262 lines
12 KiB
JSON
262 lines
12 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20171308",
|
|
"Version": "oval:org.altlinux.errata:def:20171308",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2017-1308: package `adobe-flash-player-ppapi` update to version 25-alt1.S1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c10f1"
|
|
],
|
|
"Products": [
|
|
"ALT SP Workstation",
|
|
"ALT SP Server"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2017-1308",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-1308",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-00603",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-00603",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-00604",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-00604",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-00640",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-00640",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-00641",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-00641",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-00642",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-00642",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-00643",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-00643",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-00644",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-00644",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-2997",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2997",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-2998",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2998",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-2999",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2999",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-3000",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3000",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-3001",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3001",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-3002",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3002",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-3003",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3003",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades adobe-flash-player-ppapi to version 25-alt1.S1. \nSecurity Fix(es):\n\n * BDU:2017-00603: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-00604: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-00640: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-00641: Уязвимость программной платформы Flash Player, позволяющая злоумышленнику нарушить конфиденциальность информации\n\n * BDU:2017-00642: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-00643: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-00644: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2017-2997: Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability in the Primetime TVSDK that supports customizing ad information. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-2998: Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-2999: Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-3000: Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure.\n\n * CVE-2017-3001: Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-3002: Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-3003: Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. Successful exploitation could lead to arbitrary code execution.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Critical",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2017-03-20"
|
|
},
|
|
"Updated": {
|
|
"Date": "2017-03-20"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2017-00603",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-416",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-00603",
|
|
"Impact": "Critical",
|
|
"Public": "20170314"
|
|
},
|
|
{
|
|
"ID": "BDU:2017-00604",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-416",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-00604",
|
|
"Impact": "Critical",
|
|
"Public": "20170314"
|
|
},
|
|
{
|
|
"ID": "BDU:2017-00640",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-416",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-00640",
|
|
"Impact": "Critical",
|
|
"Public": "20170314"
|
|
},
|
|
{
|
|
"ID": "BDU:2017-00641",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
|
"CWE": "CWE-200",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-00641",
|
|
"Impact": "Low",
|
|
"Public": "20170314"
|
|
},
|
|
{
|
|
"ID": "BDU:2017-00642",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-00642",
|
|
"Impact": "Critical",
|
|
"Public": "20170314"
|
|
},
|
|
{
|
|
"ID": "BDU:2017-00643",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-00643",
|
|
"Impact": "Critical",
|
|
"Public": "20170314"
|
|
},
|
|
{
|
|
"ID": "BDU:2017-00644",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-00644",
|
|
"Impact": "Critical",
|
|
"Public": "20170314"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2017-2997",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2997",
|
|
"Impact": "High",
|
|
"Public": "20170314"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-2998",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-787",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2998",
|
|
"Impact": "High",
|
|
"Public": "20170314"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-2999",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-787",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2999",
|
|
"Impact": "High",
|
|
"Public": "20170314"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-3000",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
|
|
"CWE": "NVD-CWE-noinfo",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3000",
|
|
"Impact": "Low",
|
|
"Public": "20170314"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-3001",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-416",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3001",
|
|
"Impact": "High",
|
|
"Public": "20170314"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-3002",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-416",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3002",
|
|
"Impact": "High",
|
|
"Public": "20170314"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-3003",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-416",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3003",
|
|
"Impact": "High",
|
|
"Public": "20170314"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:10",
|
|
"cpe:/o:alt:spserver:10"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:5001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171308001",
|
|
"Comment": "ppapi-plugin-adobe-flash is earlier than 3:25.0.0.127-alt1.S1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |