pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2bf9da991e
vuln-list-alt/oval/c10f1/ALT-PU-2013-1102/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

366 lines
19 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20131102",
"Version": "oval:org.altlinux.errata:def:20131102",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2013-1102: package `chromium` update to version 30.0.1599.114-alt1.r229842",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2013-1102",
"RefURL": "https://errata.altlinux.org/ALT-PU-2013-1102",
"Source": "ALTPU"
},
{
"RefID": "CVE-2013-2906",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2906",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2907",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2907",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2908",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2908",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2909",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2909",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2910",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2910",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2911",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2911",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2912",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2912",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2913",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2913",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2915",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2915",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2916",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2916",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2917",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2917",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2918",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2918",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2919",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2919",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2920",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2920",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2921",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2921",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2922",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2922",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2923",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2923",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2924",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2924",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2925",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2925",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2926",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2926",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2927",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2927",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2928",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2928",
"Source": "CVE"
}
],
"Description": "This update upgrades chromium to version 30.0.1599.114-alt1.r229842. \nSecurity Fix(es):\n\n * CVE-2013-2906: Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to threading in core/html/HTMLMediaElement.cpp, core/platform/audio/AudioDSPKernelProcessor.cpp, core/platform/audio/HRTFElevation.cpp, and modules/webaudio/ConvolverNode.cpp.\n\n * CVE-2013-2907: The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.\n\n * CVE-2013-2908: Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code.\n\n * CVE-2013-2909: Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to inline-block rendering for bidirectional Unicode text in an element isolated from its siblings.\n\n * CVE-2013-2910: Use-after-free vulnerability in modules/webaudio/AudioScheduledSourceNode.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.\n\n * CVE-2013-2911: Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of post-failure recompilation in unspecified libxslt versions.\n\n * CVE-2013-2912: Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a resource-destruction message.\n\n * CVE-2013-2913: Use-after-free vulnerability in the XMLDocumentParser::append function in core/xml/parser/XMLDocumentParser.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an XML document.\n\n * CVE-2013-2915: Google Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in certain invalid circumstances, which allows remote attackers to spoof the address bar via a URL with a malformed scheme, as demonstrated by a nonexistent:12121 URL.\n\n * CVE-2013-2916: Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code, in conjunction with a delay in notifying the user of an attempted spoof.\n\n * CVE-2013-2917: The ReverbConvolverStage::ReverbConvolverStage function in core/platform/audio/ReverbConvolverStage.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the impulseResponse array.\n\n * CVE-2013-2918: Use-after-free vulnerability in the RenderBlock::collapseAnonymousBlockChild function in core/rendering/RenderBlock.cpp in the DOM implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect handling of parent-child relationships for anonymous blocks.\n\n * CVE-2013-2919: Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.\n\n * CVE-2013-2920: The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/ substring.\n\n * CVE-2013-2921: Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain callback processing during the reporting of a resource entry.\n\n * CVE-2013-2922: Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that operates on a TEMPLATE element.\n\n * CVE-2013-2923: Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.\n\n * CVE-2013-2924: Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.\n\n * CVE-2013-2925: Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conflicting uses of the same XMLHttpRequest object.\n\n * CVE-2013-2926: Use-after-free vulnerability in the IndentOutdentCommand::tryIndentingAsListItem function in core/editing/IndentOutdentCommand.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to list elements.\n\n * CVE-2013-2927: Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements.\n\n * CVE-2013-2928: Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2013-11-13"
},
"Updated": {
"Date": "2013-11-13"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2013-2906",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2906",
"Impact": "Low",
"Public": "20131002"
},
{
"ID": "CVE-2013-2907",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2907",
"Impact": "Low",
"Public": "20131002"
},
{
"ID": "CVE-2013-2908",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2908",
"Impact": "Low",
"Public": "20131002"
},
{
"ID": "CVE-2013-2909",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2909",
"Impact": "High",
"Public": "20131002"
},
{
"ID": "CVE-2013-2910",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2910",
"Impact": "High",
"Public": "20131002"
},
{
"ID": "CVE-2013-2911",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2911",
"Impact": "Low",
"Public": "20131002"
},
{
"ID": "CVE-2013-2912",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2912",
"Impact": "High",
"Public": "20131002"
},
{
"ID": "CVE-2013-2913",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2913",
"Impact": "Low",
"Public": "20131002"
},
{
"ID": "CVE-2013-2915",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2915",
"Impact": "Low",
"Public": "20131002"
},
{
"ID": "CVE-2013-2916",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2916",
"Impact": "Low",
"Public": "20131002"
},
{
"ID": "CVE-2013-2917",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2917",
"Impact": "Low",
"Public": "20131002"
},
{
"ID": "CVE-2013-2918",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2918",
"Impact": "High",
"Public": "20131002"
},
{
"ID": "CVE-2013-2919",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2919",
"Impact": "High",
"Public": "20131002"
},
{
"ID": "CVE-2013-2920",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2920",
"Impact": "Low",
"Public": "20131002"
},
{
"ID": "CVE-2013-2921",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2921",
"Impact": "Low",
"Public": "20131002"
},
{
"ID": "CVE-2013-2922",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2922",
"Impact": "Low",
"Public": "20131002"
},
{
"ID": "CVE-2013-2923",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2923",
"Impact": "High",
"Public": "20131002"
},
{
"ID": "CVE-2013-2924",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2924",
"Impact": "High",
"Public": "20131002"
},
{
"ID": "CVE-2013-2925",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2925",
"Impact": "Low",
"Public": "20131016"
},
{
"ID": "CVE-2013-2926",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2926",
"Impact": "Low",
"Public": "20131016"
},
{
"ID": "CVE-2013-2927",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2927",
"Impact": "Low",
"Public": "20131016"
},
{
"ID": "CVE-2013-2928",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2928",
"Impact": "High",
"Public": "20131016"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20131102001",
"Comment": "chromium is earlier than 0:30.0.1599.114-alt1.r229842"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20131102002",
"Comment": "chromium-gnome is earlier than 0:30.0.1599.114-alt1.r229842"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20131102003",
"Comment": "chromium-kde is earlier than 0:30.0.1599.114-alt1.r229842"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink