vuln-list-alt/oval/c9f2/ALT-PU-2019-1527/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20191527",
      "Version": "oval:org.altlinux.errata:def:20191527",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2019-1527: package `thunderbird` update to version 60.6.1-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c9f2"
            ],
            "Products": [
              "ALT SPWorkstation",
              "ALT SPServer"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2019-1527",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2019-1527",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2019-01276",
            "RefURL": "https://bdu.fstec.ru/vul/2019-01276",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2019-01277",
            "RefURL": "https://bdu.fstec.ru/vul/2019-01277",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2019-9810",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9810",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2019-9813",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9813",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades thunderbird to version 60.6.1-alt1. \nSecurity Fix(es):\n\n * BDU:2019-01276: Уязвимость метода Array.prototype.slice JIT-компилятора IonMonkey браузера Firefox ESR, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2019-01277: Уязвимость функции of __proto__ mutations JIT-компилятора IonMonkey  браузера Firefox ESR, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2019-9810: Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox \u003c 66.0.1, Firefox ESR \u003c 60.6.1, and Thunderbird \u003c 60.6.1.\n\n * CVE-2019-9813: Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox \u003c 66.0.1, Firefox ESR \u003c 60.6.1, and Thunderbird \u003c 60.6.1.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2019-03-26"
          },
          "Updated": {
            "Date": "2019-03-26"
          },
          "BDUs": [
            {
              "ID": "BDU:2019-01276",
              "CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
              "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "CWE": "CWE-119",
              "Href": "https://bdu.fstec.ru/vul/2019-01276",
              "Impact": "High",
              "Public": "20190322"
            },
            {
              "ID": "BDU:2019-01277",
              "CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
              "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "CWE": "CWE-843",
              "Href": "https://bdu.fstec.ru/vul/2019-01277",
              "Impact": "High",
              "Public": "20190322"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2019-9810",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "CWE": "CWE-119",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9810",
              "Impact": "High",
              "Public": "20190426"
            },
            {
              "ID": "CVE-2019-9813",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "CWE": "CWE-843",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9813",
              "Impact": "High",
              "Public": "20190426"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:8.4",
              "cpe:/o:alt:spserver:8.4"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191527001",
                "Comment": "rpm-build-thunderbird is earlier than 0:60.6.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191527002",
                "Comment": "thunderbird is earlier than 0:60.6.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191527003",
                "Comment": "thunderbird-enigmail is earlier than 0:60.6.1-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}