT 2018 xapps-general/firefox upgraded from 60.2.0 to 60.2.1. This update fixes two security vulnerabilities: CVE-2018-12385: Crash in TransportSecurityInfo due to cached data CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords For more information see: https://security.cucumberlinux.com/security/details.php?id=560 https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-560 (https://security.cucumberlinux.com/security/details.php?id=560) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-10-03 02:15:42
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Oct 2 22:05:07 EDT 2018 xapps-general/firefox upgraded from 60.2.1 to 60.2.2 to fix two high severity security vulnerabilities: CVE-2018-12386: Type confusion in JavaScript This allows for remote code execution inside a sandboxed content process. CVE-2018-12387: Memory leak in JavaScript JIT compiler This leaks the memory address of the calling function, which can be useful in other attacks. For more information see: https://security.cucumberlinux.com/security/details.php?id=569 https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-569 (https://security.cucumberlinux.com/security/details.php?id=569) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-10-23 18:46:12
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Oct 23 12:42:40 EDT 2018 xapps-general/firefox upgraded from 60.2.2 to 60.3.0 to fix several security vulnerabilities: CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin CVE-2018-12392: Crash with nested event loops CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts CVE-2018-12397: CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 For more information see: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-585 (https://security.cucumberlinux.com/security/details.php?id=585) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2018-12-15 18:02:08
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Sat Dec 15 12:53:26 EST 2018 xapps-general/firefox upgraded from 60.3.0esr to 60.4.0esr to fix several security vulnerabilities: CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Use-after-free with select element CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs CVE-2018-18498: Integer overflow when calculating buffer sizes for images CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 For more information see: https://security.cucumberlinux.com/security/details.php?id=636 https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-636 (https://security.cucumberlinux.com/security/details.php?id=636) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-02-19 16:28:39
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Feb 19 11:15:21 EST 2019 xapps-general/firefox upgraded from 60.4.0 to 60.5.0. This is an upstream update that fixes three security vulnerabilities: CVE-2018-18500: Use-after-free parsing HTML5 stream CVE-2018-18505: Privilege escalation through IPC channel messages CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 For more information see: https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/ https://security.cucumberlinux.com/security/details.php?id=656 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-656 (https://security.cucumberlinux.com/security/details.php?id=656) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
|
From: Scott C. <sc...@cu...> - 2019-04-03 01:49:04
Attachments:
signature.asc
|
Update Information A security update is available for firefox for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Tue Apr 2 12:30:11 EDT 2019 xapps-general/firefox upgraded from 60.5.0 to 60.5.1. This is an upstream update that fixed several security vulnerabilities. For more information see: https://security.cucumberlinux.com/security/details.php?id=663 https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ https://security.cucumberlinux.com/security/details.php?id=664 https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ https://security.cucumberlinux.com/security/details.php?id=665 https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/ * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-663 (https://security.cucumberlinux.com/security/details.php?id=663) * CLD-664 (https://security.cucumberlinux.com/security/details.php?id=664) * CLD-665 (https://security.cucumberlinux.com/security/details.php?id=665) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure firefox is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X