Bug 2061284
| Summary: | Firefox 97.0.2 is available due to critical security bug CVE-2022-26485 | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Markus Teuber <m-teuber> |
| Component: | firefox | Assignee: | Gecko Maintainer <gecko-bugs-nobody> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 35 | CC: | bugzilla, edgar.hoch, erack, fedora, fedoraproject, gecko-bugs-nobody, graham, jhorak, kai-engert-fedora, klaas, me, pjasicek, rebus, rhughes, rstrode, sandmann, stransky, theodor+rh, thomas |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | firefox-98.0-2.fc35 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-03-11 14:46:51 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Markus Teuber
2022-03-07 09:21:20 UTC
*** Bug 2061465 has been marked as a duplicate of this bug. *** https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/ also references CVE-2022-26486 as well. Mozilla has also reported these zero days as being exploited in the wild. Build in koji seems to be OK - https://koji.fedoraproject.org/koji/packageinfo?packageID=37 But it has not been submitted as update. Please can anyone with commit rights to "firefox" submit the update? the last koji build is not the final 98 build. So I don't think you should use that :) 98 final was released today. I'll guess stransky will update it to the final build in fedora git, then the koji build will be triggered and it'll make it's way into f34/35; 36/37 are blocked by a gcc 12 issue. There is a new advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/ FEDORA-2022-4f28c7541d has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-4f28c7541d FEDORA-2022-4f28c7541d has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report. The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days |