vuln-list-alt/oval/p9/ALT-PU-2020-3134/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20203134",
      "Version": "oval:org.altlinux.errata:def:20203134",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2020-3134: package `firefox-esr` update to version 78.4.0-alt0.1.p9",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p9"
            ],
            "Products": [
              "ALT Server",
              "ALT Virtualization Server",
              "ALT Workstation",
              "ALT Workstation K",
              "ALT Education",
              "Simply Linux",
              "Starterkit"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2020-3134",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2020-3134",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2021-01486",
            "RefURL": "https://bdu.fstec.ru/vul/2021-01486",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2022-05797",
            "RefURL": "https://bdu.fstec.ru/vul/2022-05797",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2020-15683",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-15683",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2020-15969",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-15969",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades firefox-esr to version 78.4.0-alt0.1.p9. \nSecurity Fix(es):\n\n * BDU:2021-01486: Уязвимость реализации технологии WebRTC программных средств Google Chrome, Firefox, Firefox-ESR и Thunderbird, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-05797: Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с копированием буфера без проверки размера входных данных, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2020-15683: Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.4, Firefox \u003c 82, and Thunderbird \u003c 78.4.\n\n * CVE-2020-15969: Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Critical",
          "Rights": "Copyright 2023 BaseALT Ltd.",
          "Issued": {
            "Date": "2020-10-27"
          },
          "Updated": {
            "Date": "2020-10-27"
          },
          "bdu": [
            {
              "Cvss": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
              "Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "Cwe": "CWE-416",
              "Href": "https://bdu.fstec.ru/vul/2021-01486",
              "Impact": "High",
              "Public": "20201103",
              "CveID": "BDU:2021-01486"
            },
            {
              "Cvss": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
              "Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "Cwe": "CWE-120, CWE-787",
              "Href": "https://bdu.fstec.ru/vul/2022-05797",
              "Impact": "Critical",
              "Public": "20201020",
              "CveID": "BDU:2022-05797"
            }
          ],
          "Cves": [
            {
              "Cvss": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
              "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "Cwe": "CWE-787",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-15683",
              "Impact": "Critical",
              "Public": "20201022",
              "CveID": "CVE-2020-15683"
            },
            {
              "Cvss": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
              "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "Cwe": "CWE-787",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-15969",
              "Impact": "High",
              "Public": "20201103",
              "CveID": "CVE-2020-15969"
            }
          ],
          "AffectedCpeList": {
            "Cpe": [
              "cpe:/o:alt:kworkstation:9",
              "cpe:/o:alt:workstation:9",
              "cpe:/o:alt:server:9",
              "cpe:/o:alt:server-v:9",
              "cpe:/o:alt:education:9",
              "cpe:/o:alt:slinux:9",
              "cpe:/o:alt:starterkit:p9",
              "cpe:/o:alt:kworkstation:9.1",
              "cpe:/o:alt:workstation:9.1",
              "cpe:/o:alt:server:9.1",
              "cpe:/o:alt:server-v:9.1",
              "cpe:/o:alt:education:9.1",
              "cpe:/o:alt:slinux:9.1",
              "cpe:/o:alt:starterkit:9.1",
              "cpe:/o:alt:kworkstation:9.2",
              "cpe:/o:alt:workstation:9.2",
              "cpe:/o:alt:server:9.2",
              "cpe:/o:alt:server-v:9.2",
              "cpe:/o:alt:education:9.2",
              "cpe:/o:alt:slinux:9.2",
              "cpe:/o:alt:starterkit:9.2"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:1001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203134001",
                "Comment": "firefox-esr is earlier than 0:78.4.0-alt0.1.p9"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203134002",
                "Comment": "firefox-esr-config-privacy is earlier than 0:78.4.0-alt0.1.p9"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203134003",
                "Comment": "firefox-esr-wayland is earlier than 0:78.4.0-alt0.1.p9"
              }
            ]
          }
        ]
      }
    }
  ]
}