pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2023-1895/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

310 lines
15 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20231895",
"Version": "oval:org.altlinux.errata:def:20231895",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-1895: package `thunderbird` update to version 102.11.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit",
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-1895",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-1895",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-02803",
"RefURL": "https://bdu.fstec.ru/vul/2023-02803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02804",
"RefURL": "https://bdu.fstec.ru/vul/2023-02804",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02805",
"RefURL": "https://bdu.fstec.ru/vul/2023-02805",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02806",
"RefURL": "https://bdu.fstec.ru/vul/2023-02806",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02809",
"RefURL": "https://bdu.fstec.ru/vul/2023-02809",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02810",
"RefURL": "https://bdu.fstec.ru/vul/2023-02810",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02813",
"RefURL": "https://bdu.fstec.ru/vul/2023-02813",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02814",
"RefURL": "https://bdu.fstec.ru/vul/2023-02814",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32205",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32205",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32206",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32206",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32207",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32207",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32211",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32211",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32212",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32212",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32213",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32213",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32214",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32214",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32215",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32215",
"Source": "CVE"
}
],
"Description": "This update upgrades thunderbird to version 102.11.0-alt1. \nSecurity Fix(es):\n\n * BDU:2023-02803: Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-02804: Уязвимость браузеров Firefox и Firefox ESR, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю выполнить спуфинговую атаку\n\n * BDU:2023-02805: Уязвимость функции FileReader::DoReadData() браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код в целевой системе\n\n * BDU:2023-02806: Уязвимость браузеров Firefox и Firefox ESR, связанная с ошибками смешения типов данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-02809: Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю выполнить спуфинговую атаку\n\n * BDU:2023-02810: Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, существующая из-за некорректной работы обработчиков ms-cxh и ms-cxh-ful, позволяющая нарушителю вызвать аварийное завершение работы приложения\n\n * BDU:2023-02813: Уязвимость драйвера RLBox Expat браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать аварийное завершение работы приложения\n\n * BDU:2023-02814: Уязвимость браузеров Firefox и Firefox ESR, существующая из-за отсутствия задержки всплывающих уведомлений, позволяющая нарушителю получить несанкционированный доступ к определенным функциям браузера\n\n * CVE-2023-32205: In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox \u003c 113, Firefox ESR \u003c 102.11, and Thunderbird \u003c 102.11.\n\n * CVE-2023-32206: An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox \u003c 113, Firefox ESR \u003c 102.11, and Thunderbird \u003c 102.11.\n\n * CVE-2023-32207: A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox \u003c 113, Firefox ESR \u003c 102.11, and Thunderbird \u003c 102.11.\n\n * CVE-2023-32211: A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox \u003c 113, Firefox ESR \u003c 102.11, and Thunderbird \u003c 102.11.\n\n * CVE-2023-32212: An attacker could have positioned a \u003ccode\u003edatalist\u003c/code\u003e element to obscure the address bar. This vulnerability affects Firefox \u003c 113, Firefox ESR \u003c 102.11, and Thunderbird \u003c 102.11.\n\n * CVE-2023-32213: When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox \u003c 113, Firefox ESR \u003c 102.11, and Thunderbird \u003c 102.11.\n\n * CVE-2023-32214: Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service.\n*Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox \u003c 113, Firefox ESR \u003c 102.11, and Thunderbird \u003c 102.11.\n\n * CVE-2023-32215: Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 113, Firefox ESR \u003c 102.11, and Thunderbird \u003c 102.11.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-05-26"
},
"Updated": {
"Date": "2023-05-26"
},
"BDUs": [
{
"ID": "BDU:2023-02803",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2023-02803",
"Impact": "Low",
"Public": "20230509"
},
{
"ID": "BDU:2023-02804",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"CWE": "CWE-451",
"Href": "https://bdu.fstec.ru/vul/2023-02804",
"Impact": "Low",
"Public": "20230509"
},
{
"ID": "BDU:2023-02805",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2023-02805",
"Impact": "Low",
"Public": "20230509"
},
{
"ID": "BDU:2023-02806",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"CWE": "CWE-843",
"Href": "https://bdu.fstec.ru/vul/2023-02806",
"Impact": "Low",
"Public": "20230509"
},
{
"ID": "BDU:2023-02809",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "CWE-451",
"Href": "https://bdu.fstec.ru/vul/2023-02809",
"Impact": "Low",
"Public": "20230509"
},
{
"ID": "BDU:2023-02810",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"CWE": "CWE-939",
"Href": "https://bdu.fstec.ru/vul/2023-02810",
"Impact": "Low",
"Public": "20230509"
},
{
"ID": "BDU:2023-02813",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2023-02813",
"Impact": "Low",
"Public": "20230509"
},
{
"ID": "BDU:2023-02814",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "CWE-254, CWE-275",
"Href": "https://bdu.fstec.ru/vul/2023-02814",
"Impact": "Low",
"Public": "20230509"
}
],
"CVEs": [
{
"ID": "CVE-2023-32205",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32205",
"Impact": "Low",
"Public": "20230602"
},
{
"ID": "CVE-2023-32206",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32206",
"Impact": "Low",
"Public": "20230602"
},
{
"ID": "CVE-2023-32207",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-290",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32207",
"Impact": "High",
"Public": "20230602"
},
{
"ID": "CVE-2023-32211",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32211",
"Impact": "Low",
"Public": "20230602"
},
{
"ID": "CVE-2023-32212",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32212",
"Impact": "Low",
"Public": "20230602"
},
{
"ID": "CVE-2023-32213",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-908",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32213",
"Impact": "High",
"Public": "20230602"
},
{
"ID": "CVE-2023-32214",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32214",
"Impact": "High",
"Public": "20230619"
},
{
"ID": "CVE-2023-32215",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32215",
"Impact": "High",
"Public": "20230602"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:container:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20231895001",
"Comment": "rpm-build-thunderbird is earlier than 0:102.11.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231895002",
"Comment": "thunderbird is earlier than 0:102.11.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231895003",
"Comment": "thunderbird-wayland is earlier than 0:102.11.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink