【CESA-2017:1440】最新バージョンの firefox が、Red Hat Enterprise Linux 7 からご利用いただけるようになりました

CESA-2017:1440

最新バージョンの firefox が、Red Hat Enterprise Linux 7 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 52.2.0 ESR.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
(CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756,
CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775,
CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752,
CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Nils, Nicolas Trippar of Zimperium zLabs, Mats Palmgren,
Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, André
Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous,
Ronald Crane, Samuel Erb, Holger Fuhrmannek, Tyson Smith, Abhishek Arya, and F.
Alonso (revskills) as the original reporters.

Bugs Fixed

1461252 – CVE-2017-5472 Mozilla: Use-after-free using destroyed node when regenerating trees (MFSA 2017-16)
1461253 – CVE-2017-7749 Mozilla: Use-after-free during docshell reloading (MFSA 2017-16)
1461254 – CVE-2017-7750 Mozilla: Use-after-free with track elements (MFSA 2017-16)
1461255 – CVE-2017-7751 Mozilla: Use-after-free with content viewer listeners (MFSA 2017-16)
1461256 – CVE-2017-7752 Mozilla: Use-after-free with IME input (MFSA 2017-16)
1461257 – CVE-2017-7754 Mozilla: Out-of-bounds read in WebGL with ImageInfo object (MFSA 2017-16)
1461258 – CVE-2017-7756 Mozilla: Use-after-free and use-after-scope logging XHR header errors (MFSA 2017-16)
1461259 – CVE-2017-7757 Mozilla: Use-after-free in IndexedDB (MFSA 2017-16)
1461260 – CVE-2017-7778 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Mozilla: Vulnerabilities in the Graphite 2 library (MFSA 2017-16)
1461261 – CVE-2017-7758 Mozilla: Out-of-bounds read in Opus encoder (MFSA 2017-16)
1461262 – CVE-2017-7764 Mozilla: Domain spoofing with combination of Canadian Syllabics and other unicode blocks (MFSA 2017-16)
1461264 – CVE-2017-5470 Mozilla: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 (MFSA 2017-16)

【CESA-2017:1430】最新バージョンの qemu-kvm が、Red Hat Enterprise Linux 7 からご利用いただけるようになりました

CESA-2017:1430

最新バージョンの qemu-kvm が、Red Hat Enterprise Linux 7 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux
on a variety of architectures. The qemu-kvm package provides the user-space
component for running virtual machines that use KVM.

Security Fix(es):

* An out-of-bounds r/w access issue was found in QEMU’s Cirrus CLGD 54xx VGA
Emulator support. The vulnerability could occur while copying VGA data via
various bitblt functions. A privileged user inside a guest could use this flaw
to crash the QEMU process or, potentially, execute arbitrary code on the host
with privileges of the QEMU process. (CVE-2017-7980)

* An out-of-bounds access issue was found in QEMU’s Cirrus CLGD 54xx VGA
Emulator support. The vulnerability could occur while copying VGA data using
bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user
inside a guest could use this flaw to crash the QEMU process, resulting in
denial of service. (CVE-2017-7718)

Red Hat would like to thank Jiangxin (PSIRT Huawei Inc) and Li Qiang (Qihoo 360
Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc) for
reporting CVE-2017-7718.

Bug Fix(es):

* Previously, guest virtual machines in some cases became unresponsive when the
“pty” back end of a serial device performed an irregular I/O communication. This
update improves the handling of serial I/O on guests, which prevents the
described problem from occurring. (BZ#1452332)

Bugs Fixed

1443441 – CVE-2017-7718 Qemu: display: cirrus: OOB read access issue
1444371 – CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines
1452332 – RHEL 7.2 based VM (Virtual Machine) hung for several hours apparently waiting for lock held by main_loop