{ "Definition": [ { "ID": "oval:org.altlinux.errata:def:20181126", "Version": "oval:org.altlinux.errata:def:20181126", "Class": "patch", "Metadata": { "Title": "ALT-PU-2018-1126: package `chromium` update to version 64.0.3282.119-alt1", "AffectedList": [ { "Family": "unix", "Platforms": [ "ALT Linux branch c10f1" ], "Products": [ "ALT SP Workstation", "ALT SP Server" ] } ], "References": [ { "RefID": "ALT-PU-2018-1126", "RefURL": "https://errata.altlinux.org/ALT-PU-2018-1126", "Source": "ALTPU" }, { "RefID": "BDU:2018-01520", "RefURL": "https://bdu.fstec.ru/vul/2018-01520", "Source": "BDU" }, { "RefID": "BDU:2018-01521", "RefURL": "https://bdu.fstec.ru/vul/2018-01521", "Source": "BDU" }, { "RefID": "BDU:2018-01522", "RefURL": "https://bdu.fstec.ru/vul/2018-01522", "Source": "BDU" }, { "RefID": "CVE-2017-15420", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15420", "Source": "CVE" }, { "RefID": "CVE-2018-6031", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6031", "Source": "CVE" }, { "RefID": "CVE-2018-6032", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6032", "Source": "CVE" }, { "RefID": "CVE-2018-6033", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6033", "Source": "CVE" }, { "RefID": "CVE-2018-6034", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6034", "Source": "CVE" }, { "RefID": "CVE-2018-6035", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6035", "Source": "CVE" }, { "RefID": "CVE-2018-6036", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6036", "Source": "CVE" }, { "RefID": "CVE-2018-6037", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6037", "Source": "CVE" }, { "RefID": "CVE-2018-6038", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6038", "Source": "CVE" }, { "RefID": "CVE-2018-6039", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6039", "Source": "CVE" }, { "RefID": "CVE-2018-6040", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6040", "Source": "CVE" }, { "RefID": "CVE-2018-6041", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6041", "Source": "CVE" }, { "RefID": "CVE-2018-6042", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6042", "Source": "CVE" }, { "RefID": "CVE-2018-6043", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6043", "Source": "CVE" }, { "RefID": "CVE-2018-6045", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6045", "Source": "CVE" }, { "RefID": "CVE-2018-6046", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6046", "Source": "CVE" }, { "RefID": "CVE-2018-6047", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6047", "Source": "CVE" }, { "RefID": "CVE-2018-6048", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6048", "Source": "CVE" }, { "RefID": "CVE-2018-6049", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6049", "Source": "CVE" }, { "RefID": "CVE-2018-6050", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6050", "Source": "CVE" }, { "RefID": "CVE-2018-6051", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6051", "Source": "CVE" }, { "RefID": "CVE-2018-6052", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6052", "Source": "CVE" }, { "RefID": "CVE-2018-6053", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6053", "Source": "CVE" }, { "RefID": "CVE-2018-6054", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6054", "Source": "CVE" }, { "RefID": "CVE-2018-6055", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6055", "Source": "CVE" }, { "RefID": "CVE-2018-6119", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6119", "Source": "CVE" } ], "Description": "This update upgrades chromium to version 64.0.3282.119-alt1. \nSecurity Fix(es):\n\n * BDU:2018-01520: Уязвимость компонента Catalog Service браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2018-01521: Уязвимость компонента External Protocol Handler браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2018-01522: Уязвимость компонента Download File Handler браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2017-15420: Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n\n * CVE-2018-6031: Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.\n\n * CVE-2018-6032: Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.\n\n * CVE-2018-6033: Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.\n\n * CVE-2018-6034: Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.\n\n * CVE-2018-6035: Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.\n\n * CVE-2018-6036: Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.\n\n * CVE-2018-6037: Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.\n\n * CVE-2018-6038: Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.\n\n * CVE-2018-6039: Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.\n\n * CVE-2018-6040: Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.\n\n * CVE-2018-6041: Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n\n * CVE-2018-6042: Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n\n * CVE-2018-6043: Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.\n\n * CVE-2018-6045: Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.\n\n * CVE-2018-6046: Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.\n\n * CVE-2018-6047: Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.\n\n * CVE-2018-6048: Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.\n\n * CVE-2018-6049: Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.\n\n * CVE-2018-6050: Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n\n * CVE-2018-6051: XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.\n\n * CVE-2018-6052: Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.\n\n * CVE-2018-6053: Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.\n\n * CVE-2018-6054: Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.\n\n * CVE-2018-6055: Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.\n\n * CVE-2018-6119: Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", "Advisory": { "From": "errata.altlinux.org", "Severity": "High", "Rights": "Copyright 2024 BaseALT Ltd.", "Issued": { "Date": "2018-02-06" }, "Updated": { "Date": "2018-02-06" }, "BDUs": [ { "ID": "BDU:2018-01520", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-20", "Href": "https://bdu.fstec.ru/vul/2018-01520", "Impact": "High", "Public": "20171201" }, { "ID": "BDU:2018-01521", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-20", "Href": "https://bdu.fstec.ru/vul/2018-01521", "Impact": "High", "Public": "20171116" }, { "ID": "BDU:2018-01522", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-20", "Href": "https://bdu.fstec.ru/vul/2018-01522", "Impact": "High", "Public": "20171209" } ], "CVEs": [ { "ID": "CVE-2017-15420", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15420", "Impact": "Low", "Public": "20180828" }, { "ID": "CVE-2018-6031", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6031", "Impact": "High", "Public": "20180925" }, { "ID": "CVE-2018-6032", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6032", "Impact": "Low", "Public": "20180925" }, { "ID": "CVE-2018-6033", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6033", "Impact": "High", "Public": "20180925" }, { "ID": "CVE-2018-6034", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "CWE": "CWE-125", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6034", "Impact": "High", "Public": "20180925" }, { "ID": "CVE-2018-6035", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-200", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6035", "Impact": "High", "Public": "20180925" }, { "ID": "CVE-2018-6036", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6036", "Impact": "Low", "Public": "20180925" }, { "ID": "CVE-2018-6037", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "CWE": "CWE-200", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6037", "Impact": "Low", "Public": "20180925" }, { "ID": "CVE-2018-6038", "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "CWE": "CWE-119", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6038", "Impact": "Low", "Public": "20180925" }, { "ID": "CVE-2018-6039", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6039", "Impact": "Low", "Public": "20180925" }, { "ID": "CVE-2018-6040", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "CWE": "CWE-732", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6040", "Impact": "Low", "Public": "20180925" }, { "ID": "CVE-2018-6041", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6041", "Impact": "Low", "Public": "20180925" }, { "ID": "CVE-2018-6042", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6042", "Impact": "Low", "Public": "20180925" }, { "ID": "CVE-2018-6043", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6043", "Impact": "High", "Public": "20180925" }, { "ID": "CVE-2018-6045", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "CWE": "CWE-200", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6045", "Impact": "Low", "Public": "20180925" }, { "ID": "CVE-2018-6046", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6046", "Impact": "Low", "Public": "20180925" }, { "ID": "CVE-2018-6047", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6047", "Impact": "Low", "Public": "20180925" }, { "ID": "CVE-2018-6048", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6048", "Impact": "Low", "Public": "20180925" }, { "ID": "CVE-2018-6049", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6049", "Impact": "Low", "Public": "20180925" }, { "ID": "CVE-2018-6050", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6050", "Impact": "Low", "Public": "20180925" }, { "ID": "CVE-2018-6051", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "CWE": "CWE-79", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6051", "Impact": "Low", "Public": "20180925" }, { "ID": "CVE-2018-6052", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "CWE": "CWE-200", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6052", "Impact": "Low", "Public": "20180925" }, { "ID": "CVE-2018-6053", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "CWE": "CWE-200", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6053", "Impact": "Low", "Public": "20180925" }, { "ID": "CVE-2018-6054", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6054", "Impact": "High", "Public": "20180925" }, { "ID": "CVE-2018-6055", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6055", "Impact": "High", "Public": "20180925" }, { "ID": "CVE-2018-6119", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "CWE": "CWE-20", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6119", "Impact": "Low", "Public": "20180925" } ], "AffectedCPEs": { "CPEs": [ "cpe:/o:alt:spworkstation:10", "cpe:/o:alt:spserver:10" ] } } }, "Criteria": { "Operator": "AND", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:4001", "Comment": "ALT Linux must be installed" } ], "Criterias": [ { "Operator": "OR", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:20181126001", "Comment": "chromium is earlier than 0:64.0.3282.119-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20181126002", "Comment": "chromium-gnome is earlier than 0:64.0.3282.119-alt1" }, { "TestRef": "oval:org.altlinux.errata:tst:20181126003", "Comment": "chromium-kde is earlier than 0:64.0.3282.119-alt1" } ] } ] } } ] }