pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2023-2036/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

159 lines
6.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20232036",
"Version": "oval:org.altlinux.errata:def:20232036",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-2036: package `firefox-esr` update to version 102.12.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-2036",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-2036",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03125",
"RefURL": "https://bdu.fstec.ru/vul/2023-03125",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03196",
"RefURL": "https://bdu.fstec.ru/vul/2023-03196",
"Source": "BDU"
},
{
"RefID": "CVE-2023-34414",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34414",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34416",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34416",
"Source": "CVE"
}
],
"Description": "This update upgrades firefox-esr to version 102.12.0-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03125: Уязвимость браузеров Mozilla Firefox и Firefox ESR, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-03196: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с неверным ограничением визуализируемых слоев пользовательского интерфейса, позволяющая нарушителю провести атаку типа clickjacking («захват клика»)\n\n * CVE-2023-34414: The error page for sites with invalid TLS certificates was missing the\nactivation-delay Firefox uses to protect prompts and permission dialogs\nfrom attacks that exploit human response time delays. If a malicious\npage elicited user clicks in precise locations immediately before\nnavigating to a site with a certificate error and made the renderer\nextremely busy at the same time, it could create a gap between when\nthe error page was loaded and when the display actually refreshed.\nWith the right timing the elicited clicks could land in that gap and \nactivate the button that overrides the certificate error for that site. This vulnerability affects Firefox ESR \u003c 102.12, Firefox \u003c 114, and Thunderbird \u003c 102.12.\n\n * CVE-2023-34416: Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 102.12, Firefox \u003c 114, and Thunderbird \u003c 102.12.\n\n",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-06-21"
},
"Updated": {
"Date": "2023-06-21"
},
"BDUs": [
{
"ID": "BDU:2023-03125",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2023-03125",
"Impact": "High",
"Public": "20230606"
},
{
"ID": "BDU:2023-03196",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"CWE": "CWE-451, CWE-1021",
"Href": "https://bdu.fstec.ru/vul/2023-03196",
"Impact": "Low",
"Public": "20230606"
}
],
"CVEs": [
{
"ID": "CVE-2023-34414",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34414",
"Impact": "Low",
"Public": "20230619"
},
{
"ID": "CVE-2023-34416",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34416",
"Impact": "Critical",
"Public": "20230619"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20232036001",
"Comment": "firefox-esr is earlier than 0:102.12.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20232036002",
"Comment": "firefox-esr-config-privacy is earlier than 0:102.12.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20232036003",
"Comment": "firefox-esr-wayland is earlier than 0:102.12.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink