vuln-list-alt/oval/c9f2/ALT-PU-2017-1581/definitions.json
2024-12-12 21:07:30 +00:00

262 lines
11 KiB
JSON

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20171581",
"Version": "oval:org.altlinux.errata:def:20171581",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2017-1581: package `adobe-flash-player-ppapi` update to version 25-alt3.S1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2017-1581",
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-1581",
"Source": "ALTPU"
},
{
"RefID": "BDU:2017-01201",
"RefURL": "https://bdu.fstec.ru/vul/2017-01201",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01202",
"RefURL": "https://bdu.fstec.ru/vul/2017-01202",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01203",
"RefURL": "https://bdu.fstec.ru/vul/2017-01203",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01204",
"RefURL": "https://bdu.fstec.ru/vul/2017-01204",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01205",
"RefURL": "https://bdu.fstec.ru/vul/2017-01205",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01206",
"RefURL": "https://bdu.fstec.ru/vul/2017-01206",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01207",
"RefURL": "https://bdu.fstec.ru/vul/2017-01207",
"Source": "BDU"
},
{
"RefID": "CVE-2017-3068",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3068",
"Source": "CVE"
},
{
"RefID": "CVE-2017-3069",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3069",
"Source": "CVE"
},
{
"RefID": "CVE-2017-3070",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3070",
"Source": "CVE"
},
{
"RefID": "CVE-2017-3071",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3071",
"Source": "CVE"
},
{
"RefID": "CVE-2017-3072",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3072",
"Source": "CVE"
},
{
"RefID": "CVE-2017-3073",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3073",
"Source": "CVE"
},
{
"RefID": "CVE-2017-3074",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3074",
"Source": "CVE"
}
],
"Description": "This update upgrades adobe-flash-player-ppapi to version 25-alt3.S1. \nSecurity Fix(es):\n\n * BDU:2017-01201: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-01202: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-01203: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-01204: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-01205: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-01206: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-01207: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2017-3068: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-3069: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-3070: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-3071: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-3072: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-3073: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-3074: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2017-05-10"
},
"Updated": {
"Date": "2017-05-10"
},
"BDUs": [
{
"ID": "BDU:2017-01201",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-01201",
"Impact": "Critical",
"Public": "20170509"
},
{
"ID": "BDU:2017-01202",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2017-01202",
"Impact": "Critical",
"Public": "20170509"
},
{
"ID": "BDU:2017-01203",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-01203",
"Impact": "Critical",
"Public": "20170509"
},
{
"ID": "BDU:2017-01204",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2017-01204",
"Impact": "Critical",
"Public": "20170509"
},
{
"ID": "BDU:2017-01205",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-01205",
"Impact": "Critical",
"Public": "20170509"
},
{
"ID": "BDU:2017-01206",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-01206",
"Impact": "Critical",
"Public": "20170509"
},
{
"ID": "BDU:2017-01207",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-01207",
"Impact": "Critical",
"Public": "20170509"
}
],
"CVEs": [
{
"ID": "CVE-2017-3068",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3068",
"Impact": "High",
"Public": "20170509"
},
{
"ID": "CVE-2017-3069",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3069",
"Impact": "High",
"Public": "20170509"
},
{
"ID": "CVE-2017-3070",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3070",
"Impact": "High",
"Public": "20170509"
},
{
"ID": "CVE-2017-3071",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3071",
"Impact": "High",
"Public": "20170509"
},
{
"ID": "CVE-2017-3072",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3072",
"Impact": "High",
"Public": "20170509"
},
{
"ID": "CVE-2017-3073",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3073",
"Impact": "High",
"Public": "20170509"
},
{
"ID": "CVE-2017-3074",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3074",
"Impact": "High",
"Public": "20170509"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20171581001",
"Comment": "ppapi-plugin-adobe-flash is earlier than 3:25.0.0.171-alt3.S1"
}
]
}
]
}
}
]
}