193 lines
8.4 KiB
JSON
193 lines
8.4 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20191937",
|
||
"Version": "oval:org.altlinux.errata:def:20191937",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2019-1937: package `libwebkitgtk4` update to version 2.24.2-alt1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch c9f2"
|
||
],
|
||
"Products": [
|
||
"ALT SPWorkstation",
|
||
"ALT SPServer"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2019-1937",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-1937",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2019-02101",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2019-02101",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2019-02102",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2019-02102",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2019-02103",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2019-02103",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2019-8595",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-8595",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2019-8607",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-8607",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2019-8615",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-8615",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades libwebkitgtk4 to version 2.24.2-alt1. \nSecurity Fix(es):\n\n * BDU:2019-02101: Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-02102: Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю раскрыть содержимое памяти процессов\n\n * BDU:2019-02103: Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2019-8595: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.\n\n * CVE-2019-8607: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory.\n\n * CVE-2019-8615: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "High",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2019-05-30"
|
||
},
|
||
"Updated": {
|
||
"Date": "2019-05-30"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2019-02101",
|
||
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-119",
|
||
"Href": "https://bdu.fstec.ru/vul/2019-02101",
|
||
"Impact": "High",
|
||
"Public": "20190520"
|
||
},
|
||
{
|
||
"ID": "BDU:2019-02102",
|
||
"CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-119",
|
||
"Href": "https://bdu.fstec.ru/vul/2019-02102",
|
||
"Impact": "High",
|
||
"Public": "20190520"
|
||
},
|
||
{
|
||
"ID": "BDU:2019-02103",
|
||
"CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
|
||
"CWE": "CWE-119",
|
||
"Href": "https://bdu.fstec.ru/vul/2019-02103",
|
||
"Impact": "Low",
|
||
"Public": "20190520"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2019-8595",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-787",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-8595",
|
||
"Impact": "High",
|
||
"Public": "20191218"
|
||
},
|
||
{
|
||
"ID": "CVE-2019-8607",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
|
||
"CWE": "CWE-125",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-8607",
|
||
"Impact": "Low",
|
||
"Public": "20191218"
|
||
},
|
||
{
|
||
"ID": "CVE-2019-8615",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
|
||
"CWE": "CWE-125",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-8615",
|
||
"Impact": "Low",
|
||
"Public": "20191218"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:spworkstation:8.4",
|
||
"cpe:/o:alt:spserver:8.4"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191937001",
|
||
"Comment": "jsc4 is earlier than 0:2.24.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191937002",
|
||
"Comment": "libjavascriptcoregtk4 is earlier than 0:2.24.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191937003",
|
||
"Comment": "libjavascriptcoregtk4-devel is earlier than 0:2.24.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191937004",
|
||
"Comment": "libjavascriptcoregtk4-gir is earlier than 0:2.24.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191937005",
|
||
"Comment": "libjavascriptcoregtk4-gir-devel is earlier than 0:2.24.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191937006",
|
||
"Comment": "libwebkit2gtk is earlier than 0:2.24.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191937007",
|
||
"Comment": "libwebkit2gtk-devel is earlier than 0:2.24.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191937008",
|
||
"Comment": "libwebkit2gtk-gir is earlier than 0:2.24.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191937009",
|
||
"Comment": "libwebkit2gtk-gir-devel is earlier than 0:2.24.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191937010",
|
||
"Comment": "webkitgtk-minibrowser is earlier than 0:2.24.2-alt1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |