pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a538f1e924
vuln-list-alt/oval/p11/ALT-PU-2019-1269/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

159 lines
6.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20191269",
"Version": "oval:org.altlinux.errata:def:20191269",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-1269: package `firefox` update to version 65.0.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-1269",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-1269",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-00013",
"RefURL": "https://bdu.fstec.ru/vul/2019-00013",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01571",
"RefURL": "https://bdu.fstec.ru/vul/2019-01571",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00759",
"RefURL": "https://bdu.fstec.ru/vul/2020-00759",
"Source": "BDU"
},
{
"RefID": "CVE-2018-18356",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18356",
"Source": "CVE"
},
{
"RefID": "CVE-2018-18511",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18511",
"Source": "CVE"
},
{
"RefID": "CVE-2019-5785",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5785",
"Source": "CVE"
}
],
"Description": "This update upgrades firefox to version 65.0.1-alt1. \nSecurity Fix(es):\n\n * BDU:2019-00013: Уязвимость графической библиотеки Skia веб-браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2019-01571: Уязвимость библиотеки Skia используемой веб-браузеров Firefox, Firefox ESR и программы для работы с электронной почтой Thunderbird, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00759: Уязвимость метода TransferFromImageBitmap почтового клиента Thunderbird и браузеров Firefox и Firefox ESR, связанная с возможностью чтения элемента canvas, игнорируя политику безопасности, позволяющая нарушителю получить несанкционированный доступ к информации\n\n * CVE-2018-18356: An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2018-18511: Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox \u003c 65.0.1.\n\n * CVE-2019-5785: Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-02-19"
},
"Updated": {
"Date": "2019-02-19"
},
"BDUs": [
{
"ID": "BDU:2019-00013",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190, CWE-416",
"Href": "https://bdu.fstec.ru/vul/2019-00013",
"Impact": "High",
"Public": "20180913"
},
{
"ID": "BDU:2019-01571",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-01571",
"Impact": "Low",
"Public": "20190212"
},
{
"ID": "BDU:2020-00759",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2020-00759",
"Impact": "Low",
"Public": "20190426"
}
],
"CVEs": [
{
"ID": "CVE-2018-18356",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18356",
"Impact": "High",
"Public": "20181211"
},
{
"ID": "CVE-2018-18511",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18511",
"Impact": "Low",
"Public": "20190426"
},
{
"ID": "CVE-2019-5785",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5785",
"Impact": "Low",
"Public": "20190627"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20191269001",
"Comment": "firefox is earlier than 0:65.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191269002",
"Comment": "rpm-build-firefox is earlier than 0:65.0.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink