{ "Definition": [ { "ID": "oval:org.altlinux.errata:def:20171150", "Version": "oval:org.altlinux.errata:def:20171150", "Class": "patch", "Metadata": { "Title": "ALT-PU-2017-1150: package `chromium` update to version 56.0.2924.87-alt1", "AffectedList": [ { "Family": "unix", "Platforms": [ "ALT Linux branch c10f1" ], "Products": [ "ALT SP Workstation", "ALT SP Server" ] } ], "References": [ { "RefID": "ALT-PU-2017-1150", "RefURL": "https://errata.altlinux.org/ALT-PU-2017-1150", "Source": "ALTPU" }, { "RefID": "BDU:2017-00376", "RefURL": "https://bdu.fstec.ru/vul/2017-00376", "Source": "BDU" }, { "RefID": "BDU:2017-00377", "RefURL": "https://bdu.fstec.ru/vul/2017-00377", "Source": "BDU" }, { "RefID": "BDU:2017-00378", "RefURL": "https://bdu.fstec.ru/vul/2017-00378", "Source": "BDU" }, { "RefID": "BDU:2017-00379", "RefURL": "https://bdu.fstec.ru/vul/2017-00379", "Source": "BDU" }, { "RefID": "BDU:2017-00380", "RefURL": "https://bdu.fstec.ru/vul/2017-00380", "Source": "BDU" }, { "RefID": "BDU:2017-00381", "RefURL": "https://bdu.fstec.ru/vul/2017-00381", "Source": "BDU" }, { "RefID": "BDU:2017-00382", "RefURL": "https://bdu.fstec.ru/vul/2017-00382", "Source": "BDU" }, { "RefID": "BDU:2017-00383", "RefURL": "https://bdu.fstec.ru/vul/2017-00383", "Source": "BDU" }, { "RefID": "BDU:2017-00384", "RefURL": "https://bdu.fstec.ru/vul/2017-00384", "Source": "BDU" }, { "RefID": "BDU:2017-00385", "RefURL": "https://bdu.fstec.ru/vul/2017-00385", "Source": "BDU" }, { "RefID": "BDU:2017-00386", "RefURL": "https://bdu.fstec.ru/vul/2017-00386", "Source": "BDU" }, { "RefID": "BDU:2017-00387", "RefURL": "https://bdu.fstec.ru/vul/2017-00387", "Source": "BDU" }, { "RefID": "BDU:2017-00388", "RefURL": "https://bdu.fstec.ru/vul/2017-00388", "Source": "BDU" }, { "RefID": "BDU:2017-00389", "RefURL": "https://bdu.fstec.ru/vul/2017-00389", "Source": "BDU" }, { "RefID": "BDU:2017-00390", "RefURL": "https://bdu.fstec.ru/vul/2017-00390", "Source": "BDU" }, { "RefID": "BDU:2017-00391", "RefURL": "https://bdu.fstec.ru/vul/2017-00391", "Source": "BDU" }, { "RefID": "BDU:2017-00392", "RefURL": "https://bdu.fstec.ru/vul/2017-00392", "Source": "BDU" }, { "RefID": "BDU:2017-00393", "RefURL": "https://bdu.fstec.ru/vul/2017-00393", "Source": "BDU" }, { "RefID": "CVE-2017-1000460", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000460", "Source": "CVE" }, { "RefID": "CVE-2017-5006", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5006", "Source": "CVE" }, { "RefID": "CVE-2017-5007", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5007", "Source": "CVE" }, { "RefID": "CVE-2017-5008", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5008", "Source": "CVE" }, { "RefID": "CVE-2017-5009", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5009", "Source": "CVE" }, { "RefID": "CVE-2017-5010", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5010", "Source": "CVE" }, { "RefID": "CVE-2017-5011", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5011", "Source": "CVE" }, { "RefID": "CVE-2017-5012", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5012", "Source": "CVE" }, { "RefID": "CVE-2017-5013", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5013", "Source": "CVE" }, { "RefID": "CVE-2017-5014", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5014", "Source": "CVE" }, { "RefID": "CVE-2017-5015", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5015", "Source": "CVE" }, { "RefID": "CVE-2017-5016", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5016", "Source": "CVE" }, { "RefID": "CVE-2017-5017", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5017", "Source": "CVE" }, { "RefID": "CVE-2017-5018", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5018", "Source": "CVE" }, { "RefID": "CVE-2017-5019", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5019", "Source": "CVE" }, { "RefID": "CVE-2017-5020", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5020", "Source": "CVE" }, { "RefID": "CVE-2017-5021", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5021", "Source": "CVE" }, { "RefID": "CVE-2017-5022", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5022", "Source": "CVE" }, { "RefID": "CVE-2017-5023", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5023", "Source": "CVE" }, { "RefID": "CVE-2017-5024", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5024", "Source": "CVE" }, { "RefID": "CVE-2017-5025", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5025", "Source": "CVE" }, { "RefID": "CVE-2017-5026", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5026", "Source": "CVE" }, { "RefID": "CVE-2017-5027", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5027", "Source": "CVE" }, { "RefID": "CVE-2017-5028", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5028", "Source": "CVE" } ], "Description": "This update upgrades chromium to version 56.0.2924.87-alt1. \nSecurity Fix(es):\n\n * BDU:2017-00376: Уязвимость браузера Google Chrome, позволяющая нарушителю обойти политику безопасности контента\n\n * BDU:2017-00377: Уязвимость браузера Google Chrome, позволяющая нарушителю просматривать оповещения\n\n * BDU:2017-00378: Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2017-00379: Уязвимость браузера Google Chrome, позволяющая нарушителю получить доступ к локальным файлам\n\n * BDU:2017-00380: Уязвимость браузера Google Chrome, позволяющая нарушителю обойти политику безопасности контента\n\n * BDU:2017-00381: Уязвимость браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-00382: Уязвимость браузера Google Chrome, позволяющая нарушителю получить доступ к защищаемой информации\n\n * BDU:2017-00383: Уязвимость браузера Google Chrome, позволяющая нарушителю просматривать некоторые элементы пользовательского интерфейса\n\n * BDU:2017-00384: Уязвимость браузера Google Chrome, позволяющая нарушителю выполнить подмену домена\n\n * BDU:2017-00385: Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2017-00386: Уязвимость браузера Google Chrome, позволяющая нарушителю подменить содержимое в Omnibox (URL bar)\n\n * BDU:2017-00387: Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2017-00388: Уязвимость браузера Google Chrome, позволяющая нарушителю установить вредоносное расширение\n\n * BDU:2017-00389: Уязвимость браузера Google Chrome, позволяющая нарушителю внедрить произвольный скрипт\n\n * BDU:2017-00390: Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2017-00391: Уязвимость браузера Google Chrome, позволяющая нарушителю внедрить произвольный скрипт\n\n * BDU:2017-00392: Уязвимость браузера Google Chrome, позволяющая нарушителю внедрить произвольный скрипт\n\n * BDU:2017-00393: Уязвимость компонента Blink браузера Google Chrome, позволяющая нарушителю внедрить произвольный скрипт\n\n * CVE-2017-1000460: In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(\u0026gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.\n\n * CVE-2017-5006: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.\n\n * CVE-2017-5007: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.\n\n * CVE-2017-5008: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.\n\n * CVE-2017-5009: WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2017-5010: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.\n\n * CVE-2017-5011: Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page.\n\n * CVE-2017-5012: A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2017-5013: Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n\n * CVE-2017-5014: Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.\n\n * CVE-2017-5015: Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.\n\n * CVE-2017-5016: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page.\n\n * CVE-2017-5017: Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page.\n\n * CVE-2017-5018: Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.\n\n * CVE-2017-5019: A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2017-5020: Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.\n\n * CVE-2017-5021: A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.\n\n * CVE-2017-5022: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page.\n\n * CVE-2017-5023: Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page.\n\n * CVE-2017-5024: FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.\n\n * CVE-2017-5025: FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.\n\n * CVE-2017-5026: Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page.\n\n * CVE-2017-5027: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page.\n\n * CVE-2017-5028: Insufficient data validation in V8 in Google Chrome prior to 56.0.2924.76 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", "Advisory": { "From": "errata.altlinux.org", "Severity": "High", "Rights": "Copyright 2024 BaseALT Ltd.", "Issued": { "Date": "2017-02-09" }, "Updated": { "Date": "2017-02-09" }, "BDUs": [ { "ID": "BDU:2017-00376", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CWE": "CWE-284", "Href": "https://bdu.fstec.ru/vul/2017-00376", "Impact": "Low", "Public": "20170217" }, { "ID": "BDU:2017-00377", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CWE": "CWE-284", "Href": "https://bdu.fstec.ru/vul/2017-00377", "Impact": "Low", "Public": "20170217" }, { "ID": "BDU:2017-00378", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CWE": "CWE-119", "Href": "https://bdu.fstec.ru/vul/2017-00378", "Impact": "Low", "Public": "20170217" }, { "ID": "BDU:2017-00379", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CWE": "CWE-476", "Href": "https://bdu.fstec.ru/vul/2017-00379", "Impact": "Low", "Public": "20170217" }, { "ID": "BDU:2017-00380", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CWE": "CWE-284", "Href": "https://bdu.fstec.ru/vul/2017-00380", "Impact": "Low", "Public": "20170217" }, { "ID": "BDU:2017-00381", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CWE": "CWE-79", "Href": "https://bdu.fstec.ru/vul/2017-00381", "Impact": "Low", "Public": "20170217" }, { "ID": "BDU:2017-00382", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2017-00382", "Impact": "Low", "Public": "20170217" }, { "ID": "BDU:2017-00383", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CWE": "CWE-284", "Href": "https://bdu.fstec.ru/vul/2017-00383", "Impact": "Low", "Public": "20170217" }, { "ID": "BDU:2017-00384", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CWE": "CWE-284", "Href": "https://bdu.fstec.ru/vul/2017-00384", "Impact": "Low", "Public": "20170217" }, { "ID": "BDU:2017-00385", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CWE": "CWE-119", "Href": "https://bdu.fstec.ru/vul/2017-00385", "Impact": "Low", "Public": "20170217" }, { "ID": "BDU:2017-00386", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CWE": "CWE-284", "Href": "https://bdu.fstec.ru/vul/2017-00386", "Impact": "Low", "Public": "20170217" }, { "ID": "BDU:2017-00387", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CWE": "CWE-119", "Href": "https://bdu.fstec.ru/vul/2017-00387", "Impact": "Low", "Public": "20170217" }, { "ID": "BDU:2017-00388", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CWE": "CWE-200", "Href": "https://bdu.fstec.ru/vul/2017-00388", "Impact": "Low", "Public": "20170217" }, { "ID": "BDU:2017-00389", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CWE": "CWE-79", "Href": "https://bdu.fstec.ru/vul/2017-00389", "Impact": "Low", "Public": "20170217" }, { "ID": "BDU:2017-00390", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CWE": "CWE-119", "Href": "https://bdu.fstec.ru/vul/2017-00390", "Impact": "Low", "Public": "20170217" }, { "ID": "BDU:2017-00391", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CWE": "CWE-79", "Href": "https://bdu.fstec.ru/vul/2017-00391", "Impact": "Low", "Public": "20170217" }, { "ID": "BDU:2017-00392", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CWE": "CWE-79", "Href": "https://bdu.fstec.ru/vul/2017-00392", "Impact": "Low", "Public": "20170217" }, { "ID": "BDU:2017-00393", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "CWE": "CWE-79", "Href": "https://bdu.fstec.ru/vul/2017-00393", "Impact": "High", "Public": "20170217" } ], "CVEs": [ { "ID": "CVE-2017-1000460", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-476", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000460", "Impact": "Low", "Public": "20180103" }, { "ID": "CVE-2017-5006", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "CWE": "CWE-79", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5006", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5007", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "CWE": "CWE-79", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5007", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5008", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "CWE": "CWE-79", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5008", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5009", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-119", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5009", "Impact": "High", "Public": "20170217" }, { "ID": "CVE-2017-5010", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "CWE": "CWE-79", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5010", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5011", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "CWE": "CWE-200", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5011", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5012", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-119", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5012", "Impact": "High", "Public": "20170217" }, { "ID": "CVE-2017-5013", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5013", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5014", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "CWE": "CWE-119", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5014", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5015", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5015", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5016", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "CWE": "CWE-1021", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5016", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5017", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "CWE": "CWE-200", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5017", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5018", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "CWE": "CWE-79", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5018", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5019", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5019", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5020", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "CWE": "CWE-79", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5020", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5021", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5021", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5022", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5022", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5023", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "CWE": "CWE-476", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5023", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5024", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-119", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5024", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5025", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-119", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5025", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5026", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "CWE-1021", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5026", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5027", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5027", "Impact": "Low", "Public": "20170217" }, { "ID": "CVE-2017-5028", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5028", "Impact": "Low", "Public": "20190627" } ], "AffectedCPEs": { "CPEs": [ "cpe:/o:alt:spworkstation:10", "cpe:/o:alt:spserver:10" ] } } }, "Criteria": { "Operator": "AND", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:4001", "Comment": "ALT Linux must be installed" } ], "Criterias": [ { "Operator": "OR", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:20171150001", "Comment": "chromium is earlier than 0:56.0.2924.87-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20171150002", "Comment": "chromium-gnome is earlier than 0:56.0.2924.87-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20171150003", "Comment": "chromium-kde is earlier than 0:56.0.2924.87-alt1" } ] } ] } } ] }