vuln-list-alt/oval/p11/ALT-PU-2023-1414/definitions.json
2024-12-12 21:07:30 +00:00

142 lines
5.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20231414",
"Version": "oval:org.altlinux.errata:def:20231414",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-1414: package `palemoon` update to version 32.0.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-1414",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-1414",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-01269",
"RefURL": "https://bdu.fstec.ru/vul/2023-01269",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01270",
"RefURL": "https://bdu.fstec.ru/vul/2023-01270",
"Source": "BDU"
},
{
"RefID": "CVE-2023-0767",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-0767",
"Source": "CVE"
},
{
"RefID": "CVE-2023-25733",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-25733",
"Source": "CVE"
},
{
"RefID": "CVE-2023-25739",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-25739",
"Source": "CVE"
}
],
"Description": "This update upgrades palemoon to version 32.0.1-alt1. \nSecurity Fix(es):\n\n * BDU:2023-01269: Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, связанная с использованием памяти после освобождения, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-01270: Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, связанная с неправильным ограничением операций в пределах буфера памяти, позволяющая нарушителю запустить произвольную запись в память\n\n * CVE-2023-0767: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8.\n\n * CVE-2023-25733: The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox \u003c 110.\n\n * CVE-2023-25739: Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in \u003ccode\u003eScriptLoadContext\u003c/code\u003e. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-03-11"
},
"Updated": {
"Date": "2023-03-11"
},
"BDUs": [
{
"ID": "BDU:2023-01269",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2023-01269",
"Impact": "High",
"Public": "20230215"
},
{
"ID": "BDU:2023-01270",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2023-01270",
"Impact": "High",
"Public": "20230215"
}
],
"CVEs": [
{
"ID": "CVE-2023-0767",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-0767",
"Impact": "High",
"Public": "20230602"
},
{
"ID": "CVE-2023-25733",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-252",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-25733",
"Impact": "High",
"Public": "20230619"
},
{
"ID": "CVE-2023-25739",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-25739",
"Impact": "High",
"Public": "20230602"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20231414001",
"Comment": "newmoon is earlier than 2:32.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231414002",
"Comment": "rpm-build-palemoon is earlier than 2:32.0.1-alt1"
}
]
}
]
}
}
]
}