pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b1153fc0bf
vuln-list-alt/oval/c10f1/ALT-PU-2022-3045/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

378 lines
20 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20223045",
"Version": "oval:org.altlinux.errata:def:20223045",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-3045: package `firefox-esr` update to version 102.4.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-3045",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-3045",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-06049",
"RefURL": "https://bdu.fstec.ru/vul/2022-06049",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06198",
"RefURL": "https://bdu.fstec.ru/vul/2022-06198",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06205",
"RefURL": "https://bdu.fstec.ru/vul/2022-06205",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06240",
"RefURL": "https://bdu.fstec.ru/vul/2022-06240",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06252",
"RefURL": "https://bdu.fstec.ru/vul/2022-06252",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06253",
"RefURL": "https://bdu.fstec.ru/vul/2022-06253",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06516",
"RefURL": "https://bdu.fstec.ru/vul/2022-06516",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06517",
"RefURL": "https://bdu.fstec.ru/vul/2022-06517",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06518",
"RefURL": "https://bdu.fstec.ru/vul/2022-06518",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07019",
"RefURL": "https://bdu.fstec.ru/vul/2022-07019",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02783",
"RefURL": "https://bdu.fstec.ru/vul/2023-02783",
"Source": "BDU"
},
{
"RefID": "CVE-2022-3266",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-3266",
"Source": "CVE"
},
{
"RefID": "CVE-2022-40956",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-40956",
"Source": "CVE"
},
{
"RefID": "CVE-2022-40957",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-40957",
"Source": "CVE"
},
{
"RefID": "CVE-2022-40958",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-40958",
"Source": "CVE"
},
{
"RefID": "CVE-2022-40959",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-40959",
"Source": "CVE"
},
{
"RefID": "CVE-2022-40960",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-40960",
"Source": "CVE"
},
{
"RefID": "CVE-2022-40962",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-40962",
"Source": "CVE"
},
{
"RefID": "CVE-2022-42927",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-42927",
"Source": "CVE"
},
{
"RefID": "CVE-2022-42928",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-42928",
"Source": "CVE"
},
{
"RefID": "CVE-2022-42929",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-42929",
"Source": "CVE"
},
{
"RefID": "CVE-2022-42932",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-42932",
"Source": "CVE"
}
],
"Description": "This update upgrades firefox-esr to version 102.4.0-alt1. \nSecurity Fix(es):\n\n * BDU:2022-06049: Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с копированием буфера без проверки размера входных данных, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-06198: Уязвимость реализации конфигурации CSP: base-uri браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю обойти ограничения безопасности\n\n * BDU:2022-06205: Уязвимость реализации технологии WASM браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06240: Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю обойти ограничение безопасного контекста для файлов cookie с префиксом __Host и __Secure и перезаписать эти файлы\n\n * BDU:2022-06252: Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с использованием памяти после ее освобождения, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2022-06253: Уязвимость реализации механизма FeaturePolicy браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю обойти ограничения безопасности\n\n * BDU:2022-06516: Уязвимость функции Window.print() браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06517: Уязвимость компонента Garbage Collector («Сборщик мусора») обработчика JavaScript-сценариев JS Engine браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2022-06518: Уязвимость метода performance.getEntries() браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации\n\n * BDU:2022-07019: Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-02783: Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти в процессе некорректного программного рендеринга видео с кодировкой H.264, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании» (DoS)\n\n * CVE-2022-3266: An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 102.3, Thunderbird \u003c 102.3, and Firefox \u003c 105.\n\n * CVE-2022-40956: When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR \u003c 102.3, Thunderbird \u003c 102.3, and Firefox \u003c 105.\n\n * CVE-2022-40957: Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.\u003cbr\u003e*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR \u003c 102.3, Thunderbird \u003c 102.3, and Firefox \u003c 105.