vuln-list-alt/oval/p10/ALT-PU-2016-2152/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20162152",
      "Version": "oval:org.altlinux.errata:def:20162152",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2016-2152: package `firefox` update to version 49.0.2-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p10"
            ],
            "Products": [
              "ALT Server",
              "ALT Virtualization Server",
              "ALT Workstation",
              "ALT Workstation K",
              "ALT Education",
              "Simply Linux",
              "Starterkit"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2016-2152",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2016-2152",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2016-5287",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5287",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2016-5288",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5288",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades firefox to version 49.0.2-alt1. \nSecurity Fix(es):\n\n * CVE-2016-5287: A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox \u003c 49.0.2.\n\n * CVE-2016-5288: Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox \u003c 49.0.2.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Critical",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2016-10-22"
          },
          "Updated": {
            "Date": "2016-10-22"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2016-5287",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5287",
              "Impact": "Critical",
              "Public": "20180611"
            },
            {
              "ID": "CVE-2016-5288",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
              "CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "CWE": "CWE-200",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5288",
              "Impact": "Low",
              "Public": "20180611"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:kworkstation:10",
              "cpe:/o:alt:workstation:10",
              "cpe:/o:alt:server:10",
              "cpe:/o:alt:server-v:10",
              "cpe:/o:alt:education:10",
              "cpe:/o:alt:slinux:10",
              "cpe:/o:alt:starterkit:p10",
              "cpe:/o:alt:kworkstation:10.1",
              "cpe:/o:alt:workstation:10.1",
              "cpe:/o:alt:server:10.1",
              "cpe:/o:alt:server-v:10.1",
              "cpe:/o:alt:education:10.1",
              "cpe:/o:alt:slinux:10.1",
              "cpe:/o:alt:starterkit:10.1",
              "cpe:/o:alt:kworkstation:10.2",
              "cpe:/o:alt:workstation:10.2",
              "cpe:/o:alt:server:10.2",
              "cpe:/o:alt:server-v:10.2",
              "cpe:/o:alt:education:10.2",
              "cpe:/o:alt:slinux:10.2",
              "cpe:/o:alt:starterkit:10.2"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:2001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20162152001",
                "Comment": "firefox is earlier than 0:49.0.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20162152002",
                "Comment": "rpm-build-firefox is earlier than 0:49.0.2-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}