Уязвимость CVE-2023-6856: Информация
Описание
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Важность: HIGH (8,8) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
firefox | sisyphus | 121.0-alt1 | 126.0-alt1 | ALT-PU-2023-8231-1 | 336902 | Исправлено |
firefox | sisyphus_riscv64 | 121.0-alt0.port | 126.0-alt0.port | ALT-PU-2023-8323-1 | - | Исправлено |
firefox | sisyphus_loongarch64 | 121.0-alt1.0.port | 126.0-alt1.0.port | ALT-PU-2024-1013-1 | - | Исправлено |
firefox-esr | sisyphus | 115.6.0-alt1 | 115.11.0-alt1 | ALT-PU-2023-8216-2 | 336858 | Исправлено |
firefox-esr | sisyphus_loongarch64 | 115.6.0-alt1 | 115.10.0-alt1 | ALT-PU-2023-8248-1 | - | Исправлено |
firefox-esr | p10 | 115.6.0-alt1 | 115.10.0-alt1 | ALT-PU-2023-8227-2 | 336859 | Исправлено |
firefox-esr | c10f1 | 115.8.0-alt0.c10.1 | 115.9.1-alt0.c10.1 | ALT-PU-2024-3614-2 | 340631 | Исправлено |
thunderbird | sisyphus | 115.6.0-alt1 | 115.9.0-alt1 | ALT-PU-2023-8368-2 | 337340 | Исправлено |
thunderbird | sisyphus_loongarch64 | 115.6.0-alt1 | 115.9.0-alt1 | ALT-PU-2023-8387-1 | - | Исправлено |
thunderbird | p10 | 115.8.1-alt1 | 115.9.0-alt1 | ALT-PU-2024-3860-2 | 342581 | Исправлено |
thunderbird | c10f1 | 115.8.1-alt0.c10.1 | 115.9.0-alt0.c10.1 | ALT-PU-2024-4748-2 | 343092 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1843782 |
|
https://www.mozilla.org/security/advisories/mfsa2023-54/ |
|
https://www.mozilla.org/security/advisories/mfsa2023-55/ |
|
https://www.mozilla.org/security/advisories/mfsa2023-56/ |
|
https://www.debian.org/security/2023/dsa-5581 |
|
https://www.debian.org/security/2023/dsa-5582 |
|
https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html |
|
https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html |
|
https://security.gentoo.org/glsa/202401-10 |
|