ALT Linux Team

Branch sisyphus update on 2019-06-20

2019-06-20

ALT-BU-2019-3747-1

Branch sisyphus update bulletin.

ALT-PU-2019-2091-1

Package firefox-esr updated to version 60.7.1-alt1 for branch sisyphus in task 232552.

Closed vulnerabilities

Published: 2019-07-23

BDU:2019-03613

Уязвимость метода Array.pop почтового клиента Thunderbird и браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2019-07-23
Modified: 2025-04-04

CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:

ALT-PU-2019-2094-1

Package qt-creator updated to version 4.9.1-alt2 for branch sisyphus in task 232568.

Closed bugs

Bug #36917

missing plugins

ALT-PU-2019-2098-1

Package firefox updated to version 67.0.3-alt1 for branch sisyphus in task 232639.

Closed vulnerabilities

Published: 2019-07-23

BDU:2019-03613

Уязвимость метода Array.pop почтового клиента Thunderbird и браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2019-07-23
Modified: 2024-11-21

CVE-2019-11702

A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67.0.2.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References:
Published: 2019-07-23
Modified: 2025-04-04

CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:

ALT-PU-2019-2100-1

Package edk2 updated to version 20190501-alt1 for branch sisyphus in task 232661.

Closed vulnerabilities

Published: 2019-03-27
Modified: 2024-11-21

CVE-2018-12182

Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

Severity: MEDIUM (6.7) Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top