{ "Definition": [ { "ID": "oval:org.altlinux.errata:def:20191782", "Version": "oval:org.altlinux.errata:def:20191782", "Class": "patch", "Metadata": { "Title": "ALT-PU-2019-1782: package `chromium` update to version 74.0.3729.131-alt1", "AffectedList": [ { "Family": "unix", "Platforms": [ "ALT Linux branch c9f2" ], "Products": [ "ALT SPWorkstation", "ALT SPServer" ] } ], "References": [ { "RefID": "ALT-PU-2019-1782", "RefURL": "https://errata.altlinux.org/ALT-PU-2019-1782", "Source": "ALTPU" }, { "RefID": "BDU:2019-02857", "RefURL": "https://bdu.fstec.ru/vul/2019-02857", "Source": "BDU" }, { "RefID": "BDU:2019-03577", "RefURL": "https://bdu.fstec.ru/vul/2019-03577", "Source": "BDU" }, { "RefID": "BDU:2019-03578", "RefURL": "https://bdu.fstec.ru/vul/2019-03578", "Source": "BDU" }, { "RefID": "BDU:2019-03579", "RefURL": "https://bdu.fstec.ru/vul/2019-03579", "Source": "BDU" }, { "RefID": "BDU:2019-03580", "RefURL": "https://bdu.fstec.ru/vul/2019-03580", "Source": "BDU" }, { "RefID": "BDU:2019-03581", "RefURL": "https://bdu.fstec.ru/vul/2019-03581", "Source": "BDU" }, { "RefID": "BDU:2019-03582", "RefURL": "https://bdu.fstec.ru/vul/2019-03582", "Source": "BDU" }, { "RefID": "BDU:2019-03583", "RefURL": "https://bdu.fstec.ru/vul/2019-03583", "Source": "BDU" }, { "RefID": "BDU:2019-03584", "RefURL": "https://bdu.fstec.ru/vul/2019-03584", "Source": "BDU" }, { "RefID": "BDU:2019-03585", "RefURL": "https://bdu.fstec.ru/vul/2019-03585", "Source": "BDU" }, { "RefID": "BDU:2019-03586", "RefURL": "https://bdu.fstec.ru/vul/2019-03586", "Source": "BDU" }, { "RefID": "BDU:2019-03587", "RefURL": "https://bdu.fstec.ru/vul/2019-03587", "Source": "BDU" }, { "RefID": "BDU:2019-03588", "RefURL": "https://bdu.fstec.ru/vul/2019-03588", "Source": "BDU" }, { "RefID": "BDU:2019-03589", "RefURL": "https://bdu.fstec.ru/vul/2019-03589", "Source": "BDU" }, { "RefID": "BDU:2019-03590", "RefURL": "https://bdu.fstec.ru/vul/2019-03590", "Source": "BDU" }, { "RefID": "BDU:2019-03591", "RefURL": "https://bdu.fstec.ru/vul/2019-03591", "Source": "BDU" }, { "RefID": "BDU:2019-03592", "RefURL": "https://bdu.fstec.ru/vul/2019-03592", "Source": "BDU" }, { "RefID": "BDU:2020-01407", "RefURL": "https://bdu.fstec.ru/vul/2020-01407", "Source": "BDU" }, { "RefID": "BDU:2020-01413", "RefURL": "https://bdu.fstec.ru/vul/2020-01413", "Source": "BDU" }, { "RefID": "BDU:2020-01719", "RefURL": "https://bdu.fstec.ru/vul/2020-01719", "Source": "BDU" }, { "RefID": "BDU:2020-01720", "RefURL": "https://bdu.fstec.ru/vul/2020-01720", "Source": "BDU" }, { "RefID": "BDU:2020-01721", "RefURL": "https://bdu.fstec.ru/vul/2020-01721", "Source": "BDU" }, { "RefID": "CVE-2019-13698", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-13698", "Source": "CVE" }, { "RefID": "CVE-2019-5805", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5805", "Source": "CVE" }, { "RefID": "CVE-2019-5806", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5806", "Source": "CVE" }, { "RefID": "CVE-2019-5807", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5807", "Source": "CVE" }, { "RefID": "CVE-2019-5808", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5808", "Source": "CVE" }, { "RefID": "CVE-2019-5809", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5809", "Source": "CVE" }, { "RefID": "CVE-2019-5810", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5810", "Source": "CVE" }, { "RefID": "CVE-2019-5811", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5811", "Source": "CVE" }, { "RefID": "CVE-2019-5812", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5812", "Source": "CVE" }, { "RefID": "CVE-2019-5813", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5813", "Source": "CVE" }, { "RefID": "CVE-2019-5814", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5814", "Source": "CVE" }, { "RefID": "CVE-2019-5815", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5815", "Source": "CVE" }, { "RefID": "CVE-2019-5816", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5816", "Source": "CVE" }, { "RefID": "CVE-2019-5817", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5817", "Source": "CVE" }, { "RefID": "CVE-2019-5818", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5818", "Source": "CVE" }, { "RefID": "CVE-2019-5819", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5819", "Source": "CVE" }, { "RefID": "CVE-2019-5820", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5820", "Source": "CVE" }, { "RefID": "CVE-2019-5821", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5821", "Source": "CVE" }, { "RefID": "CVE-2019-5822", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5822", "Source": "CVE" }, { "RefID": "CVE-2019-5823", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5823", "Source": "CVE" }, { "