314 lines
14 KiB
JSON
314 lines
14 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20171727",
|
|
"Version": "oval:org.altlinux.errata:def:20171727",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2017-1727: package `adobe-flash-player-ppapi` update to version 26-alt1.S1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p11"
|
|
],
|
|
"Products": [
|
|
"ALT Container"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2017-1727",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-1727",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-01512",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-01512",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-01513",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-01513",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-01577",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-01577",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-01578",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-01578",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-01579",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-01579",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-01580",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-01580",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-01581",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-01581",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-01582",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-01582",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-01583",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-01583",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-3075",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3075",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-3076",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3076",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-3077",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3077",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-3078",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3078",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-3079",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3079",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-3081",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3081",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-3082",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3082",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-3083",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3083",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-3084",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3084",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades adobe-flash-player-ppapi to version 26-alt1.S1. \nSecurity Fix(es):\n\n * BDU:2017-01512: Уязвимость функционала метаданных программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-01513: Уязвимость SDK-функционала метаданных профиля медиапотока программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-01577: Уязвимость класса LocaleID программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-01578: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-01579: Уязвимость компонента, отвечающего за внутреннее представление растровых данных, программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-01580: Уязвимость модуля Adobe Texture Format (ATF) программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-01581: Уязвимость анализатора PNG изображений программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-01582: Уязвимость модуля MPEG-4 AVC программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-01583: Уязвимость класса ActionsScript 2 XML программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2017-3075: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-3076: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the MPEG-4 AVC module. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-3077: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-3078: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format (ATF) module. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-3079: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the internal representation of raster data. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-3081: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-3082: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the LocaleID class. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-3083: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-3084: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the advertising metadata functionality. Successful exploitation could lead to arbitrary code execution.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Critical",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2017-06-14"
|
|
},
|
|
"Updated": {
|
|
"Date": "2017-06-14"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2017-01512",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-416",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-01512",
|
|
"Impact": "Critical",
|
|
"Public": "20170620"
|
|
},
|
|
{
|
|
"ID": "BDU:2017-01513",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-416",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-01513",
|
|
"Impact": "Critical",
|
|
"Public": "20170620"
|
|
},
|
|
{
|
|
"ID": "BDU:2017-01577",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-01577",
|
|
"Impact": "Critical",
|
|
"Public": "20170620"
|
|
},
|
|
{
|
|
"ID": "BDU:2017-01578",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-416",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-01578",
|
|
"Impact": "Critical",
|
|
"Public": "20170620"
|
|
},
|
|
{
|
|
"ID": "BDU:2017-01579",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-01579",
|
|
"Impact": "Critical",
|
|
"Public": "20170620"
|
|
},
|
|
{
|
|
"ID": "BDU:2017-01580",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-01580",
|
|
"Impact": "Critical",
|
|
"Public": "20170620"
|
|
},
|
|
{
|
|
"ID": "BDU:2017-01581",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-01581",
|
|
"Impact": "Critical",
|
|
"Public": "20170620"
|
|
},
|
|
{
|
|
"ID": "BDU:2017-01582",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-01582",
|
|
"Impact": "Critical",
|
|
"Public": "20170620"
|
|
},
|
|
{
|
|
"ID": "BDU:2017-01583",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-416",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-01583",
|
|
"Impact": "Critical",
|
|
"Public": "20170620"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2017-3075",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-416",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3075",
|
|
"Impact": "Critical",
|
|
"Public": "20170620"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-3076",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3076",
|
|
"Impact": "Critical",
|
|
"Public": "20170620"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-3077",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3077",
|
|
"Impact": "Critical",
|
|
"Public": "20170620"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-3078",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3078",
|
|
"Impact": "Critical",
|
|
"Public": "20170620"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-3079",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3079",
|
|
"Impact": "Critical",
|
|
"Public": "20170620"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-3081",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-416",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3081",
|
|
"Impact": "Critical",
|
|
"Public": "20170620"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-3082",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3082",
|
|
"Impact": "Critical",
|
|
"Public": "20170620"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-3083",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-416",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3083",
|
|
"Impact": "Critical",
|
|
"Public": "20170620"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-3084",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-416",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3084",
|
|
"Impact": "Critical",
|
|
"Public": "20170620"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:container:11"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171727001",
|
|
"Comment": "ppapi-plugin-adobe-flash is earlier than 3:26.0.0.126-alt1.S1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |