159 lines
6.3 KiB
JSON
159 lines
6.3 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20221469",
|
|
"Version": "oval:org.altlinux.errata:def:20221469",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2022-1469: package `firefox-esr` update to version 91.6.1-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p10"
|
|
],
|
|
"Products": [
|
|
"ALT Server",
|
|
"ALT Virtualization Server",
|
|
"ALT Workstation",
|
|
"ALT Workstation K",
|
|
"ALT Education",
|
|
"Simply Linux",
|
|
"Starterkit"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2022-1469",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-1469",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2022-01146",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2022-01146",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2022-01147",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2022-01147",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2022-26485",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-26485",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2022-26486",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-26486",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades firefox-esr to version 91.6.1-alt1. \nSecurity Fix(es):\n\n * BDU:2022-01146: Уязвимость параметра XSLT браузеров Mozilla Firefox и Focus, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01147: Уязвимость программного интерфейса обработки 3D-графики и вычислений WebGPU браузеров Mozilla Firefox и Focus, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2022-26485: Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox \u003c 97.0.2, Firefox ESR \u003c 91.6.1, Firefox for Android \u003c 97.3.0, Thunderbird \u003c 91.6.2, and Focus \u003c 97.3.0.\n\n * CVE-2022-26486: An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox \u003c 97.0.2, Firefox ESR \u003c 91.6.1, Firefox for Android \u003c 97.3.0, Thunderbird \u003c 91.6.2, and Focus \u003c 97.3.0.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Critical",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2022-03-11"
|
|
},
|
|
"Updated": {
|
|
"Date": "2022-03-11"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2022-01146",
|
|
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-416",
|
|
"Href": "https://bdu.fstec.ru/vul/2022-01146",
|
|
"Impact": "High",
|
|
"Public": "20220305"
|
|
},
|
|
{
|
|
"ID": "BDU:2022-01147",
|
|
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-416",
|
|
"Href": "https://bdu.fstec.ru/vul/2022-01147",
|
|
"Impact": "High",
|
|
"Public": "20220305"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2022-26485",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-416",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-26485",
|
|
"Impact": "High",
|
|
"Public": "20221222"
|
|
},
|
|
{
|
|
"ID": "CVE-2022-26486",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
|
|
"CWE": "CWE-416",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-26486",
|
|
"Impact": "Critical",
|
|
"Public": "20221222"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:kworkstation:10",
|
|
"cpe:/o:alt:workstation:10",
|
|
"cpe:/o:alt:server:10",
|
|
"cpe:/o:alt:server-v:10",
|
|
"cpe:/o:alt:education:10",
|
|
"cpe:/o:alt:slinux:10",
|
|
"cpe:/o:alt:starterkit:p10",
|
|
"cpe:/o:alt:kworkstation:10.1",
|
|
"cpe:/o:alt:workstation:10.1",
|
|
"cpe:/o:alt:server:10.1",
|
|
"cpe:/o:alt:server-v:10.1",
|
|
"cpe:/o:alt:education:10.1",
|
|
"cpe:/o:alt:slinux:10.1",
|
|
"cpe:/o:alt:starterkit:10.1",
|
|
"cpe:/o:alt:kworkstation:10.2",
|
|
"cpe:/o:alt:workstation:10.2",
|
|
"cpe:/o:alt:server:10.2",
|
|
"cpe:/o:alt:server-v:10.2",
|
|
"cpe:/o:alt:education:10.2",
|
|
"cpe:/o:alt:slinux:10.2",
|
|
"cpe:/o:alt:starterkit:10.2"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:2001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221469001",
|
|
"Comment": "firefox-esr is earlier than 0:91.6.1-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221469002",
|
|
"Comment": "firefox-esr-config-privacy is earlier than 0:91.6.1-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221469003",
|
|
"Comment": "firefox-esr-wayland is earlier than 0:91.6.1-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |