Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 764161 (MFSA2021-01) - <www-client/firefox{,-bin}-{78.6.1, 84.0.2}: Use after free code execution (CVE-2020-16044)
Summary: <www-client/firefox{,-bin}-{78.6.1, 84.0.2}: Use after free code execution (C...
Status: RESOLVED FIXED
Alias: MFSA2021-01
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://www.mozilla.org/en-US/securit...
Whiteboard: A2 [glsa+ cve]
Keywords:
: 764560 (view as bug list)
Depends on: 764581
Blocks: CVE-2020-16044
  Show dependency tree
 
Reported: 2021-01-06 18:57 UTC by John Helmert III (ajak)
Modified: 2021-01-12 12:36 UTC (History)
3 users (show)

See Also:
Package list:
www-client/firefox-78.6.1 *
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III (ajak) gentoo-dev Security 2021-01-06 18:57:17 UTC
CVE-2020-16044:

A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code.


Fixed in 78.6.1 and 84.0.2.
Comment 1 Larry the Git Cow gentoo-dev 2021-01-07 08:58:05 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ff5e3675ea8ee7cf8474bff12042618eeca352de

commit ff5e3675ea8ee7cf8474bff12042618eeca352de
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2021-01-07 08:56:57 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-01-07 08:56:57 +0000

    www-client/firefox-bin: (security) bump to 78.6.1
    
    Bug: https://bugs.gentoo.org/764161
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox-bin/Manifest                  |  97 ++++++
 www-client/firefox-bin/firefox-bin-78.6.1.ebuild | 411 +++++++++++++++++++++++
 2 files changed, 508 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2021-01-07 13:52:28 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90421b2a65fae9cb6f39a53ed87b76ccde5be9c1

commit 90421b2a65fae9cb6f39a53ed87b76ccde5be9c1
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2021-01-07 13:51:14 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-01-07 13:52:19 +0000

    www-client/firefox: (security) ESR bump to 78.6.1
    
    Bug: https://bugs.gentoo.org/764161
    Closes: https://bugs.gentoo.org/764290
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox/Manifest              |   96 +++
 www-client/firefox/firefox-78.6.1.ebuild | 1130 ++++++++++++++++++++++++++++++
 2 files changed, 1226 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2021-01-07 14:09:24 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31164aeb729c82602a284d56b94a7740bc5e4ed4

commit 31164aeb729c82602a284d56b94a7740bc5e4ed4
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2021-01-07 14:06:14 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-01-07 14:09:16 +0000

    www-client/firefox-bin: (security) bump to 84.0.2
    
    Bug: https://bugs.gentoo.org/764161
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox-bin/Manifest                  |  97 ++++++
 www-client/firefox-bin/firefox-bin-84.0.2.ebuild | 411 +++++++++++++++++++++++
 2 files changed, 508 insertions(+)
Comment 4 Sam James archtester gentoo-dev Security 2021-01-07 14:21:50 UTC
Thank you!
Comment 5 Horst Prote 2021-01-08 11:57:31 UTC
I'm missing www-client/firefox/firefox-84.0.2.ebuild
Comment 6 Joonas Niilola gentoo-dev 2021-01-08 12:02:00 UTC
It's not in the tree yet, the main maintainer hasn't returned committing after christmas and I'm a bit occupied until tomorrow.

Since it's 84.0.1 -> 84.0.2 bump there's probably nothing major updated (haven't had time to check 84.0.x logs), so just renaming the ebuild should be enough if you want to help testing it.
Comment 7 Sam James archtester gentoo-dev Security 2021-01-09 09:14:04 UTC
*** Bug 764560 has been marked as a duplicate of this bug. ***
Comment 8 Sam James archtester gentoo-dev Security 2021-01-09 09:14:34 UTC
I'll switch back to [ebuild] for now I guess until we get the 84.x.
Comment 9 Larry the Git Cow gentoo-dev 2021-01-09 12:38:27 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=702a672379acb4a1202015ccce32f6b798dd963f

commit 702a672379acb4a1202015ccce32f6b798dd963f
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2021-01-09 12:35:42 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-01-09 12:35:42 +0000

    www-client/firefox: (security) bump to 84.0.2
    
    Bug: https://bugs.gentoo.org/764161
    Bug: https://bugs.gentoo.org/764590
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox/Manifest              |   97 +++
 www-client/firefox/firefox-84.0.2.ebuild | 1130 ++++++++++++++++++++++++++++++
 2 files changed, 1227 insertions(+)
Comment 10 Sam James archtester gentoo-dev Security 2021-01-09 16:49:12 UTC
New GLSA request filed.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2021-01-10 09:24:05 UTC
This issue was resolved and addressed in
 GLSA 202101-04 at https://security.gentoo.org/glsa/202101-04
by GLSA coordinator Sam James (sam_c).
Comment 12 Sam James archtester gentoo-dev Security 2021-01-10 09:24:54 UTC
Reopening for cleanup.
Comment 13 Larry the Git Cow gentoo-dev 2021-01-11 15:51:43 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fac19fbd00964ce6966bd1b569d0dc4a2216f5a0

commit fac19fbd00964ce6966bd1b569d0dc4a2216f5a0
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2021-01-11 15:50:12 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-01-11 15:50:12 +0000

    www-client/firefox-bin: security cleanup
    
    Bug: https://bugs.gentoo.org/764161
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox-bin/Manifest                  | 291 ----------------
 www-client/firefox-bin/firefox-bin-78.6.0.ebuild | 411 -----------------------
 www-client/firefox-bin/firefox-bin-84.0.1.ebuild | 411 -----------------------
 www-client/firefox-bin/firefox-bin-84.0.ebuild   | 411 -----------------------
 4 files changed, 1524 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f37052c735aac4e72281e753f84518b4675e03b4

commit f37052c735aac4e72281e753f84518b4675e03b4
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2021-01-11 15:49:16 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-01-11 15:49:16 +0000

    www-client/firefox: security cleanup
    
    Bug: https://bugs.gentoo.org/764161
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox/Manifest                 |  288 -------
 www-client/firefox/firefox-78.6.0.ebuild    | 1129 ---------------------------
 www-client/firefox/firefox-84.0.1-r1.ebuild | 1128 --------------------------
 www-client/firefox/firefox-84.0.ebuild      | 1128 --------------------------
 4 files changed, 3673 deletions(-)
Comment 14 Sam James archtester gentoo-dev Security 2021-01-11 17:50:49 UTC
All done, thanks!