RefID": "CVE-2019-5824", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5824", "Source": "CVE" }, { "RefID": "CVE-2019-5825", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5825", "Source": "CVE" }, { "RefID": "CVE-2019-5826", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5826", "Source": "CVE" }, { "RefID": "CVE-2019-5827", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5827", "Source": "CVE" }, { "RefID": "CVE-2019-5843", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5843", "Source": "CVE" }, { "RefID": "CVE-2020-6503", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6503", "Source": "CVE" }, { "RefID": "CVE-2020-6504", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6504", "Source": "CVE" } ], "Description": "This update upgrades chromium to version 74.0.3729.131-alt1. \nSecurity Fix(es):\n\n * BDU:2019-02857: Уязвимость веб-браузера Google Chrome, позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2019-03577: Уязвимость обработчика PDF-содержимого PDFium браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03578: Уязвимость библиотеки ANGLE браузера Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2019-03579: Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2019-03580: Уязвимость механизма отображения веб-страниц Blink веб-браузера Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2019-03581: Уязвимость файла chooser браузера Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2019-03582: Уязвимость браузера Google Chrome, связанная с ошибкой автозаполнения, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * BDU:2019-03583: Уязвимость скрипта ServiceWorker браузера Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2019-03584: Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2019-03585: Уязвимость механизма отображения веб-страниц Blink веб-браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * BDU:2019-03586: Уязвимость браузера Google Chrome, связанная с использованием неинициализированных значений, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * BDU:2019-03587: Уязвимость браузера Google Chrome, связанная с ошибками при проверке данных в инструментах разработчика. позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2019-03588: Уязвимость обработчика PDF-содержимого PDFium браузера Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2019-03589: Уязвимость обработчика PDF-содержимого PDFium браузера Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2019-03590: Уязвимость механизма отображения веб-страниц Blink веб-браузера Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2019-03591: Уязвимость браузера Google Chrome, связанная с переадресацией URL на ненадежный сайт, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность\n\n * BDU:2019-03592: Уязвимость браузера Google Chrome, связанная с ошибкой передачи параметров в медиапроигрывателе, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2020-01407: Уязвимость функции xsltNumberFormatGetMultipleLevel библиотеки для анализа XML-документов libxslt, связанная с доступом к ресурсу через несовместимые типы, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-01413: Уязвимость обработчика JavaScript-сценариев браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-01719: Уязвимость браузера Google Chrome, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2020-01720: Уязвимость браузера Google Chrome, связанная с неправильным контролем над ресурсом на протяжении его жизненного цикла, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-01721: Уязвимость графического движка ANGEL браузера Google Chrome, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2019-13698: Out of bounds memory access in JavaScript in Google Chrome prior to 73.0.3683.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2019-5805: Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.\n\n * CVE-2019-5806: Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2019-5807: Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2019-5808: Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2019-5809: Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.\n\n * CVE-2019-5810: Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.\n\n * CVE-2019-5811: Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.\n\n * CVE-2019-5812: Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page.\n\n * CVE-2019-5813: Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2019-5814: Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page.\n\n * CVE-2019-5815: Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.\n\n * CVE-2019-5816: Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page.\n\n * CVE-2019-5817: Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2019-5818: Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.\n\n * CVE-2019-5819: Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.\n\n * CVE-2019-5820: Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.\n\n * CVE-2019-5821: Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.\n\n * CVE-2019-5822: Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.\n\n * CVE-2019-5823: Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.\n\n * CVE-2019-5824: Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2019-5825: Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2019-5826: Use after free in IndexedDB in Google Chrome prior to 73.0.3683.86 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2019-5827: Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2019-5843: Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2020-6503: Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.\n\n * CVE-2020-6504: Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page.", "Advisory": { "From": "errata.altlinux.org", "Severity": "High", "Rights": "Copyright 2024 BaseALT Ltd.", "Issued": { "Date": "2019-05-08" }, "Updated": { "Date": "2019-05-08" }, "BDUs": [ { "ID": "BDU:2019-02857", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-190", "Href": "https://bdu.fstec.ru/vul/2019-02857", "Impact": "High", "Public": "20190412" }, { "ID": "BDU:2019-03577", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2019-03577", "Impact": "Low", "Public": "20190801" }, { "ID": "BDU:2019-03578", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-190", "Href": "https://bdu.fstec.ru/vul/2019-03578", "Impact": "High", "Public": "20190801" }, { "ID": "BDU:2019-03579", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-119", "Href": "https://bdu.fstec.ru/vul/2019-03579", "Impact": "High", "Public": "20190801" }, { "ID": "BDU:2019-03580", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2019-03580", "Impact": "High", "Public": "20190801" }, { "ID": "BDU:2019-03581", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2019-03581", "Impact": "High", "Public": "20190801" }, { "ID": "BDU:2019-03582", "CVSS": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "CWE": "CWE-200", "Href": "https://bdu.fstec.ru/vul/2019-03582", "Impact": "Low", "Public": "20190801" }, { "ID": "BDU:2019-03583", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-19", "Href": "https://bdu.fstec.ru/vul/2019-03583", "Impact": "High", "Public": "20190801" }, { "ID": "BDU:2019-03584", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2019-03584", "Impact": "High", "Public": "20190801" }, { "ID": "BDU:2019-03585", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "CWE": "CWE-285", "Href": "https://bdu.fstec.ru/vul/2019-03585", "Impact": "Low", "Public": "20190801" }, { "ID": "BDU:2019-03586", "CVSS": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "CWE": "CWE-200", "Href": "https://bdu.fstec.ru/vul/2019-03586", "Impact": "Low", "Public": "20190801" }, { "ID": "BDU:2019-03587", "CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "CVSS3": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-20", "Href": "https://bdu.fstec.ru/vul/2019-03587", "Impact": "High", "Public": "20190801" }, { "ID": "BDU:2019-03588", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-190", "Href": "https://bdu.fstec.ru/vul/2019-03588", "Impact": "High", "Public": "20190801" }, { "ID": "BDU:2019-03589", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-190", "Href": "https://bdu.fstec.ru/vul/2019-03589", "Impact": "High", "Public": "20190801" }, { "ID": "BDU:2019-03590", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-284", "Href": "https://bdu.fstec.ru/vul/2019-03590", "Impact": "High", "Public": "20190801" }, { "ID": "BDU:2019-03591", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "CWE": "CWE-601", "Href": "https://bdu.fstec.ru/vul/2019-03591", "Impact": "Low", "Public": "20190801" }, { "ID": "BDU:2019-03592", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-119", "Href": "https://bdu.fstec.ru/vul/2019-03592", "Impact": "High", "Public": "20190801" }, { "ID": "BDU:2020-01407", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-843", "Href": "https://bdu.fstec.ru/vul/2020-01407", "Impact": "High", "Public": "20191210" }, { "ID": "BDU:2020-01413", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2020-01413", "Impact": "Low", "Public": "20200108" }, { "ID": "BDU:2020-01719", "CVSS": "AV:N/AC:M/Au:N/C:N/I:C/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "CWE": "CWE-20", "Href": "https://bdu.fstec.ru/vul/2020-01719", "Impact": "Low", "Public": "20190627" }, { "ID": "BDU:2020-01720", "CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-644", "Href": "https://bdu.fstec.ru/vul/2020-01720", "Impact": "High", "Public": "20190627" }, { "ID": "BDU:2020-01721", "CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-119", "Href": "https://bdu.fstec.ru/vul/2020-01721", "Impact": "High", "Public": "20190627" } ], "CVEs": [ { "ID": "CVE-2019-13698", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-13698", "Impact": "High", "Public": "20191125" }, { "ID": "CVE-2019-5805", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5805", "Impact": "Low", "Public": "20190627" }, { "ID": "CVE-2019-5806", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5806", "Impact": "High", "Public": "20190627" }, { "ID": "CVE-2019-5807", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5807", "Impact": "High", "Public": "20190627" }, { "ID": "CVE-2019-5808", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5808", "Impact": "High", "Public": "20190627" }, { "ID": "CVE-2019-5809", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5809", "Impact": "High", "Public": "20190627" }, { "ID": "CVE-2019-5810", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "CWE": "CWE-312", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5810", "Impact": "Low", "Public": "20190627" }, { "ID": "CVE-2019-5811", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5811", "Impact": "High", "Public": "20190627" }, { "ID": "CVE-2019-5812", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5812", "Impact": "Low", "Public": "20190627" }, { "ID": "CVE-2019-5813", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5813", "Impact": "High", "Public": "20190627" }, { "ID": "CVE-2019-5814", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "CWE": "CWE-352", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5814", "Impact": "Low", "Public": "20190627" }, { "ID": "CVE-2019-5815", "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5815", "Impact": "High", "Public": "20191211" }, { "ID": "CVE-2019-5816", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-664", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5816", "Impact": "High", "Public": "20190627" }, { "ID": "CVE-2019-5817", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5817", "Impact": "High", "Public": "20190627" }, { "ID": "CVE-2019-5818", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "CWE": "CWE-908", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5818", "Impact": "Low", "Public": "20190627" }, { "ID": "CVE-2019-5819", "CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5819", "Impact": "High", "Public": "20190627" }, { "ID": "CVE-2019-5820", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5820", "Impact": "High", "Public": "20190627" }, { "ID": "CVE-2019-5821", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5821", "Impact": "High", "Public": "20190627" }, { "ID": "CVE-2019-5822", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5822", "Impact": "High", "Public": "20190627" }, { "ID": "CVE-2019-5823", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "CWE": "CWE-601", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5823", "Impact": "Low", "Public": "20190627" }, { "ID": "CVE-2019-5824", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5824", "Impact": "High", "Public": "20190627" }, { "ID": "CVE-2019-5825", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5825", "Impact": "Low", "Public": "20191125" }, { "ID": "CVE-2019-5826", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5826", "Impact": "Low", "Public": "20191125" }, { "ID": "CVE-2019-5827", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5827", "Impact": "High", "Public": "20190627" }, { "ID": "CVE-2019-5843", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-787", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5843", "Impact": "High", "Public": "20191210" }, { "ID": "CVE-2020-6503", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "CWE": "CWE-209", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6503", "Impact": "Low", "Public": "20200603" }, { "ID": "CVE-2020-6504", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "CWE-276", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6504", "Impact": "Low", "Public": "20200603" } ], "AffectedCPEs": { "CPEs": [ "cpe:/o:alt:spworkstation:8.4", "cpe:/o:alt:spserver:8.4" ] } } }, "Criteria": { "Operator": "AND", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:3001", "Comment": "ALT Linux must be installed" } ], "Criterias": [ { "Operator": "OR", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:20191782001", "Comment": "chromium is earlier than 0:74.0.3729.131-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20191782002", "Comment": "chromium-gnome is earlier than 0:74.0.3729.131-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20191782003", "Comment": "chromium-kde is earlier than 0:74.0.3729.131-alt1" } ] } ] } } ] }