pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2017-2248/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

232 lines
11 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20172248",
"Version": "oval:org.altlinux.errata:def:20172248",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2017-2248: package `chromium` update to version 61.0.3163.79-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2017-2248",
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-2248",
"Source": "ALTPU"
},
{
"RefID": "CVE-2017-5111",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5111",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5112",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5112",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5113",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5113",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5114",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5114",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5115",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5115",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5116",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5116",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5117",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5117",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5118",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5118",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5119",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5119",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5120",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5120",
"Source": "CVE"
},
{
"RefID": "CVE-2017-7000",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-7000",
"Source": "CVE"
}
],
"Description": "This update upgrades chromium to version 61.0.3163.79-alt1. \nSecurity Fix(es):\n\n * CVE-2017-5111: A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.\n\n * CVE-2017-5112: Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.\n\n * CVE-2017-5113: Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2017-5114: Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.\n\n * CVE-2017-5115: Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.\n\n * CVE-2017-5116: Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.\n\n * CVE-2017-5117: Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.\n\n * CVE-2017-5118: Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.\n\n * CVE-2017-5119: Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.\n\n * CVE-2017-5120: Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial \"www.\" substring).\n\n * CVE-2017-7000: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2017-09-19"
},
"Updated": {
"Date": "2024-06-25"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2017-5111",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5111",
"Impact": "High",
"Public": "20171027"
},
{
"ID": "CVE-2017-5112",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5112",
"Impact": "High",
"Public": "20171027"
},
{
"ID": "CVE-2017-5113",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5113",
"Impact": "High",
"Public": "20171027"
},
{
"ID": "CVE-2017-5114",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5114",
"Impact": "High",
"Public": "20171027"
},
{
"ID": "CVE-2017-5115",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-704",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5115",
"Impact": "High",
"Public": "20171027"
},
{
"ID": "CVE-2017-5116",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-843",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5116",
"Impact": "High",
"Public": "20171027"
},
{
"ID": "CVE-2017-5117",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5117",
"Impact": "Low",
"Public": "20171027"
},
{
"ID": "CVE-2017-5118",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "CWE-732",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5118",
"Impact": "Low",
"Public": "20171027"
},
{
"ID": "CVE-2017-5119",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5119",
"Impact": "Low",
"Public": "20171027"
},
{
"ID": "CVE-2017-5120",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5120",
"Impact": "Low",
"Public": "20171027"
},
{
"ID": "CVE-2017-7000",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-7000",
"Impact": "High",
"Public": "20180403"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20172248001",
"Comment": "chromium is earlier than 0:61.0.3163.79-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172248002",
"Comment": "chromium-gnome is earlier than 0:61.0.3163.79-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172248003",
"Comment": "chromium-kde is earlier than 0:61.0.3163.79-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink