pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2020-1916/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

230 lines
11 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20201916",
"Version": "oval:org.altlinux.errata:def:20201916",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-1916: package `thunderbird` update to version 68.8.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-1916",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-1916",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-03820",
"RefURL": "https://bdu.fstec.ru/vul/2020-03820",
"Source": "BDU"
},
{
"RefID": "BDU:2020-03821",
"RefURL": "https://bdu.fstec.ru/vul/2020-03821",
"Source": "BDU"
},
{
"RefID": "BDU:2020-03849",
"RefURL": "https://bdu.fstec.ru/vul/2020-03849",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01269",
"RefURL": "https://bdu.fstec.ru/vul/2021-01269",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01343",
"RefURL": "https://bdu.fstec.ru/vul/2021-01343",
"Source": "BDU"
},
{
"RefID": "CVE-2020-12387",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-12387",
"Source": "CVE"
},
{
"RefID": "CVE-2020-12392",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-12392",
"Source": "CVE"
},
{
"RefID": "CVE-2020-12395",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-12395",
"Source": "CVE"
},
{
"RefID": "CVE-2020-12397",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-12397",
"Source": "CVE"
},
{
"RefID": "CVE-2020-6831",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6831",
"Source": "CVE"
}
],
"Description": "This update upgrades thunderbird to version 68.8.0-alt1. \nSecurity Fix(es):\n\n * BDU:2020-03820: Уязвимость средства для запуска сценариев Web Worker веб-браузеров Firefox ESR и Firefox и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-03821: Уязвимость веб-браузеров Firefox ESR и Firefox и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-03849: Уязвимость механизма проверки фрагментов SCTP в WebRTC веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-01269: Уязвимость опции «Копировать как cURL» веб-браузеров Firefox ESR, Firefox, почтового клиента Thunderbird, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2021-01343: Уязвимость почтового клиента Thunderbird, связанная с ошибками при обработке символов Unicode в заголовке сообщения, позволяющая нарушителю подделать адрес электронной почты отправителя\n\n * CVE-2020-12387: A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 68.8, Firefox \u003c 76, and Thunderbird \u003c 68.8.0.\n\n * CVE-2020-12392: The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR \u003c 68.8, Firefox \u003c 76, and Thunderbird \u003c 68.8.0.\n\n * CVE-2020-12395: Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 68.8, Firefox \u003c 76, and Thunderbird \u003c 68.8.0.\n\n * CVE-2020-12397: By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird \u003c 68.8.0.\n\n * CVE-2020-6831: A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 68.8, Firefox \u003c 76, and Thunderbird \u003c 68.8.0.\n\n * #38433: Собран без поддержки wayland",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-05-05"
},
"Updated": {
"Date": "2020-05-05"
},
"BDUs": [
{
"ID": "BDU:2020-03820",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-362",
"Href": "https://bdu.fstec.ru/vul/2020-03820",
"Impact": "High",
"Public": "20200526"
},
{
"ID": "BDU:2020-03821",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2020-03821",
"Impact": "Critical",
"Public": "20200526"
},
{
"ID": "BDU:2020-03849",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2020-03849",
"Impact": "Critical",
"Public": "20200526"
},
{
"ID": "BDU:2021-01269",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2021-01269",
"Impact": "Low",
"Public": "20200526"
},
{
"ID": "BDU:2021-01343",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-346",
"Href": "https://bdu.fstec.ru/vul/2021-01343",
"Impact": "Low",
"Public": "20200522"
}
],
"CVEs": [
{
"ID": "CVE-2020-12387",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-12387",
"Impact": "High",
"Public": "20200526"
},
{
"ID": "CVE-2020-12392",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-22",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-12392",
"Impact": "Low",
"Public": "20200526"
},
{
"ID": "CVE-2020-12395",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-12395",
"Impact": "Critical",
"Public": "20200526"
},
{
"ID": "CVE-2020-12397",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "CWE-346",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-12397",
"Impact": "Low",
"Public": "20200522"
},
{
"ID": "CVE-2020-6831",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6831",
"Impact": "Critical",
"Public": "20200526"
}
],
"Bugzilla": [
{
"ID": "38433",
"Href": "https://bugzilla.altlinux.org/38433",
"Data": "Собран без поддержки wayland"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20201916001",
"Comment": "rpm-build-thunderbird is earlier than 0:68.8.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201916002",
"Comment": "thunderbird is earlier than 0:68.8.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201916003",
"Comment": "thunderbird-enigmail is earlier than 0:68.8.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201916004",
"Comment": "thunderbird-wayland is earlier than 0:68.8.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink