pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a538f1e924
vuln-list-alt/oval/p11/ALT-PU-2019-1254/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

191 lines
8.5 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20191254",
"Version": "oval:org.altlinux.errata:def:20191254",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-1254: package `thunderbird` update to version 60.5.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-1254",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-1254",
"Source": "ALTPU"
},
{
"RefID": "BDU:2018-01609",
"RefURL": "https://bdu.fstec.ru/vul/2018-01609",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00013",
"RefURL": "https://bdu.fstec.ru/vul/2019-00013",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01570",
"RefURL": "https://bdu.fstec.ru/vul/2019-01570",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01571",
"RefURL": "https://bdu.fstec.ru/vul/2019-01571",
"Source": "BDU"
},
{
"RefID": "CVE-2018-18335",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18335",
"Source": "CVE"
},
{
"RefID": "CVE-2018-18356",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18356",
"Source": "CVE"
},
{
"RefID": "CVE-2018-18509",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18509",
"Source": "CVE"
},
{
"RefID": "CVE-2019-5785",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5785",
"Source": "CVE"
}
],
"Description": "This update upgrades thunderbird to version 60.5.1-alt1. \nSecurity Fix(es):\n\n * BDU:2018-01609: Уязвимость графической библиотеки Skia браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-00013: Уязвимость графической библиотеки Skia веб-браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2019-01570: Уязвимость механизма проверки сигнатур S/MIME программы для работы с электронной почтой Thunderbird, связанная с неполной проверкой метаданных цифровой подписи, позволяющая нарушителю повторно подписывать письма допустимой цифровой подписью\n\n * BDU:2019-01571: Уязвимость библиотеки Skia используемой веб-браузеров Firefox, Firefox ESR и программы для работы с электронной почтой Thunderbird, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2018-18335: Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2018-18356: An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2018-18509: A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird \u003c 60.5.1.\n\n * CVE-2019-5785: Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-02-16"
},
"Updated": {
"Date": "2019-02-16"
},
"BDUs": [
{
"ID": "BDU:2018-01609",
"CVSS": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-122",
"Href": "https://bdu.fstec.ru/vul/2018-01609",
"Impact": "High",
"Public": "20181205"
},
{
"ID": "BDU:2019-00013",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190, CWE-416",
"Href": "https://bdu.fstec.ru/vul/2019-00013",
"Impact": "High",
"Public": "20180913"
},
{
"ID": "BDU:2019-01570",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-347",
"Href": "https://bdu.fstec.ru/vul/2019-01570",
"Impact": "Low",
"Public": "20190314"
},
{
"ID": "BDU:2019-01571",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-01571",
"Impact": "Low",
"Public": "20190212"
}
],
"CVEs": [
{
"ID": "CVE-2018-18335",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18335",
"Impact": "High",
"Public": "20181211"
},
{
"ID": "CVE-2018-18356",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18356",
"Impact": "High",
"Public": "20181211"
},
{
"ID": "CVE-2018-18509",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-347",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18509",
"Impact": "Low",
"Public": "20190426"
},
{
"ID": "CVE-2019-5785",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5785",
"Impact": "Low",
"Public": "20190627"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20191254001",
"Comment": "rpm-build-thunderbird is earlier than 0:60.5.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191254002",
"Comment": "thunderbird is earlier than 0:60.5.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191254003",
"Comment": "thunderbird-enigmail is earlier than 0:60.5.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink