vuln-list-alt/oval/c9f2/ALT-PU-2021-1968/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20211968",
      "Version": "oval:org.altlinux.errata:def:20211968",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2021-1968: package `thunderbird` update to version 78.11.0-alt0.c9.1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c9f2"
            ],
            "Products": [
              "ALT SPWorkstation",
              "ALT SPServer"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2021-1968",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2021-1968",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2021-02858",
            "RefURL": "https://bdu.fstec.ru/vul/2021-02858",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2021-02898",
            "RefURL": "https://bdu.fstec.ru/vul/2021-02898",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2021-29964",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-29964",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2021-29967",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-29967",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades thunderbird to version 78.11.0-alt0.c9.1. \nSecurity Fix(es):\n\n * BDU:2021-02858: Уязвимость браузера Mozilla Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2021-02898: Уязвимость почтового клиента Mozilla Thunderbird, связанная с чтением за границами буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальной информации\n\n * CVE-2021-29964: A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 78.11, Firefox \u003c 89, and Firefox ESR \u003c 78.11.\n\n * CVE-2021-29967: Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.11, Firefox \u003c 89, and Firefox ESR \u003c 78.11.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2021-06-10"
          },
          "Updated": {
            "Date": "2021-06-10"
          },
          "BDUs": [
            {
              "ID": "BDU:2021-02858",
              "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
              "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "CWE": "CWE-119",
              "Href": "https://bdu.fstec.ru/vul/2021-02858",
              "Impact": "High",
              "Public": "20210601"
            },
            {
              "ID": "BDU:2021-02898",
              "CVSS": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
              "CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
              "CWE": "CWE-125",
              "Href": "https://bdu.fstec.ru/vul/2021-02898",
              "Impact": "Low",
              "Public": "20210603"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2021-29964",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
              "CWE": "CWE-125",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-29964",
              "Impact": "High",
              "Public": "20210624"
            },
            {
              "ID": "CVE-2021-29967",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "CWE": "CWE-787",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-29967",
              "Impact": "High",
              "Public": "20210624"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:8.4",
              "cpe:/o:alt:spserver:8.4"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20211968001",
                "Comment": "rpm-build-thunderbird is earlier than 0:78.11.0-alt0.c9.1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20211968002",
                "Comment": "thunderbird is earlier than 0:78.11.0-alt0.c9.1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20211968003",
                "Comment": "thunderbird-wayland is earlier than 0:78.11.0-alt0.c9.1"
              }
            ]
          }
        ]
      }
    }
  ]
}