pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2019-2249/definitions.json

361 lines
19 KiB
JSON
Raw Normal View History

ALT Vulnerability
2024-06-28 13:17:52 +00:00
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20192249",
"Version": "oval:org.altlinux.errata:def:20192249",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-2249: package `thunderbird` update to version 60.8.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-2249",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-2249",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-02851",
"RefURL": "https://bdu.fstec.ru/vul/2019-02851",
"Source": "BDU"
},
{
"RefID": "BDU:2019-02932",
"RefURL": "https://bdu.fstec.ru/vul/2019-02932",
"Source": "BDU"
},
{
"RefID": "BDU:2019-02933",
"RefURL": "https://bdu.fstec.ru/vul/2019-02933",
"Source": "BDU"
},
{
"RefID": "BDU:2019-02934",
"RefURL": "https://bdu.fstec.ru/vul/2019-02934",
"Source": "BDU"
},
{
"RefID": "BDU:2019-02935",
"RefURL": "https://bdu.fstec.ru/vul/2019-02935",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03614",
"RefURL": "https://bdu.fstec.ru/vul/2019-03614",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03615",
"RefURL": "https://bdu.fstec.ru/vul/2019-03615",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03616",
"RefURL": "https://bdu.fstec.ru/vul/2019-03616",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04642",
"RefURL": "https://bdu.fstec.ru/vul/2019-04642",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00723",
"RefURL": "https://bdu.fstec.ru/vul/2020-00723",
"Source": "BDU"
},
{
"RefID": "CVE-2019-11709",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11709",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11711",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11711",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11712",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11712",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11713",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11713",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11715",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11715",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11717",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11717",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11719",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11719",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11729",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11729",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11730",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11730",
"Source": "CVE"
},
{
"RefID": "CVE-2019-9811",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9811",
"Source": "CVE"
}
],
"Description": "This update upgrades thunderbird to version 60.8.0-alt1. \nSecurity Fix(es):\n\n * BDU:2019-02851: Уязвимость браузеров Firefox, Firefox ESR, почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-02932: Уязвимость реализации сетевого протокола HTTP/2 браузеров Firefox ESR, Firefox и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-02933: Уязвимость браузеров Firefox ESR, Firefox и почтового клиента Thunderbird, связанная с недостатками разграничения доступа, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-02934: Уязвимость плагина NPAPI браузеров Firefox ESR, Firefox и почтового клиента Thunderbird, позволяющая нарушителю осуществить межсайтовую подделку запросов\n\n * BDU:2019-02935: Уязвимость компонента document.domain браузеров Firefox ESR, Firefox и почтового клиента Thunderbird, позволяющая нарушителю осуществить межсайтовую сценарную атаку\n\n * BDU:2019-03614: Уязвимость почтового клиента Thunderbird и браузеров Firefox и Firefox ESR, связанная с неправильным синтаксическим анализом содержимого страницы или интерпретацией введенных пользователем данных, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-03615: Уязвимость почтового клиента Thunderbird и браузеров Firefox и Firefox ESR, связанная с ошибками экранирования символа каретки(\u0026quot;^\u0026quot;), позволяющая нарушителю нарушить целостность данных\n\n * BDU:2019-03616: Уязвимость библиотеки служб сетевой безопасности (NSS) почтового клиента Thunderbird и браузеров Firefox и Firefox ESR, позволяющая нарушителю получить несанкционированный доступ к информации\n\n * BDU:2019-04642: Уязвимость функции формирования открытых ключей p256-ECDH браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00723: Уязвимость веб-браузеров Firefox, Firefox ESR и программы для работы с электронной почтой Thunderbird, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным\n\n * CVE-2019-11709: Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.\n\n * CVE-2019-11711: When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperat
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-07-12"
},
"Updated": {
"Date": "2019-07-12"
},
"BDUs": [
{
"ID": "BDU:2019-02851",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-02851",
"Impact": "Critical",
"Public": "20190729"
},
{
"ID": "BDU:2019-02932",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2019-02932",
"Impact": "Critical",
"Public": "20190709"
},
{
"ID": "BDU:2019-02933",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2019-02933",
"Impact": "High",
"Public": "20190709"
},
{
"ID": "BDU:2019-02934",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-352",
"Href": "https://bdu.fstec.ru/vul/2019-02934",
"Impact": "High",
"Public": "20190709"
},
{
"ID": "BDU:2019-02935",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2019-02935",
"Impact": "High",
"Public": "20190709"
},
{
"ID": "BDU:2019-03614",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://bdu.fstec.ru/vul/2019-03614",
"Impact": "Low",
"Public": "20190723"
},
{
"ID": "BDU:2019-03615",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2019-03615",
"Impact": "Low",
"Public": "20190723"
},
{
"ID": "BDU:2019-03616",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-03616",
"Impact": "High",
"Public": "20190723"
},
{
"ID": "BDU:2019-04642",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2019-04642",
"Impact": "High",
"Public": "20190709"
},
{
"ID": "BDU:2020-00723",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2020-00723",
"Impact": "Low",
"Public": "20190709"
}
],
"CVEs": [
{
"ID": "CVE-2019-11709",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11709",
"Impact": "Critical",
"Public": "20190723"
},
{
"ID": "CVE-2019-11711",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11711",
"Impact": "High",
"Public": "20190723"
},
{
"ID": "CVE-2019-11712",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-352",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11712",
"Impact": "High",
"Public": "20190723"
},
{
"ID": "CVE-2019-11713",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11713",
"Impact": "Critical",
"Public": "20190723"
},
{
"ID": "CVE-2019-11715",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11715",
"Impact": "Low",
"Public": "20190723"
},
{
"ID": "CVE-2019-11717",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-116",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11717",
"Impact": "Low",
"Public": "20190723"
},
{
"ID": "CVE-2019-11719",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11719",
"Impact": "High",
"Public": "20190723"
},
{
"ID": "CVE-2019-11729",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11729",
"Impact": "High",
"Public": "20190723"
},
{
"ID": "CVE-2019-11730",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11730",
"Impact": "Low",
"Public": "20190723"
},
{
"ID": "CVE-2019-9811",
"CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"CWE": "CWE-74",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9811",
"Impact": "High",
"Public": "20190723"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20192249001",
"Comment": "rpm-build-thunderbird is earlier than 0:60.8.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192249002",
"Comment": "thunderbird is earlier than 0:60.8.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192249003",
"Comment": "thunderbird-enigmail is earlier than 0:60.8.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue Copy Permalink