pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c9f2/ALT-PU-2018-1101/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

341 lines
18 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20181101",
"Version": "oval:org.altlinux.errata:def:20181101",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-1101: package `thunderbird` update to version 52.6.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-1101",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-1101",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-00020",
"RefURL": "https://bdu.fstec.ru/vul/2021-00020",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00021",
"RefURL": "https://bdu.fstec.ru/vul/2021-00021",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00022",
"RefURL": "https://bdu.fstec.ru/vul/2021-00022",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00049",
"RefURL": "https://bdu.fstec.ru/vul/2021-00049",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00050",
"RefURL": "https://bdu.fstec.ru/vul/2021-00050",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00066",
"RefURL": "https://bdu.fstec.ru/vul/2021-00066",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00067",
"RefURL": "https://bdu.fstec.ru/vul/2021-00067",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00068",
"RefURL": "https://bdu.fstec.ru/vul/2021-00068",
"Source": "BDU"
},
{
"RefID": "CVE-2018-5089",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5089",
"Source": "CVE"
},
{
"RefID": "CVE-2018-5095",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5095",
"Source": "CVE"
},
{
"RefID": "CVE-2018-5096",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5096",
"Source": "CVE"
},
{
"RefID": "CVE-2018-5097",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5097",
"Source": "CVE"
},
{
"RefID": "CVE-2018-5098",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5098",
"Source": "CVE"
},
{
"RefID": "CVE-2018-5099",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5099",
"Source": "CVE"
},
{
"RefID": "CVE-2018-5102",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5102",
"Source": "CVE"
},
{
"RefID": "CVE-2018-5103",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5103",
"Source": "CVE"
},
{
"RefID": "CVE-2018-5104",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5104",
"Source": "CVE"
},
{
"RefID": "CVE-2018-5117",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5117",
"Source": "CVE"
}
],
"Description": "This update upgrades thunderbird to version 52.6.0-alt1. \nSecurity Fix(es):\n\n * BDU:2021-00020: Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-00021: Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-00022: Уязвимость библиотеки Skia браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-00049: Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием памяти после освобождения при преобразований XSL, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2021-00050: Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2021-00066: Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием после освобождениям при манипулировании медиа-элементами HTML, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность\n\n * BDU:2021-00067: Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c использованием после освобождениям, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность\n\n * BDU:2021-00068: Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная c недостаточной проверкой вводимых данных, позволяющая нарушителю нарушить целостность информации\n\n * CVE-2018-5089: Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.\n\n * CVE-2018-5095: An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.\n\n * CVE-2018-5096: A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 52.6 and Thunderbird \u003c 52.6.\n\n * CVE-2018-5097: A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.\n\n * CVE-2018-5098: A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.\n\n * CVE-2018-5099: A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.\n\n * CVE-2018-5102: A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.\n\n * CVE-2018-5103: A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.\n\n * CVE-2018-5104: A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.\n\n * CVE-2018-5117: If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-01-29"
},
"Updated": {
"Date": "2018-01-29"
},
"BDUs": [
{
"ID": "BDU:2021-00020",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-00020",
"Impact": "Critical",
"Public": "20171113"
},
{
"ID": "BDU:2021-00021",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-00021",
"Impact": "Critical",
"Public": "20170913"
},
{
"ID": "BDU:2021-00022",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190, CWE-908",
"Href": "https://bdu.fstec.ru/vul/2021-00022",
"Impact": "Critical",
"Public": "20171117"
},
{
"ID": "BDU:2021-00049",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-00049",
"Impact": "Critical",
"Public": "20170804"
},
{
"ID": "BDU:2021-00050",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2021-00050",
"Impact": "Critical",
"Public": "20180123"
},
{
"ID": "BDU:2021-00066",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-00066",
"Impact": "Critical",
"Public": "20180611"
},
{
"ID": "BDU:2021-00067",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-00067",
"Impact": "Critical",
"Public": "20180611"
},
{
"ID": "BDU:2021-00068",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2021-00068",
"Impact": "Critical",
"Public": "20180611"
}
],
"CVEs": [
{
"ID": "CVE-2018-5089",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5089",
"Impact": "Critical",
"Public": "20180611"
},
{
"ID": "CVE-2018-5095",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5095",
"Impact": "Critical",
"Public": "20180611"
},
{
"ID": "CVE-2018-5096",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5096",
"Impact": "Critical",
"Public": "20180611"
},
{
"ID": "CVE-2018-5097",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5097",
"Impact": "Critical",
"Public": "20180611"
},
{
"ID": "CVE-2018-5098",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5098",
"Impact": "Critical",
"Public": "20180611"
},
{
"ID": "CVE-2018-5099",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5099",
"Impact": "Critical",
"Public": "20180611"
},
{
"ID": "CVE-2018-5102",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5102",
"Impact": "Critical",
"Public": "20180611"
},
{
"ID": "CVE-2018-5103",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5103",
"Impact": "Critical",
"Public": "20180611"
},
{
"ID": "CVE-2018-5104",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5104",
"Impact": "Critical",
"Public": "20180611"
},
{
"ID": "CVE-2018-5117",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5117",
"Impact": "Low",
"Public": "20180611"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20181101001",
"Comment": "rpm-build-thunderbird is earlier than 0:52.6.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181101002",
"Comment": "thunderbird is earlier than 0:52.6.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181101003",
"Comment": "thunderbird-devel is earlier than 0:52.6.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181101004",
"Comment": "thunderbird-enigmail is earlier than 0:52.6.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181101005",
"Comment": "thunderbird-google-calendar is earlier than 0:52.6.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink