pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b1153fc0bf
vuln-list-alt/oval/p9/ALT-PU-2014-1282/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

364 lines
18 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20141282",
"Version": "oval:org.altlinux.errata:def:20141282",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2014-1282: package `chromium` update to version 33.0.1750.149-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2014-1282",
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-1282",
"Source": "ALTPU"
},
{
"RefID": "CVE-2013-6653",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6653",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6654",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6654",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6655",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6655",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6656",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6656",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6657",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6657",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6658",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6658",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6659",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6659",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6660",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6660",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6661",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6661",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6663",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6663",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6664",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6664",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6665",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6665",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6666",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6666",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6667",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6667",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6668",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6668",
"Source": "CVE"
},
{
"RefID": "CVE-2014-1700",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-1700",
"Source": "CVE"
},
{
"RefID": "CVE-2014-1701",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-1701",
"Source": "CVE"
},
{
"RefID": "CVE-2014-1702",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-1702",
"Source": "CVE"
},
{
"RefID": "CVE-2014-1703",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-1703",
"Source": "CVE"
},
{
"RefID": "CVE-2014-1704",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-1704",
"Source": "CVE"
}
],
"Description": "This update upgrades chromium to version 33.0.1750.149-alt1. \nSecurity Fix(es):\n\n * CVE-2013-6653: Use-after-free vulnerability in the web contents implementation in Google Chrome before 33.0.1750.117 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attempted conflicting access to the color chooser.\n\n * CVE-2013-6654: The SVGAnimateElement::calculateAnimatedValue function in core/svg/SVGAnimateElement.cpp in Blink, as used in Google Chrome before 33.0.1750.117, does not properly handle unexpected data types, which allows remote attackers to cause a denial of service (incorrect cast) or possibly have unspecified other impact via unknown vectors.\n\n * CVE-2013-6655: Use-after-free vulnerability in Blink, as used in Google Chrome before 33.0.1750.117, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper handling of overflowchanged DOM events during interaction between JavaScript and layout.\n\n * CVE-2013-6656: The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, processes POST requests by using the body of a redirecting page instead of the body of a redirect target, which allows remote attackers to obtain sensitive information via unspecified vectors.\n\n * CVE-2013-6657: core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.\n\n * CVE-2013-6658: Multiple use-after-free vulnerabilities in the layout implementation in Blink, as used in Google Chrome before 33.0.1750.117, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving (1) running JavaScript code during execution of the updateWidgetPositions function or (2) making a call into a plugin during execution of the updateWidgetPositions function.\n\n * CVE-2013-6659: The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user's expectations, by initiating a TLS renegotiation.\n\n * CVE-2013-6660: The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does not properly restrict the information in WebDropData data structures, which allows remote attackers to discover full pathnames via a crafted web site.\n\n * CVE-2013-6661: Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.117 allow attackers to bypass the sandbox protection mechanism after obtaining renderer access, or have other impact, via unknown vectors.\n\n * CVE-2013-6663: Use-after-free vulnerability in the SVGImage::setContainerSize function in core/svg/graphics/SVGImage.cpp in the SVG implementation in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the resizing of a view.\n\n * CVE-2013-6664: Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving FORM elements, as demonstrated by use of the speech-recognition feature.\n\n * CVE-2013-6665: Heap-based buffer overflow in the ResourceProvider::InitializeSoftware function in cc/resources/resource_provider.cc in Google Chrome before 33.0.1750.146 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large texture size that triggers improper memory allocation in the software renderer.\n\n * CVE-2013-6666: The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header.\n\n * CVE-2013-6667: Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.146 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.\n\n * CVE-2013-6668: Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.\n\n * CVE-2014-1700: Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of a certain utterance data structure.\n\n * CVE-2014-1701: The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events.\n\n * CVE-2014-1702: Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of scheduled tasks during shutdown of a thread.\n\n * CVE-2014-1703: Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging an incorrect deletion in a certain failure case.\n\n * CVE-2014-1704: Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2014-03-13"
},
"Updated": {
"Date": "2014-03-13"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2013-6653",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6653",
"Impact": "High",
"Public": "20140224"
},
{
"ID": "CVE-2013-6654",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6654",
"Impact": "High",
"Public": "20140224"
},
{
"ID": "CVE-2013-6655",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6655",
"Impact": "High",
"Public": "20140224"
},
{
"ID": "CVE-2013-6656",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6656",
"Impact": "Low",
"Public": "20140224"
},
{
"ID": "CVE-2013-6657",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6657",
"Impact": "Low",
"Public": "20140224"
},
{
"ID": "CVE-2013-6658",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6658",
"Impact": "High",
"Public": "20140224"
},
{
"ID": "CVE-2013-6659",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CWE": "CWE-310",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6659",
"Impact": "Low",
"Public": "20140224"
},
{
"ID": "CVE-2013-6660",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6660",
"Impact": "Low",
"Public": "20140224"
},
{
"ID": "CVE-2013-6661",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6661",
"Impact": "High",
"Public": "20140224"
},
{
"ID": "CVE-2013-6663",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6663",
"Impact": "High",
"Public": "20140305"
},
{
"ID": "CVE-2013-6664",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6664",
"Impact": "High",
"Public": "20140305"
},
{
"ID": "CVE-2013-6665",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6665",
"Impact": "High",
"Public": "20140305"
},
{
"ID": "CVE-2013-6666",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6666",
"Impact": "Low",
"Public": "20140305"
},
{
"ID": "CVE-2013-6667",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6667",
"Impact": "High",
"Public": "20140305"
},
{
"ID": "CVE-2013-6668",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6668",
"Impact": "High",
"Public": "20140305"
},
{
"ID": "CVE-2014-1700",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-1700",
"Impact": "High",
"Public": "20140316"
},
{
"ID": "CVE-2014-1701",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-1701",
"Impact": "Low",
"Public": "20140316"
},
{
"ID": "CVE-2014-1702",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-1702",
"Impact": "High",
"Public": "20140316"
},
{
"ID": "CVE-2014-1703",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-1703",
"Impact": "High",
"Public": "20140316"
},
{
"ID": "CVE-2014-1704",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-1704",
"Impact": "Critical",
"Public": "20140316"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20141282001",
"Comment": "chromium is earlier than 0:33.0.1750.149-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141282002",
"Comment": "chromium-gnome is earlier than 0:33.0.1750.149-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141282003",
"Comment": "chromium-kde is earlier than 0:33.0.1750.149-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink