pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2021-2690/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

300 lines
13 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20212690",
"Version": "oval:org.altlinux.errata:def:20212690",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-2690: package `chromium` update to version 92.0.4515.159-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-2690",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-2690",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-04238",
"RefURL": "https://bdu.fstec.ru/vul/2021-04238",
"Source": "BDU"
},
{
"RefID": "BDU:2021-04239",
"RefURL": "https://bdu.fstec.ru/vul/2021-04239",
"Source": "BDU"
},
{
"RefID": "BDU:2021-04240",
"RefURL": "https://bdu.fstec.ru/vul/2021-04240",
"Source": "BDU"
},
{
"RefID": "BDU:2021-04241",
"RefURL": "https://bdu.fstec.ru/vul/2021-04241",
"Source": "BDU"
},
{
"RefID": "BDU:2021-04242",
"RefURL": "https://bdu.fstec.ru/vul/2021-04242",
"Source": "BDU"
},
{
"RefID": "BDU:2021-04243",
"RefURL": "https://bdu.fstec.ru/vul/2021-04243",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05181",
"RefURL": "https://bdu.fstec.ru/vul/2021-05181",
"Source": "BDU"
},
{
"RefID": "CVE-2021-30598",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-30598",
"Source": "CVE"
},
{
"RefID": "CVE-2021-30599",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-30599",
"Source": "CVE"
},
{
"RefID": "CVE-2021-30600",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-30600",
"Source": "CVE"
},
{
"RefID": "CVE-2021-30601",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-30601",
"Source": "CVE"
},
{
"RefID": "CVE-2021-30602",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-30602",
"Source": "CVE"
},
{
"RefID": "CVE-2021-30603",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-30603",
"Source": "CVE"
},
{
"RefID": "CVE-2021-30604",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-30604",
"Source": "CVE"
}
],
"Description": "This update upgrades chromium to version 92.0.4515.159-alt2. \nSecurity Fix(es):\n\n * BDU:2021-04238: Уязвимость библиотеки ANGLE браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2021-04239: Уязвимость компонента WebAudio браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2021-04240: Уязвимость компонента Extensions API браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2021-04241: Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2021-04242: Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2021-04243: Уязвимость функции печати браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2021-05181: Уязвимость компонента WebRTC веб-браузера Google Chrome, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2021-30598: Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.\n\n * CVE-2021-30599: Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.\n\n * CVE-2021-30600: Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2021-30601: Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2021-30602: Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2021-30603: Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2021-30604: Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * #40806: Собрать с поддержкой pipewire",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-09-02"
},
"Updated": {
"Date": "2021-09-02"
},
"BDUs": [
{
"ID": "BDU:2021-04238",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-04238",
"Impact": "High",
"Public": "20210730"
},
{
"ID": "BDU:2021-04239",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-362",
"Href": "https://bdu.fstec.ru/vul/2021-04239",
"Impact": "High",
"Public": "20210727"
},
{
"ID": "BDU:2021-04240",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-04240",
"Impact": "High",
"Public": "20210728"
},
{
"ID": "BDU:2021-04241",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-843",
"Href": "https://bdu.fstec.ru/vul/2021-04241",
"Impact": "High",
"Public": "20210730"
},
{
"ID": "BDU:2021-04242",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-843",
"Href": "https://bdu.fstec.ru/vul/2021-04242",
"Impact": "High",
"Public": "20210730"
},
{
"ID": "BDU:2021-04243",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-04243",
"Impact": "High",
"Public": "20210720"
},
{
"ID": "BDU:2021-05181",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-05181",
"Impact": "High",
"Public": "20210719"
}
],
"CVEs": [
{
"ID": "CVE-2021-30598",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-843",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-30598",
"Impact": "High",
"Public": "20210826"
},
{
"ID": "CVE-2021-30599",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-843",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-30599",
"Impact": "High",
"Public": "20210826"
},
{
"ID": "CVE-2021-30600",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-30600",
"Impact": "High",
"Public": "20210826"
},
{
"ID": "CVE-2021-30601",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-30601",
"Impact": "High",
"Public": "20210826"
},
{
"ID": "CVE-2021-30602",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-30602",
"Impact": "High",
"Public": "20210826"
},
{
"ID": "CVE-2021-30603",
"CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-30603",
"Impact": "High",
"Public": "20210826"
},
{
"ID": "CVE-2021-30604",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-30604",
"Impact": "High",
"Public": "20210826"
}
],
"Bugzilla": [
{
"ID": "40806",
"Href": "https://bugzilla.altlinux.org/40806",
"Data": "Собрать с поддержкой pipewire"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20212690001",
"Comment": "chromium is earlier than 0:92.0.4515.159-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink