pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2017-2600/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

443 lines
21 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20172600",
"Version": "oval:org.altlinux.errata:def:20172600",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2017-2600: package `chromium` update to version 62.0.3202.75-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2017-2600",
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-2600",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-05256",
"RefURL": "https://bdu.fstec.ru/vul/2021-05256",
"Source": "BDU"
},
{
"RefID": "CVE-2017-15386",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15386",
"Source": "CVE"
},
{
"RefID": "CVE-2017-15387",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15387",
"Source": "CVE"
},
{
"RefID": "CVE-2017-15388",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15388",
"Source": "CVE"
},
{
"RefID": "CVE-2017-15389",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15389",
"Source": "CVE"
},
{
"RefID": "CVE-2017-15390",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15390",
"Source": "CVE"
},
{
"RefID": "CVE-2017-15391",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15391",
"Source": "CVE"
},
{
"RefID": "CVE-2017-15392",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15392",
"Source": "CVE"
},
{
"RefID": "CVE-2017-15393",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15393",
"Source": "CVE"
},
{
"RefID": "CVE-2017-15394",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15394",
"Source": "CVE"
},
{
"RefID": "CVE-2017-15395",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15395",
"Source": "CVE"
},
{
"RefID": "CVE-2017-15396",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15396",
"Source": "CVE"
},
{
"RefID": "CVE-2017-15401",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15401",
"Source": "CVE"
},
{
"RefID": "CVE-2017-15404",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15404",
"Source": "CVE"
},
{
"RefID": "CVE-2017-15405",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15405",
"Source": "CVE"
},
{
"RefID": "CVE-2017-15406",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15406",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5124",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5124",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5125",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5125",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5126",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5126",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5127",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5127",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5128",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5128",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5129",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5129",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5130",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5130",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5131",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5131",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5132",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5132",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5133",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5133",
"Source": "CVE"
}
],
"Description": "This update upgrades chromium to version 62.0.3202.75-alt1. \nSecurity Fix(es):\n\n * BDU:2021-05256: Уязвимость компонента xmlmemory.c программного обеспечения для анализа XML-документов libxml2, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2017-15386: Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n\n * CVE-2017-15387: Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.\n\n * CVE-2017-15388: Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.\n\n * CVE-2017-15389: An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n\n * CVE-2017-15390: Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.\n\n * CVE-2017-15391: Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.\n\n * CVE-2017-15392: Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.\n\n * CVE-2017-15393: Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.\n\n * CVE-2017-15394: Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.\n\n * CVE-2017-15395: A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.\n\n * CVE-2017-15396: A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2017-15401: A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebAssembly in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.\n\n * CVE-2017-15404: An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted HTML page.\n\n * CVE-2017-15405: Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in cryptohomed in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.\n\n * CVE-2017-15406: A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.\n\n * CVE-2017-5124: Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.\n\n * CVE-2017-5125: Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2017-5126: A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.\n\n * CVE-2017-5127: Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.\n\n * CVE-2017-5128: Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.\n\n * CVE-2017-5129: A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.\n\n * CVE-2017-5130: An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.\n\n * CVE-2017-5131: An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.\n\n * CVE-2017-5132: Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.\n\n * CVE-2017-5133: Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2017-11-08"
},
"Updated": {
"Date": "2017-11-08"
},
"BDUs": [
{
"ID": "BDU:2021-05256",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-05256",
"Impact": "High",
"Public": "20171028"
}
],
"CVEs": [
{
"ID": "CVE-2017-15386",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15386",
"Impact": "Low",
"Public": "20180207"
},
{
"ID": "CVE-2017-15387",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15387",
"Impact": "High",
"Public": "20180207"
},
{
"ID": "CVE-2017-15388",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15388",
"Impact": "High",
"Public": "20180207"
},
{
"ID": "CVE-2017-15389",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15389",
"Impact": "Low",
"Public": "20180207"
},
{
"ID": "CVE-2017-15390",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15390",
"Impact": "Low",
"Public": "20180207"
},
{
"ID": "CVE-2017-15391",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15391",
"Impact": "Low",
"Public": "20180207"
},
{
"ID": "CVE-2017-15392",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15392",
"Impact": "Low",
"Public": "20180207"
},
{
"ID": "CVE-2017-15393",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-668",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15393",
"Impact": "High",
"Public": "20180207"
},
{
"ID": "CVE-2017-15394",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15394",
"Impact": "Low",
"Public": "20180207"
},
{
"ID": "CVE-2017-15395",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15395",
"Impact": "Low",
"Public": "20180207"
},
{
"ID": "CVE-2017-15396",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15396",
"Impact": "Low",
"Public": "20180828"
},
{
"ID": "CVE-2017-15401",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15401",
"Impact": "High",
"Public": "20190109"
},
{
"ID": "CVE-2017-15404",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-367",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15404",
"Impact": "High",
"Public": "20190109"
},
{
"ID": "CVE-2017-15405",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15405",
"Impact": "High",
"Public": "20190109"
},
{
"ID": "CVE-2017-15406",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15406",
"Impact": "High",
"Public": "20180828"
},
{
"ID": "CVE-2017-5124",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5124",
"Impact": "Low",
"Public": "20180207"
},
{
"ID": "CVE-2017-5125",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5125",
"Impact": "High",
"Public": "20180207"
},
{
"ID": "CVE-2017-5126",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5126",
"Impact": "High",
"Public": "20180207"
},
{
"ID": "CVE-2017-5127",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5127",
"Impact": "High",
"Public": "20180207"
},
{
"ID": "CVE-2017-5128",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5128",
"Impact": "High",
"Public": "20180207"
},
{
"ID": "CVE-2017-5129",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5129",
"Impact": "High",
"Public": "20180207"
},
{
"ID": "CVE-2017-5130",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5130",
"Impact": "High",
"Public": "20180207"
},
{
"ID": "CVE-2017-5131",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5131",
"Impact": "High",
"Public": "20180207"
},
{
"ID": "CVE-2017-5132",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5132",
"Impact": "High",
"Public": "20180207"
},
{
"ID": "CVE-2017-5133",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5133",
"Impact": "High",
"Public": "20180207"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20172600001",
"Comment": "chromium is earlier than 0:62.0.3202.75-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172600002",
"Comment": "chromium-gnome is earlier than 0:62.0.3202.75-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172600003",
"Comment": "chromium-kde is earlier than 0:62.0.3202.75-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink