pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
965bfc23c8
vuln-list-alt/oval/c9f2/ALT-PU-2020-2484/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

245 lines
11 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20202484",
"Version": "oval:org.altlinux.errata:def:20202484",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-2484: package `chromium` update to version 84.0.4147.105-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-2484",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-2484",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-01430",
"RefURL": "https://bdu.fstec.ru/vul/2021-01430",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01459",
"RefURL": "https://bdu.fstec.ru/vul/2021-01459",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01460",
"RefURL": "https://bdu.fstec.ru/vul/2021-01460",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01462",
"RefURL": "https://bdu.fstec.ru/vul/2021-01462",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01503",
"RefURL": "https://bdu.fstec.ru/vul/2021-01503",
"Source": "BDU"
},
{
"RefID": "BDU:2022-00069",
"RefURL": "https://bdu.fstec.ru/vul/2022-00069",
"Source": "BDU"
},
{
"RefID": "CVE-2020-6532",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6532",
"Source": "CVE"
},
{
"RefID": "CVE-2020-6537",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6537",
"Source": "CVE"
},
{
"RefID": "CVE-2020-6538",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6538",
"Source": "CVE"
},
{
"RefID": "CVE-2020-6539",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6539",
"Source": "CVE"
},
{
"RefID": "CVE-2020-6540",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6540",
"Source": "CVE"
},
{
"RefID": "CVE-2020-6541",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6541",
"Source": "CVE"
}
],
"Description": "This update upgrades chromium to version 84.0.4147.105-alt1. \nSecurity Fix(es):\n\n * BDU:2021-01430: Уязвимость реализации протокола WebUSB браузера Google Chrome, связанная с использованием области памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-01459: Уязвимость компонента CSS браузера Google Chrome, связанная с использованием области памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-01460: Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, связанная с доступом к данным без контроля типов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-01462: Уязвимость реализации протокола управления передачей потока (SCTP) браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-01503: Уязвимость графической библиотеки Skia браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-00069: Уязвимость компонента для отображения веб-страниц WebView браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * CVE-2020-6532: Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2020-6537: Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.\n\n * CVE-2020-6538: Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page.\n\n * CVE-2020-6539: Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2020-6540: Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2020-6541: Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-07-31"
},
"Updated": {
"Date": "2020-07-31"
},
"BDUs": [
{
"ID": "BDU:2021-01430",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-01430",
"Impact": "High",
"Public": "20200921"
},
{
"ID": "BDU:2021-01459",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-01459",
"Impact": "Low",
"Public": "20200921"
},
{
"ID": "BDU:2021-01460",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-843",
"Href": "https://bdu.fstec.ru/vul/2021-01460",
"Impact": "Low",
"Public": "20200921"
},
{
"ID": "BDU:2021-01462",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-01462",
"Impact": "Low",
"Public": "20200921"
},
{
"ID": "BDU:2021-01503",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-01503",
"Impact": "Low",
"Public": "20200921"
},
{
"ID": "BDU:2022-00069",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-358",
"Href": "https://bdu.fstec.ru/vul/2022-00069",
"Impact": "Low",
"Public": "20200921"
}
],
"CVEs": [
{
"ID": "CVE-2020-6532",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6532",
"Impact": "High",
"Public": "20200921"
},
{
"ID": "CVE-2020-6537",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-843",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6537",
"Impact": "High",
"Public": "20200921"
},
{
"ID": "CVE-2020-6538",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6538",
"Impact": "Low",
"Public": "20200921"
},
{
"ID": "CVE-2020-6539",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6539",
"Impact": "High",
"Public": "20200921"
},
{
"ID": "CVE-2020-6540",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6540",
"Impact": "High",
"Public": "20200921"
},
{
"ID": "CVE-2020-6541",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6541",
"Impact": "High",
"Public": "20200921"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20202484001",
"Comment": "chromium is earlier than 0:84.0.4147.105-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202484002",
"Comment": "chromium-gnome is earlier than 0:84.0.4147.105-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202484003",
"Comment": "chromium-kde is earlier than 0:84.0.4147.105-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink