Mageia alert MGASA-2025-0045 (rootcerts, nss & firefox)

From:
             
 
Mageia Updates <updates-announce@ml.mageia.org>
To:
             
 
updates-announce@ml.mageia.org
Subject:
             
 
[updates-announce] MGASA-2025-0045: Updated rootcerts, nss & firefox packages fix security vulnerabilities
Date:
             
 
Sun, 09 Feb 2025 01:20:16 +0100
Message-ID:
             
 
<20250209002016.C0DFDA00A5@duvel.mageia.org>
Archive-link:
             
 
Article
MGASA-2025-0045 - Updated rootcerts, nss & firefox packages fix security vulnerabilities

Publication date: 09 Feb 2025
URL: https://advisories.mageia.org/MGASA-2025-0045.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2025-1009,
     CVE-2025-1010,
     CVE-2025-1011,
     CVE-2025-1012,
     CVE-2024-11704,
     CVE-2025-1013,
     CVE-2025-1014,
     CVE-2025-1016,
     CVE-2025-1017

Description:
Use-after-free in XSLT. (CVE-2025-1009)
Use-after-free in Custom Highlight. (CVE-2025-1010)
A bug in WebAssembly code generation could result in a crash.
(CVE-2025-1011)
Use-after-free during concurrent delazification. (CVE-2025-1012)
Potential double-free vulnerability in PKCS#7 decryption handling.
(CVE-2024-11704)
Potential opening of private browsing tabs in normal browsing windows.
(CVE-2025-1013)
Certificate length was not properly checked. (CVE-2025-1014)
Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR
115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7.
(CVE-2025-1016)
Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR
128.7, and Thunderbird 128.7. (CVE-2025-1017)

References:
- https://bugs.mageia.org/show_bug.cgi?id=33983
- https://www.mozilla.org/en-US/firefox/128.7.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa202...
-
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_108.html#mozilla-projects-nss-nss-3-108-release-notes
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1009
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1010
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1011
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1012
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1013
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1014
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1016
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1017

SRPMS:
- 9/core/rootcerts-20250130.00-1.mga9
- 9/core/nss-3.108.0-1.mga9
- 9/core/firefox-128.7.0-1.mga9
- 9/core/firefox-l10n-128.7.0-1.mga9