pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a538f1e924
vuln-list-alt/oval/p11/ALT-PU-2016-2321/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

170 lines
7.2 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20162321",
"Version": "oval:org.altlinux.errata:def:20162321",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2016-2321: package `thunderbird` update to version 45.5.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2016-2321",
"RefURL": "https://errata.altlinux.org/ALT-PU-2016-2321",
"Source": "ALTPU"
},
{
"RefID": "CVE-2016-5290",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5290",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5291",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5291",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5296",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5296",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5297",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5297",
"Source": "CVE"
},
{
"RefID": "CVE-2016-9066",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9066",
"Source": "CVE"
},
{
"RefID": "CVE-2016-9074",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9074",
"Source": "CVE"
}
],
"Description": "This update upgrades thunderbird to version 45.5.0-alt1. \nSecurity Fix(es):\n\n * CVE-2016-5290: Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.\n\n * CVE-2016-5291: A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.\n\n * CVE-2016-5296: A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.\n\n * CVE-2016-5297: An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.\n\n * CVE-2016-9066: A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.\n\n * CVE-2016-9074: An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2016-11-21"
},
"Updated": {
"Date": "2016-11-21"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2016-5290",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5290",
"Impact": "Critical",
"Public": "20180611"
},
{
"ID": "CVE-2016-5291",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5291",
"Impact": "Low",
"Public": "20180611"
},
{
"ID": "CVE-2016-5296",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5296",
"Impact": "High",
"Public": "20180611"
},
{
"ID": "CVE-2016-5297",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5297",
"Impact": "Critical",
"Public": "20180611"
},
{
"ID": "CVE-2016-9066",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9066",
"Impact": "High",
"Public": "20180611"
},
{
"ID": "CVE-2016-9074",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9074",
"Impact": "Low",
"Public": "20180611"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20162321001",
"Comment": "rpm-build-thunderbird is earlier than 0:45.5.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20162321002",
"Comment": "thunderbird is earlier than 0:45.5.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20162321003",
"Comment": "thunderbird-devel is earlier than 0:45.5.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20162321004",
"Comment": "thunderbird-enigmail is earlier than 0:45.5.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20162321005",
"Comment": "thunderbird-google-calendar is earlier than 0:45.5.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink