243 lines
12 KiB
JSON
243 lines
12 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20181481",
|
||
"Version": "oval:org.altlinux.errata:def:20181481",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2018-1481: package `thunderbird` update to version 52.7.0-alt1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch c9f2"
|
||
],
|
||
"Products": [
|
||
"ALT SPWorkstation",
|
||
"ALT SPServer"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2018-1481",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-1481",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2018-01494",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2018-01494",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-00069",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-00069",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-00375",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-00375",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-00392",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-00392",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2023-01886",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2023-01886",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2018-5125",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5125",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2018-5127",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5127",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2018-5129",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5129",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2018-5144",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5144",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2018-5145",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5145",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2018-5146",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5146",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades thunderbird to version 52.7.0-alt1. \nSecurity Fix(es):\n\n * BDU:2018-01494: Уязвимость мультимедийной библиотеки libvorbis, связанная с выходом за границы при чтении буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании или нарушить конфиденциальность и целостность данных\n\n * BDU:2021-00069: Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c выходом операции за границы буфера в памяти, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность\n\n * BDU:2021-00375: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с отсутствием проверки параметров в IPC-сообщениях, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2021-00392: Уязвимость реализации свойства animatedPathSegList языка разметки SVG браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-01886: Уязвимость браузера Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2018-5125: Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59.\n\n * CVE-2018-5127: A buffer overflow can occur when manipulating the SVG \"animatedPathSegList\" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59.\n\n * CVE-2018-5129: A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59.\n\n * CVE-2018-5144: An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR \u003c 52.7 and Thunderbird \u003c 52.7.\n\n * CVE-2018-5145: Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 52.7 and Thunderbird \u003c 52.7.\n\n * CVE-2018-5146: An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox \u003c 59.0.1, Firefox ESR \u003c 52.7.2, and Thunderbird \u003c 52.7.",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "Critical",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2018-03-25"
|
||
},
|
||
"Updated": {
|
||
"Date": "2018-03-25"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2018-01494",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-787",
|
||
"Href": "https://bdu.fstec.ru/vul/2018-01494",
|
||
"Impact": "High",
|
||
"Public": "20180611"
|
||
},
|
||
{
|
||
"ID": "BDU:2021-00069",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-119",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-00069",
|
||
"Impact": "Critical",
|
||
"Public": "20180611"
|
||
},
|
||
{
|
||
"ID": "BDU:2021-00375",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
|
||
"CWE": "CWE-787",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-00375",
|
||
"Impact": "High",
|
||
"Public": "20180108"
|
||
},
|
||
{
|
||
"ID": "BDU:2021-00392",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-119",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-00392",
|
||
"Impact": "High",
|
||
"Public": "20180115"
|
||
},
|
||
{
|
||
"ID": "BDU:2023-01886",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-119",
|
||
"Href": "https://bdu.fstec.ru/vul/2023-01886",
|
||
"Impact": "Critical",
|
||
"Public": "20180313"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2018-5125",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-119",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5125",
|
||
"Impact": "High",
|
||
"Public": "20180611"
|
||
},
|
||
{
|
||
"ID": "CVE-2018-5127",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-119",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5127",
|
||
"Impact": "High",
|
||
"Public": "20180611"
|
||
},
|
||
{
|
||
"ID": "CVE-2018-5129",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
|
||
"CWE": "CWE-787",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5129",
|
||
"Impact": "High",
|
||
"Public": "20180611"
|
||
},
|
||
{
|
||
"ID": "CVE-2018-5144",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
|
||
"CWE": "CWE-190",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5144",
|
||
"Impact": "High",
|
||
"Public": "20180611"
|
||
},
|
||
{
|
||
"ID": "CVE-2018-5145",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-119",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5145",
|
||
"Impact": "Critical",
|
||
"Public": "20180611"
|
||
},
|
||
{
|
||
"ID": "CVE-2018-5146",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-787",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5146",
|
||
"Impact": "High",
|
||
"Public": "20180611"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:spworkstation:8.4",
|
||
"cpe:/o:alt:spserver:8.4"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181481001",
|
||
"Comment": "rpm-build-thunderbird is earlier than 0:52.7.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181481002",
|
||
"Comment": "thunderbird is earlier than 0:52.7.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181481003",
|
||
"Comment": "thunderbird-devel is earlier than 0:52.7.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181481004",
|
||
"Comment": "thunderbird-enigmail is earlier than 0:52.7.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181481005",
|
||
"Comment": "thunderbird-google-calendar is earlier than 0:52.7.0-alt1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |