pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2022-2910/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

187 lines
8.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20222910",
"Version": "oval:org.altlinux.errata:def:20222910",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-2910: package `thunderbird` update to version 102.4.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-2910",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-2910",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-06516",
"RefURL": "https://bdu.fstec.ru/vul/2022-06516",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06517",
"RefURL": "https://bdu.fstec.ru/vul/2022-06517",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06518",
"RefURL": "https://bdu.fstec.ru/vul/2022-06518",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07019",
"RefURL": "https://bdu.fstec.ru/vul/2022-07019",
"Source": "BDU"
},
{
"RefID": "CVE-2022-42927",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-42927",
"Source": "CVE"
},
{
"RefID": "CVE-2022-42928",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-42928",
"Source": "CVE"
},
{
"RefID": "CVE-2022-42929",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-42929",
"Source": "CVE"
},
{
"RefID": "CVE-2022-42932",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-42932",
"Source": "CVE"
}
],
"Description": "This update upgrades thunderbird to version 102.4.0-alt1. \nSecurity Fix(es):\n\n * BDU:2022-06516: Уязвимость функции Window.print() браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06517: Уязвимость компонента Garbage Collector («Сборщик мусора») обработчика JavaScript-сценариев JS Engine браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2022-06518: Уязвимость метода performance.getEntries() браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации\n\n * BDU:2022-07019: Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2022-42927: A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. This vulnerability affects Firefox \u003c 106, Firefox ESR \u003c 102.4, and Thunderbird \u003c 102.4.\n\n * CVE-2022-42928: Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox \u003c 106, Firefox ESR \u003c 102.4, and Thunderbird \u003c 102.4.\n\n * CVE-2022-42929: If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox \u003c 106, Firefox ESR \u003c 102.4, and Thunderbird \u003c 102.4.\n\n * CVE-2022-42932: Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 106, Firefox ESR \u003c 102.4, and Thunderbird \u003c 102.4.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-10-24"
},
"Updated": {
"Date": "2022-10-24"
},
"BDUs": [
{
"ID": "BDU:2022-06516",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H",
"CWE": "CWE-399, CWE-400",
"Href": "https://bdu.fstec.ru/vul/2022-06516",
"Impact": "High",
"Public": "20221018"
},
{
"ID": "BDU:2022-06517",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-120",
"Href": "https://bdu.fstec.ru/vul/2022-06517",
"Impact": "High",
"Public": "20221018"
},
{
"ID": "BDU:2022-06518",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-254, CWE-829",
"Href": "https://bdu.fstec.ru/vul/2022-06518",
"Impact": "High",
"Public": "20221018"
},
{
"ID": "BDU:2022-07019",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-119, CWE-120",
"Href": "https://bdu.fstec.ru/vul/2022-07019",
"Impact": "Low",
"Public": "20221018"
}
],
"CVEs": [
{
"ID": "CVE-2022-42927",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"CWE": "CWE-346",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-42927",
"Impact": "High",
"Public": "20221222"
},
{
"ID": "CVE-2022-42928",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-42928",
"Impact": "High",
"Public": "20221222"
},
{
"ID": "CVE-2022-42929",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-42929",
"Impact": "Low",
"Public": "20221222"
},
{
"ID": "CVE-2022-42932",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-42932",
"Impact": "High",
"Public": "20221222"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20222910001",
"Comment": "rpm-build-thunderbird is earlier than 0:102.4.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222910002",
"Comment": "thunderbird is earlier than 0:102.4.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222910003",
"Comment": "thunderbird-wayland is earlier than 0:102.4.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink