102 lines
3.7 KiB
JSON
102 lines
3.7 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20141089",
|
|
"Version": "oval:org.altlinux.errata:def:20141089",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2014-1089: package `adobe-flash-player` update to version 11-alt24",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c9f2"
|
|
],
|
|
"Products": [
|
|
"ALT SPWorkstation",
|
|
"ALT SPServer"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2014-1089",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-1089",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-0491",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0491",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-0492",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0492",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades adobe-flash-player to version 11-alt24. \nSecurity Fix(es):\n\n * CVE-2014-0491: Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK \u0026 Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection mechanisms via unknown vectors.\n\n * CVE-2014-0492: Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK \u0026 Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an \"address leak.\"",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Critical",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2014-01-24"
|
|
},
|
|
"Updated": {
|
|
"Date": "2014-01-24"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2014-0491",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-264",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0491",
|
|
"Impact": "Critical",
|
|
"Public": "20140115"
|
|
},
|
|
{
|
|
"ID": "CVE-2014-0492",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-264",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0492",
|
|
"Impact": "Critical",
|
|
"Public": "20140115"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:8.4",
|
|
"cpe:/o:alt:spserver:8.4"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141089001",
|
|
"Comment": "i586-mozilla-plugin-adobe-flash is earlier than 3:11.2.202.335-alt24"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141089002",
|
|
"Comment": "mozilla-plugin-adobe-flash is earlier than 3:11.2.202.335-alt24"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |