pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2023-1492/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

241 lines
12 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20231492",
"Version": "oval:org.altlinux.errata:def:20231492",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-1492: package `thunderbird` update to version 102.9.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-1492",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-1492",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-01558",
"RefURL": "https://bdu.fstec.ru/vul/2023-01558",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01560",
"RefURL": "https://bdu.fstec.ru/vul/2023-01560",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01561",
"RefURL": "https://bdu.fstec.ru/vul/2023-01561",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01562",
"RefURL": "https://bdu.fstec.ru/vul/2023-01562",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01563",
"RefURL": "https://bdu.fstec.ru/vul/2023-01563",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01803",
"RefURL": "https://bdu.fstec.ru/vul/2023-01803",
"Source": "BDU"
},
{
"RefID": "CVE-2023-25751",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-25751",
"Source": "CVE"
},
{
"RefID": "CVE-2023-25752",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-25752",
"Source": "CVE"
},
{
"RefID": "CVE-2023-28162",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-28162",
"Source": "CVE"
},
{
"RefID": "CVE-2023-28163",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-28163",
"Source": "CVE"
},
{
"RefID": "CVE-2023-28164",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-28164",
"Source": "CVE"
},
{
"RefID": "CVE-2023-28176",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-28176",
"Source": "CVE"
}
],
"Description": "This update upgrades thunderbird to version 102.9.0-alt1. \nSecurity Fix(es):\n\n * BDU:2023-01558: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2023-01560: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-01561: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с неверным управлением генерацией кода, позволяющая нарушителю вызвать отказ в обслуживании или, возможно, оказать другое воздействие\n\n * BDU:2023-01562: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю проводить спуфинг-атаки\n\n * BDU:2023-01563: Уязвимость интерфейса AudioWorklet браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-01803: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird операционных систем Windows, связанная с недостаточной защитой служебных данных, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации\n\n * CVE-2023-25751: Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox \u003c 111, Firefox ESR \u003c 102.9, and Thunderbird \u003c 102.9.\n\n * CVE-2023-25752: When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox \u003c 111, Firefox ESR \u003c 102.9, and Thunderbird \u003c 102.9.\n\n * CVE-2023-28162: While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox \u003c 111, Firefox ESR \u003c 102.9, and Thunderbird \u003c 102.9.\n\n * CVE-2023-28163: When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. \u003cbr\u003e*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox \u003c 111, Firefox ESR \u003c 102.9, and Thunderbird \u003c 102.9.\n\n * CVE-2023-28164: Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox \u003c 111, Firefox ESR \u003c 102.9, and Thunderbird \u003c 102.9.\n\n * CVE-2023-28176: Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 111, Firefox ESR \u003c 102.9, and Thunderbird \u003c 102.9.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-03-22"
},
"Updated": {
"Date": "2023-03-22"
},
"BDUs": [
{
"ID": "BDU:2023-01558",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2023-01558",
"Impact": "Low",
"Public": "20230314"
},
{
"ID": "BDU:2023-01560",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-01560",
"Impact": "High",
"Public": "20230314"
},
{
"ID": "BDU:2023-01561",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-94",
"Href": "https://bdu.fstec.ru/vul/2023-01561",
"Impact": "High",
"Public": "20230314"
},
{
"ID": "BDU:2023-01562",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-451, CWE-829",
"Href": "https://bdu.fstec.ru/vul/2023-01562",
"Impact": "Low",
"Public": "20230314"
},
{
"ID": "BDU:2023-01563",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
"CWE": "CWE-704",
"Href": "https://bdu.fstec.ru/vul/2023-01563",
"Impact": "High",
"Public": "20230314"
},
{
"ID": "BDU:2023-01803",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2023-01803",
"Impact": "Low",
"Public": "20230314"
}
],
"CVEs": [
{
"ID": "CVE-2023-25751",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-25751",
"Impact": "Low",
"Public": "20230602"
},
{
"ID": "CVE-2023-25752",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-25752",
"Impact": "Low",
"Public": "20230602"
},
{
"ID": "CVE-2023-28162",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-704",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-28162",
"Impact": "High",
"Public": "20230602"
},
{
"ID": "CVE-2023-28163",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-28163",
"Impact": "Low",
"Public": "20230602"
},
{
"ID": "CVE-2023-28164",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-28164",
"Impact": "Low",
"Public": "20230602"
},
{
"ID": "CVE-2023-28176",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-28176",
"Impact": "High",
"Public": "20230602"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20231492001",
"Comment": "rpm-build-thunderbird is earlier than 0:102.9.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231492002",
"Comment": "thunderbird is earlier than 0:102.9.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231492003",
"Comment": "thunderbird-wayland is earlier than 0:102.9.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink