pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2023-1895/definitions.json

310 lines
15 KiB
JSON
Raw Normal View History

ALT Vulnerability
2024-04-16 14:26:14 +00:00
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20231895",
"Version": "oval:org.altlinux.errata:def:20231895",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-1895: package `thunderbird` update to version 102.11.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
ALT Vulnerability
2024-12-12 21:07:30 +00:00
"Starterkit",
"ALT Container"
ALT Vulnerability
2024-04-16 14:26:14 +00:00
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-1895",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-1895",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-02803",
"RefURL": "https://bdu.fstec.ru/vul/2023-02803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02804",
"RefURL": "https://bdu.fstec.ru/vul/2023-02804",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02805",
"RefURL": "https://bdu.fstec.ru/vul/2023-02805",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02806",
"RefURL": "https://bdu.fstec.ru/vul/2023-02806",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02809",
"RefURL": "https://bdu.fstec.ru/vul/2023-02809",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02810",
"RefURL": "https://bdu.fstec.ru/vul/2023-02810",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02813",
"RefURL": "https://bdu.fstec.ru/vul/2023-02813",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02814",
"RefURL": "https://bdu.fstec.ru/vul/2023-02814",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32205",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32205",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32206",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32206",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32207",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32207",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32211",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32211",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32212",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32212",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32213",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32213",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32214",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32214",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32215",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32215",
"Source": "CVE"
}
],
"Description": "This update upgrades thunderbird to version 102.11.0-alt1. \nSecurity Fix(es):\n\n * BDU:2023-02803: Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-02804: Уязвимость браузеров Firefox и Firefox ESR, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю выполнить спуфинговую атаку\n\n * BDU:2023-02805: Уязвимость функции FileReader::DoReadData() браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код в целевой системе\n\n * BDU:2023-02806: Уязвимость браузеров Firefox и Firefox ESR, связанная с ошибками смешения типов данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-02809: Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю выполнить спуфинговую атаку\n\n * BDU:2023-02810: Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, существующая из-за некорректной работы обработчиков ms-cxh и ms-cxh-ful, позволяющая нарушителю вызвать аварийное завершение работы приложения\n\n * BDU:2023-02813: Уязвимость драйвера RLBox Expat браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать аварийное завершение работы приложения\n\n * BDU:2023-02814: Уязвимость браузеров Firefox и Firefox ESR, существующая из-за отсутствия задержки всплывающих уведомлений, позволяющая нарушителю получить несанкционированный доступ к определенным функциям браузера\n\n * CVE-2023-32205: In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox \u003c 113, Firefox ESR \u003c 102.11, and Thunderbird \u003c 102.11.\n\n * CVE-2023-32206: An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox \u003c 113, Firefox ESR \u003c 102.11, and Thunderbird \u003c 102.11.\n\n * CVE-2023-32207: A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox \u003c 113, Firefox ESR \u003c 102.11, and Thunderbird \u003c 102.11.\n\n * CVE-2023-32211: A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox \u003c 113, Firefox ESR \u003c 102.11, and Thunderbird \u003c 102.11.\n\n * CVE-2023-32212: An attacker could have positioned a \u003ccode\u003edatalist\u003c/code\u003e element to obscure the address bar. This vulnerability affects Firefox \u003c 113, Firefox ESR \u003c 102.11, and Thunderbird \u003c 102.11.\n\n * CVE-2023-32213: When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox \u003c 113, Firefox ESR \u003c 102.11, and Thunderbird \u
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-05-26"
},
"Updated": {
"Date": "2023-05-26"
},
"BDUs": [
{
"ID": "BDU:2023-02803",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2023-02803",
"Impact": "Low",
"Public": "20230509"
},
{
"ID": "BDU:2023-02804",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"CWE": "CWE-451",
"Href": "https://bdu.fstec.ru/vul/2023-02804",
"Impact": "Low",
"Public": "20230509"
},
{
"ID": "BDU:2023-02805",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2023-02805",
"Impact": "Low",
"Public": "20230509"
},
{
"ID": "BDU:2023-02806",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"CWE": "CWE-843",
"Href": "https://bdu.fstec.ru/vul/2023-02806",
"Impact": "Low",
"Public": "20230509"
},
{
"ID": "BDU:2023-02809",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "CWE-451",
"Href": "https://bdu.fstec.ru/vul/2023-02809",
"Impact": "Low",
"Public": "20230509"
},
{
"ID": "BDU:2023-02810",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"CWE": "CWE-939",
"Href": "https://bdu.fstec.ru/vul/2023-02810",
"Impact": "Low",
"Public": "20230509"
},
{
"ID": "BDU:2023-02813",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2023-02813",
"Impact": "Low",
"Public": "20230509"
},
{
"ID": "BDU:2023-02814",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "CWE-254, CWE-275",
"Href": "https://bdu.fstec.ru/vul/2023-02814",
"Impact": "Low",
"Public": "20230509"
}
],
"CVEs": [
{
"ID": "CVE-2023-32205",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32205",
"Impact": "Low",
"Public": "20230602"
},
{
"ID": "CVE-2023-32206",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32206",
"Impact": "Low",
"Public": "20230602"
},
{
"ID": "CVE-2023-32207",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-290",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32207",
"Impact": "High",
"Public": "20230602"
},
{
"ID": "CVE-2023-32211",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32211",
"Impact": "Low",
"Public": "20230602"
},
{
"ID": "CVE-2023-32212",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32212",
"Impact": "Low",
"Public": "20230602"
},
{
"ID": "CVE-2023-32213",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-908",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32213",
"Impact": "High",
"Public": "20230602"
},
{
"ID": "CVE-2023-32214",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32214",
"Impact": "High",
"Public": "20230619"
},
{
"ID": "CVE-2023-32215",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32215",
"Impact": "High",
"Public": "20230602"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
ALT Vulnerability
2024-12-12 21:07:30 +00:00
"cpe:/o:alt:starterkit:10",
ALT Vulnerability
2024-04-16 14:26:14 +00:00
"cpe:/o:alt:starterkit:p10",
ALT Vulnerability
2024-12-12 21:07:30 +00:00
"cpe:/o:alt:container:10"
ALT Vulnerability
2024-04-16 14:26:14 +00:00
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20231895001",
"Comment": "rpm-build-thunderbird is earlier than 0:102.11.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231895002",
"Comment": "thunderbird is earlier than 0:102.11.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231895003",
"Comment": "thunderbird-wayland is earlier than 0:102.11.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue Copy Permalink