Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#9032 closed defect (fixed)

firefox-52.0.1

Reported by: ken@… Owned by: ken@…
Priority: high Milestone: 8.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

From the Arch advisory, found at lwn.net:

Description
===========

An integer overflow in createImageBitmap() was reported through the
Pwn2Own contest. The fix for this vulnerability disables the
experimental extensions to the createImageBitmap API. This function
runs in the content sandbox, requiring a second vulnerability to
compromise a user's computer.

Impact
======

A remote attacker might be able to execute arbitrary code on the
affected host.

References
==========

https://www.mozilla.org/en-US/security/advisories/mfsa201...
https://bugzilla.mozilla.org/show_bug.cgi?id=1348168
https://security.archlinux.org/CVE-2017-5428

Change History (6)

comment:1 by ken@…, 5 years ago

Owner: changed from blfs-book@… to ken@…
Status: newassigned

Only a couple of changes in the main code, but for the many docker files it looks as if they might have moved them (massive deletes, massive additions). For us, looks good to go.

comment:2 by bdubbs@…, 5 years ago

I was just starting to look at this, but please go ahead.

One thing I was wondering about is the comment we have:

The tarball firefox-52.0.source.tar.xz will untar to firefox-52.0 directory. However, if you do this in a directory where the sticky bit is set, such as /tmp it will end with error messages:

Just to see what is going on, I did:

tar -tvf firefox-52.0.1.source.tar.xz|head

Right as the first entry I got the curious entry:

drwxr-xr-x 0/0 0 2017-03-17 07:04 ./

So tar is resetting the permissions of the current directory to 0755 if it has permissions to do so. I don't know if I've ever seen that. What they are doing is:

'tar -Jcf xyz.tar.xz .' as the root user.

Seems like bad usage to me. Should this be reported?

in reply to:  2 comment:3 by ken@…, 5 years ago

Replying to bdubbs@…:

I was just starting to look at this, but please go ahead.

One thing I was wondering about is the comment we have:

The tarball firefox-52.0.source.tar.xz will untar to firefox-52.0 directory. However, if you do this in a directory where the sticky bit is set, such as /tmp it will end with error messages:

Just to see what is going on, I did:

tar -tvf firefox-52.0.1.source.tar.xz|head

Right as the first entry I got the curious entry:

drwxr-xr-x 0/0 0 2017-03-17 07:04 ./

So tar is resetting the permissions of the current directory to 0755 if it has permissions to do so. I don't know if I've ever seen that. What they are doing is:

'tar -Jcf xyz.tar.xz .' as the root user.

Seems like bad usage to me. Should this be reported?

Interesting, you are more on top of that than I am. If you think it will do any good, report it. My personal view is that they have their own agenda, and the views of people who build their releases on linux have a very low priority. Jaundiced, moi ? Probably.

comment:4 by ken@…, 5 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r18519 if I've correctly noted what Bruce wrote above about tar.

comment:5 by bdubbs@…, 5 years ago

Milestone: 8.1m8.1

Milestone renamed

comment:6 by bdubbs@…, 5 years ago

Milestone: m8.18.1

Milestone renamed

Note: See TracTickets for help on using tickets.