vuln-list-alt/oval/c9f2/ALT-PU-2014-1482/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20141482",
      "Version": "oval:org.altlinux.errata:def:20141482",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2014-1482: package `adobe-flash-player` update to version 11-alt28",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c9f2"
            ],
            "Products": [
              "ALT SPWorkstation",
              "ALT SPServer"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2014-1482",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2014-1482",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2014-0506",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0506",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2014-0507",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0507",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2014-0508",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0508",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2014-0509",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0509",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades adobe-flash-player to version 11-alt28. \nSecurity Fix(es):\n\n * CVE-2014-0506: Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK \u0026 Compiler before 13.0.0.83 allows remote attackers to execute arbitrary code, and possibly bypass an Internet Explorer sandbox protection mechanism, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.\n\n * CVE-2014-0507: Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK \u0026 Compiler before 13.0.0.83 allows attackers to execute arbitrary code via unspecified vectors.\n\n * CVE-2014-0508: Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK \u0026 Compiler before 13.0.0.83 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.\n\n * CVE-2014-0509: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK \u0026 Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Critical",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2014-04-15"
          },
          "Updated": {
            "Date": "2014-04-15"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2014-0506",
              "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
              "CWE": "CWE-399",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0506",
              "Impact": "Critical",
              "Public": "20140327"
            },
            {
              "ID": "CVE-2014-0507",
              "CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
              "CWE": "CWE-119",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0507",
              "Impact": "Critical",
              "Public": "20140408"
            },
            {
              "ID": "CVE-2014-0508",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
              "CWE": "CWE-264",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0508",
              "Impact": "Low",
              "Public": "20140408"
            },
            {
              "ID": "CVE-2014-0509",
              "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
              "CWE": "CWE-79",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0509",
              "Impact": "Low",
              "Public": "20140408"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:8.4",
              "cpe:/o:alt:spserver:8.4"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20141482001",
                "Comment": "i586-mozilla-plugin-adobe-flash is earlier than 3:11.2.202.350-alt28"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20141482002",
                "Comment": "mozilla-plugin-adobe-flash is earlier than 3:11.2.202.350-alt28"
              }
            ]
          }
        ]
      }
    }
  ]
}