[Cucumber-linux-security] palemoon (security update is available)
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
Menu
▾
▴
[Cucumber-linux-security] palemoon (security update is available)
|
From: Scott C. <sc...@cu...> - 2018-05-21 21:13:56
|
Update Information A security update is available for palemoon for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Mon May 21 16:35:38 EDT 2018 xapps-extra/palemoon upgraded from 27.9.1 to 27.9.2 to fix several security issues: (CVE-2018-5174) Prevent potential SmartScreen bypass on Windows 10. (CVE-2018-5173) Fixed an issue in the Downloads panel improperly rendering some Unicode characters, allowing for the file name to be spoofed. This could be used to obscure the file extension of potentially executable files from user view in the panel. (CVE-2018-5177) Fixed a vulnerability in the XSLT component leading to a buffer overflow and crash if it occurs. (CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia library resulting in possible out-of-bounds writes. (CVE-2018-5154) Fixed a use-after-free vulnerability while enumerating attributes during SVG animations with clip paths. (CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable extension in order to occur. Fixed several stability issues (crashes) and memory safety hazards. For more information see: https://security.cucumberlinux.com/security/details.php?id=410 https://www.palemoon.org/releasenotes.shtml * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-410 [Several CVEs] (https://security.cucumberlinux.com/security/details.php?id=410) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure palemoon is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
