-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0885
                        firefox-esr security update
                               28 March 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           firefox-esr
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
                   Debian GNU/Linux 9
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-5148  

Reference:         ASB-2018.0063

Original Bulletin: 
   https://lists.debian.org/debian-security-announce/2018/msg00079.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4153-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 27, 2018                        https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2018-5148

It was discovered that a use-after-free in the compositor of Firefox
can result in the execution of arbitrary code.

For the oldstable distribution (jessie), this problem has been fixed
in version 52.7.3esr-1~deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 52.7.3esr-1~deb9u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlq6pJ8ACgkQEMKTtsN8
Tja93A//bWdCr9S9XD8ilPotrKHIYF+pqAjk78weqqfq6ZTD3ZT53b/3KOVLL0G/
rWk0ZUqv0FNt5g1SjL8n5I/n2DNDYAiE4SBUcSkXxrCdNrbwRrs1/aNXQGiWKfxX
uxHuef0qJxZcnHbY9HwGvBo0rUunzmHgDNEfTCBADo4OEaypkc1kkcqQLLybS+b/
GuWj3twDpv8KvUkgHMIFG17P665bgFSCWWZ94uIMKguvqGjGQSqRlXr2VUS/jJPP
6kJ0xV/bkBvaiTZe3+s2FavS6yY9MvSAbBM7qwE0ee+l9XgqdeOQOGvXQb4i63oh
QVVFa64JvTl0O5mqsCqzuGHEcpEkz4ZOBOhr+LXbXgOf6QJhklQguxelGeo2izDI
bdaJdti3FK7c4zWoKRYLAxw1qtka9IsMjLG1ikEjMcTSPYF6cisnWliCz4idsZaR
9GeoGy7jkn1zfZaD6+uGGcghXtIZkep9lpGj7LhX+iKEag6Jjq+Z0k8j74bliec6
LoAOQlhBSdJ85gBxhCDUB9J0j9zzpSWFTpuzeXg6ft/NQZf88e2tBi2iapwi122K
VtqlaIz4bH4BQ3F3Kc5w5cpWrt3C3SkhVdxCAJ88fo7hUwrzM169a8lAvysS+exU
T5UIRhQk/Kk0DxWH7a7NFO/+NzJsaWkfZ2sN2Rt0G4ROuBO6jMo=
=IbER
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIUAwUBWrrfR4x+lLeg9Ub1AQirLw/3Y5yo2+wr3H1aKHcSTCLTppqA8WTQPiUA
X5p02lp064HRrL8qq9YGQPI7sB9wRrMflyC5LyJiiVGUhB+y4HtNxBfgpdrmCtZM
PAuCXz7iEuQ/dcvMIBDaPZhd4ejmf43ZR7k3cQ3OBeStdI8IozxLzi8HR6zSRCh/
Z3s6txe0djnjZwuasmO1RL7LzuqISRjhOUlKFMqlPdXOjerz89hmsF4+vFrqylVt
RHRGIe8gBZFTXqYECcm8tG8x+taaK4ik9DWGnc25cLGp/4JvZqmAc4fsYiiAl3Wg
A12C+njhv2KtC+ZKpQaN3bEgLqNoPYCX6l8Tkc3PqY4zLxQw6ZwvjcyLwXebLBEV
EmWpV/R2StzChO/x94Yu5jieP4l8+tWdWVOaGzuwD/OCQoxz9szZR0A7DHAW7YfC
LLHfhGod7ESGaA9itU+y1eguo9bCTEKLk8H5tah+501ZE9rUL4lvwa02ZQytmTnX
6mhQce9cx3X9qLpQbRSx2mk48BVR34Q9NMRUFRuKxyMd3V6rlUloMXSIj1Gu0FFr
mXIAzo6dnTzJlIS7gzQiG+5f1krbuWQU+MQO14fKBgqPr1hUlaYPqZnJxm+J/jTx
RmE1g2HTB2c3AwWiDDfIP7AMO5gm3kgL3rZE/NoinXv5//moTczQm4LD8KQTo/Bo
+NQFnavyNQ==
=Th/S
-----END PGP SIGNATURE-----