\n\n * CVE-2022-40958: By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR \u003c 102.3, Thunderbird \u003c 102.3, and Firefox \u003c 105.\n\n * CVE-2022-40959: During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR \u003c 102.3, Thunderbird \u003c 102.3, and Firefox \u003c 105.\n\n * CVE-2022-40960: Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 102.3, Thunderbird \u003c 102.3, and Firefox \u003c 105.\n\n * CVE-2022-40962: Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 102.3, Thunderbird \u003c 102.3, and Firefox \u003c 105.\n\n * CVE-2022-42927: A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. This vulnerability affects Firefox \u003c 106, Firefox ESR \u003c 102.4, and Thunderbird \u003c 102.4.\n\n * CVE-2022-42928: Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox \u003c 106, Firefox ESR \u003c 102.4, and Thunderbird \u003c 102.4.\n\n * CVE-2022-42929: If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox \u003c 106, Firefox ESR \u003c 102.4, and Thunderbird \u003c 102.4.\n\n * CVE-2022-42932: Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 106, Firefox ESR \u003c 102.4, and Thunderbird \u003c 102.4.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-11-10"
},
"Updated": {
"Date": "2022-11-10"
},
"BDUs": [
{
"ID": "BDU:2022-06049",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-120",
"Href": "https://bdu.fstec.ru/vul/2022-06049",
"Impact": "High",
"Public": "20220920"
},
{
"ID": "BDU:2022-06198",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-254, CWE-1021",
"Href": "https://bdu.fstec.ru/vul/2022-06198",
"Impact": "Low",
"Public": "20220920"
},
{
"ID": "BDU:2022-06205",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"CWE": "CWE-20, CWE-240",
"Href": "https://bdu.fstec.ru/vul/2022-06205",
"Impact": "Low",
"Public": "20220920"
},
{
"ID": "BDU:2022-06240",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-254, CWE-784",
"Href": "https://bdu.fstec.ru/vul/2022-06240",
"Impact": "Low",
"Public": "20220920"
},
{
"ID": "BDU:2022-06252",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-06252",
"Impact": "High",
"Public": "20220920"
},
{
"ID": "BDU:2022-06253",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-254, CWE-1021",
"Href": "https://bdu.fstec.ru/vul/2022-06253",
"Impact": "High",
"Public": "20220920"
},
{
"ID": "BDU:2022-06516",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H",
"CWE": "CWE-399, CWE-400",
"Href": "https://bdu.fstec.ru/vul/2022-06516",
"Impact": "High",
"Public": "20221018"
},
{
"ID": "BDU:2022-06517",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-120",
"Href": "https://bdu.fstec.ru/vul/2022-06517",
"Impact": "High",
"Public": "20221018"
},
{
"ID": "BDU:2022-06518",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-254, CWE-829",
"Href": "https://bdu.fstec.ru/vul/2022-06518",
"Impact": "High",
"Public": "20221018"
},
{
"ID": "BDU:2022-07019",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-119, CWE-120",
"Href": "https://bdu.fstec.ru/vul/2022-07019",
"Impact": "Low",
"Public": "20221018"
},
{
"ID": "BDU:2023-02783",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2023-02783",
"Impact": "Low",
"Public": "20221222"
}
],
"CVEs": [
{
"ID": "CVE-2022-3266",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-3266",
"Impact": "Low",
"Public": "20221222"
},
{
"ID": "CVE-2022-40956",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-40956",
"Impact": "Low",
"Public": "20221222"
},
{
"ID": "CVE-2022-40957",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-40957",
"Impact": "Low",
"Public": "20221222"
},
{
"ID": "CVE-2022-40958",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"CWE": "CWE-74",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-40958",
"Impact": "Low",
"Public": "20221222"
},
{
"ID": "CVE-2022-40959",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-922",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-40959",
"Impact": "Low",
"Public": "20221222"
},
{
"ID": "CVE-2022-40960",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-40960",
"Impact": "Low",
"Public": "20221222"
},
{
"ID": "CVE-2022-40962",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-40962",
"Impact": "High",
"Public": "20221222"
},
{
"ID": "CVE-2022-42927",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"CWE": "CWE-346",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-42927",
"Impact": "High",
"Public": "20221222"
},
{
"ID": "CVE-2022-42928",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-42928",
"Impact": "High",
"Public": "20221222"
},
{
"ID": "CVE-2022-42929",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-42929",
"Impact": "Low",
"Public": "20221222"
},
{
"ID": "CVE-2022-42932",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-42932",
"Impact": "High",
"Public": "20221222"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20223045001",
"Comment": "firefox-esr is earlier than 0:102.4.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20223045002",
"Comment": "firefox-esr-config-privacy is earlier than 0:102.4.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20223045003",
"Comment": "firefox-esr-wayland is earlier than 0:102.4.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink