vuln-list-alt/oval/p9/ALT-PU-2016-1013/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20161013",
      "Version": "oval:org.altlinux.errata:def:20161013",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2016-1013: package `firefox` update to version 43.0.4-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p9"
            ],
            "Products": [
              "ALT Server",
              "ALT Virtualization Server",
              "ALT Workstation",
              "ALT Workstation K",
              "ALT Education",
              "Simply Linux",
              "Starterkit"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2016-1013",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2016-1013",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2016-00136",
            "RefURL": "https://bdu.fstec.ru/vul/2016-00136",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2015-7575",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-7575",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades firefox to version 43.0.4-alt1. \nSecurity Fix(es):\n\n * BDU:2016-00136: Уязвимость программных платформ Jrockit и Java Platform, позволяющая нарушителю получить доступ на чтение данных или модифицировать данные\n\n * CVE-2015-7575: Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2016-01-08"
          },
          "Updated": {
            "Date": "2016-01-08"
          },
          "BDUs": [
            {
              "ID": "BDU:2016-00136",
              "CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
              "CWE": "CWE-17",
              "Href": "https://bdu.fstec.ru/vul/2016-00136",
              "Impact": "Low",
              "Public": "20160119"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2015-7575",
              "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
              "CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "CWE": "CWE-19",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-7575",
              "Impact": "Low",
              "Public": "20160109"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:kworkstation:9",
              "cpe:/o:alt:workstation:9",
              "cpe:/o:alt:server:9",
              "cpe:/o:alt:server-v:9",
              "cpe:/o:alt:education:9",
              "cpe:/o:alt:slinux:9",
              "cpe:/o:alt:starterkit:p9"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:1001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20161013001",
                "Comment": "firefox is earlier than 0:43.0.4-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20161013002",
                "Comment": "rpm-build-firefox is earlier than 0:43.0.4-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}