pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b1153fc0bf
vuln-list-alt/oval/p9/ALT-PU-2015-1899/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

365 lines
17 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20151899",
"Version": "oval:org.altlinux.errata:def:20151899",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2015-1899: package `chromium` update to version 46.0.2490.71-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2015-1899",
"RefURL": "https://errata.altlinux.org/ALT-PU-2015-1899",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-11759",
"RefURL": "https://bdu.fstec.ru/vul/2015-11759",
"Source": "BDU"
},
{
"RefID": "BDU:2015-11760",
"RefURL": "https://bdu.fstec.ru/vul/2015-11760",
"Source": "BDU"
},
{
"RefID": "BDU:2015-11761",
"RefURL": "https://bdu.fstec.ru/vul/2015-11761",
"Source": "BDU"
},
{
"RefID": "BDU:2015-11762",
"RefURL": "https://bdu.fstec.ru/vul/2015-11762",
"Source": "BDU"
},
{
"RefID": "BDU:2015-11763",
"RefURL": "https://bdu.fstec.ru/vul/2015-11763",
"Source": "BDU"
},
{
"RefID": "BDU:2015-11764",
"RefURL": "https://bdu.fstec.ru/vul/2015-11764",
"Source": "BDU"
},
{
"RefID": "BDU:2015-11765",
"RefURL": "https://bdu.fstec.ru/vul/2015-11765",
"Source": "BDU"
},
{
"RefID": "BDU:2015-11766",
"RefURL": "https://bdu.fstec.ru/vul/2015-11766",
"Source": "BDU"
},
{
"RefID": "BDU:2015-11767",
"RefURL": "https://bdu.fstec.ru/vul/2015-11767",
"Source": "BDU"
},
{
"RefID": "BDU:2015-11799",
"RefURL": "https://bdu.fstec.ru/vul/2015-11799",
"Source": "BDU"
},
{
"RefID": "CVE-2015-6755",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-6755",
"Source": "CVE"
},
{
"RefID": "CVE-2015-6756",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-6756",
"Source": "CVE"
},
{
"RefID": "CVE-2015-6757",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-6757",
"Source": "CVE"
},
{
"RefID": "CVE-2015-6758",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-6758",
"Source": "CVE"
},
{
"RefID": "CVE-2015-6759",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-6759",
"Source": "CVE"
},
{
"RefID": "CVE-2015-6760",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-6760",
"Source": "CVE"
},
{
"RefID": "CVE-2015-6761",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-6761",
"Source": "CVE"
},
{
"RefID": "CVE-2015-6762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-6762",
"Source": "CVE"
},
{
"RefID": "CVE-2015-6763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-6763",
"Source": "CVE"
},
{
"RefID": "CVE-2015-7834",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-7834",
"Source": "CVE"
}
],
"Description": "This update upgrades chromium to version 46.0.2490.71-alt1. \nSecurity Fix(es):\n\n * BDU:2015-11759: Уязвимость браузера Google Chrome, позволяющая нарушителю обойти существующие политики ограничения доступа\n\n * BDU:2015-11760: Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2015-11761: Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2015-11762: Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2015-11763: Уязвимость браузера Google Chrome, позволяющая нарушителю получить доступ к защищаемой информации\n\n * BDU:2015-11764: Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2015-11765: Уязвимость мультимедийной библиотеки FFmpeg браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2015-11766: Уязвимость браузера Google Chrome, позволяющая нарушителю обойти существующие политики ограничения доступа\n\n * BDU:2015-11767: Уязвимости браузера Google Chrome, позволяющие нарушителю вызвать отказ в обслуживании\n\n * BDU:2015-11799: Уязвимости браузера Google Chrome, позволяющие нарушителю вызвать отказ в обслуживании\n\n * CVE-2015-6755: The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.\n\n * CVE-2015-6756: Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging mishandling of a focused annotation in a PDF document.\n\n * CVE-2015-6757: Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging object destruction in a callback.\n\n * CVE-2015-6758: The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.\n\n * CVE-2015-6759: The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors involving a blob: URL.\n\n * CVE-2015-6760: The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device.\n\n * CVE-2015-6761: The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file.\n\n * CVE-2015-6762: The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows remote web servers to bypass the Same Origin Policy via a redirect.\n\n * CVE-2015-6763: Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.\n\n * CVE-2015-7834: Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2015-10-21"
},
"Updated": {
"Date": "2015-10-21"
},
"BDUs": [
{
"ID": "BDU:2015-11759",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2015-11759",
"Impact": "High",
"Public": "20151015"
},
{
"ID": "BDU:2015-11760",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2015-11760",
"Impact": "Low",
"Public": "20151015"
},
{
"ID": "BDU:2015-11761",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2015-11761",
"Impact": "High",
"Public": "20151015"
},
{
"ID": "BDU:2015-11762",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2015-11762",
"Impact": "Low",
"Public": "20151015"
},
{
"ID": "BDU:2015-11763",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2015-11763",
"Impact": "Low",
"Public": "20151015"
},
{
"ID": "BDU:2015-11764",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2015-11764",
"Impact": "High",
"Public": "20151015"
},
{
"ID": "BDU:2015-11765",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-362",
"Href": "https://bdu.fstec.ru/vul/2015-11765",
"Impact": "Low",
"Public": "20151015"
},
{
"ID": "BDU:2015-11766",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-254",
"Href": "https://bdu.fstec.ru/vul/2015-11766",
"Impact": "High",
"Public": "20151015"
},
{
"ID": "BDU:2015-11767",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2015-11767",
"Impact": "High",
"Public": "20151015"
},
{
"ID": "BDU:2015-11799",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2015-11799",
"Impact": "High",
"Public": "20151015"
}
],
"CVEs": [
{
"ID": "CVE-2015-6755",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-6755",
"Impact": "High",
"Public": "20151015"
},
{
"ID": "CVE-2015-6756",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-6756",
"Impact": "Low",
"Public": "20151015"
},
{
"ID": "CVE-2015-6757",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-6757",
"Impact": "High",
"Public": "20151015"
},
{
"ID": "CVE-2015-6758",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-17",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-6758",
"Impact": "Low",
"Public": "20151015"
},
{
"ID": "CVE-2015-6759",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-6759",
"Impact": "Low",
"Public": "20151015"
},
{
"ID": "CVE-2015-6760",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-17",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-6760",
"Impact": "High",
"Public": "20151015"
},
{
"ID": "CVE-2015-6761",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-6761",
"Impact": "Low",
"Public": "20151015"
},
{
"ID": "CVE-2015-6762",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-254",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-6762",
"Impact": "High",
"Public": "20151015"
},
{
"ID": "CVE-2015-6763",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-6763",
"Impact": "High",
"Public": "20151015"
},
{
"ID": "CVE-2015-7834",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-7834",
"Impact": "High",
"Public": "20151015"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20151899001",
"Comment": "chromium is earlier than 0:46.0.2490.71-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151899002",
"Comment": "chromium-gnome is earlier than 0:46.0.2490.71-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151899003",
"Comment": "chromium-kde is earlier than 0:46.0.2490.71-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink