Red Hat Product Errata RHSA-2023:5197 - Security Advisory
Issued:
2023-09-18
Updated:
2023-09-18

RHSA-2023:5197 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.15.1 ESR.

Security Fix(es):

  • libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 2238431 - CVE-2023-4863 libwebp: Heap buffer overflow in WebP Codec

Red Hat Enterprise Linux Server 7

SRPM
firefox-102.15.1-1.el7_9.src.rpm SHA-256: 4a5d5bd37e37d5e8ae91840d9d9a26738d9a7c623281ab243340538cad782687
x86_64
firefox-102.15.1-1.el7_9.i686.rpm SHA-256: 5e14e94b9de2d575dd903a1aa8e67567d81f3459bb8d2dbbb461ddd4fd2887b1
firefox-102.15.1-1.el7_9.x86_64.rpm SHA-256: c3f8ff4145d5d9ec35a675bfe1089fac389b670f97f9a4038423e8443480159e
firefox-debuginfo-102.15.1-1.el7_9.i686.rpm SHA-256: 38a9284f29678da147d43adac507e1faf2c8dd94f93c5fe520675a4dfc805375
firefox-debuginfo-102.15.1-1.el7_9.x86_64.rpm SHA-256: be1cac4d01c770a4e7113127308eb517d795a014fb5523743982dd08f0ef02ea

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
firefox-102.15.1-1.el7_9.src.rpm SHA-256: 4a5d5bd37e37d5e8ae91840d9d9a26738d9a7c623281ab243340538cad782687
x86_64
firefox-102.15.1-1.el7_9.i686.rpm SHA-256: 5e14e94b9de2d575dd903a1aa8e67567d81f3459bb8d2dbbb461ddd4fd2887b1
firefox-102.15.1-1.el7_9.x86_64.rpm SHA-256: c3f8ff4145d5d9ec35a675bfe1089fac389b670f97f9a4038423e8443480159e
firefox-debuginfo-102.15.1-1.el7_9.i686.rpm SHA-256: 38a9284f29678da147d43adac507e1faf2c8dd94f93c5fe520675a4dfc805375
firefox-debuginfo-102.15.1-1.el7_9.x86_64.rpm SHA-256: be1cac4d01c770a4e7113127308eb517d795a014fb5523743982dd08f0ef02ea

Red Hat Enterprise Linux Workstation 7

SRPM
firefox-102.15.1-1.el7_9.src.rpm SHA-256: 4a5d5bd37e37d5e8ae91840d9d9a26738d9a7c623281ab243340538cad782687
x86_64
firefox-102.15.1-1.el7_9.i686.rpm SHA-256: 5e14e94b9de2d575dd903a1aa8e67567d81f3459bb8d2dbbb461ddd4fd2887b1
firefox-102.15.1-1.el7_9.x86_64.rpm SHA-256: c3f8ff4145d5d9ec35a675bfe1089fac389b670f97f9a4038423e8443480159e
firefox-debuginfo-102.15.1-1.el7_9.i686.rpm SHA-256: 38a9284f29678da147d43adac507e1faf2c8dd94f93c5fe520675a4dfc805375
firefox-debuginfo-102.15.1-1.el7_9.x86_64.rpm SHA-256: be1cac4d01c770a4e7113127308eb517d795a014fb5523743982dd08f0ef02ea

Red Hat Enterprise Linux Desktop 7

SRPM
firefox-102.15.1-1.el7_9.src.rpm SHA-256: 4a5d5bd37e37d5e8ae91840d9d9a26738d9a7c623281ab243340538cad782687
x86_64
firefox-102.15.1-1.el7_9.i686.rpm SHA-256: 5e14e94b9de2d575dd903a1aa8e67567d81f3459bb8d2dbbb461ddd4fd2887b1
firefox-102.15.1-1.el7_9.x86_64.rpm SHA-256: c3f8ff4145d5d9ec35a675bfe1089fac389b670f97f9a4038423e8443480159e
firefox-debuginfo-102.15.1-1.el7_9.i686.rpm SHA-256: 38a9284f29678da147d43adac507e1faf2c8dd94f93c5fe520675a4dfc805375
firefox-debuginfo-102.15.1-1.el7_9.x86_64.rpm SHA-256: be1cac4d01c770a4e7113127308eb517d795a014fb5523743982dd08f0ef02ea

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
firefox-102.15.1-1.el7_9.src.rpm SHA-256: 4a5d5bd37e37d5e8ae91840d9d9a26738d9a7c623281ab243340538cad782687
s390x
firefox-102.15.1-1.el7_9.s390x.rpm SHA-256: 024c38f7a702de99021f0375cb89beb5b668af989c01a87a98e2c29f1705e9d4
firefox-debuginfo-102.15.1-1.el7_9.s390x.rpm SHA-256: abc2209722d66ae79296391322fe5277f3a87588684a6d108d19bf667ca489d9

Red Hat Enterprise Linux for Power, big endian 7

SRPM
firefox-102.15.1-1.el7_9.src.rpm SHA-256: 4a5d5bd37e37d5e8ae91840d9d9a26738d9a7c623281ab243340538cad782687
ppc64
firefox-102.15.1-1.el7_9.ppc64.rpm SHA-256: cfdfb0824ef49f610ae6219a74f5e6b47372ca9649dcafcff2f81e00a7e07a26
firefox-debuginfo-102.15.1-1.el7_9.ppc64.rpm SHA-256: f4aaea2d93a7f9cfe945b60577494f59443e0321676748b7f1e2def686d9e3a0

Red Hat Enterprise Linux for Power, little endian 7

SRPM
firefox-102.15.1-1.el7_9.src.rpm SHA-256: 4a5d5bd37e37d5e8ae91840d9d9a26738d9a7c623281ab243340538cad782687
ppc64le
firefox-102.15.1-1.el7_9.ppc64le.rpm SHA-256: b16848c1402e53640bbf5b15eae6fc04349bc2ed7d69df387ef5814700054055
firefox-debuginfo-102.15.1-1.el7_9.ppc64le.rpm SHA-256: 6567b3ba3e31bbe4dcc2829049c03e1d06b0389ad15a3d43bc04f236ef15a099

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
firefox-102.15.1-1.el7_9.src.rpm SHA-256: 4a5d5bd37e37d5e8ae91840d9d9a26738d9a7c623281ab243340538cad782687
s390x
firefox-102.15.1-1.el7_9.s390x.rpm SHA-256: 024c38f7a702de99021f0375cb89beb5b668af989c01a87a98e2c29f1705e9d4
firefox-debuginfo-102.15.1-1.el7_9.s390x.rpm SHA-256: abc2209722d66ae79296391322fe5277f3a87588684a6d108d19bf667ca489d9

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
firefox-102.15.1-1.el7_9.src.rpm SHA-256: 4a5d5bd37e37d5e8ae91840d9d9a26738d9a7c623281ab243340538cad782687
ppc64
firefox-102.15.1-1.el7_9.ppc64.rpm SHA-256: cfdfb0824ef49f610ae6219a74f5e6b47372ca9649dcafcff2f81e00a7e07a26
firefox-debuginfo-102.15.1-1.el7_9.ppc64.rpm SHA-256: f4aaea2d93a7f9cfe945b60577494f59443e0321676748b7f1e2def686d9e3a0

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
firefox-102.15.1-1.el7_9.src.rpm SHA-256: 4a5d5bd37e37d5e8ae91840d9d9a26738d9a7c623281ab243340538cad782687
ppc64le
firefox-102.15.1-1.el7_9.ppc64le.rpm SHA-256: b16848c1402e53640bbf5b15eae6fc04349bc2ed7d69df387ef5814700054055
firefox-debuginfo-102.15.1-1.el7_9.ppc64le.rpm SHA-256: 6567b3ba3e31bbe4dcc2829049c03e1d06b0389ad15a3d43bc04f236ef15a099

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.