pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2017-1029/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

452 lines
20 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20171029",
"Version": "oval:org.altlinux.errata:def:20171029",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2017-1029: package `adobe-flash-player-ppapi` update to version 24-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2017-1029",
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-1029",
"Source": "ALTPU"
},
{
"RefID": "BDU:2017-00208",
"RefURL": "https://bdu.fstec.ru/vul/2017-00208",
"Source": "BDU"
},
{
"RefID": "BDU:2017-00209",
"RefURL": "https://bdu.fstec.ru/vul/2017-00209",
"Source": "BDU"
},
{
"RefID": "BDU:2017-00210",
"RefURL": "https://bdu.fstec.ru/vul/2017-00210",
"Source": "BDU"
},
{
"RefID": "BDU:2017-00211",
"RefURL": "https://bdu.fstec.ru/vul/2017-00211",
"Source": "BDU"
},
{
"RefID": "BDU:2017-00212",
"RefURL": "https://bdu.fstec.ru/vul/2017-00212",
"Source": "BDU"
},
{
"RefID": "BDU:2017-00213",
"RefURL": "https://bdu.fstec.ru/vul/2017-00213",
"Source": "BDU"
},
{
"RefID": "BDU:2017-00214",
"RefURL": "https://bdu.fstec.ru/vul/2017-00214",
"Source": "BDU"
},
{
"RefID": "BDU:2017-00215",
"RefURL": "https://bdu.fstec.ru/vul/2017-00215",
"Source": "BDU"
},
{
"RefID": "BDU:2017-00216",
"RefURL": "https://bdu.fstec.ru/vul/2017-00216",
"Source": "BDU"
},
{
"RefID": "BDU:2017-00217",
"RefURL": "https://bdu.fstec.ru/vul/2017-00217",
"Source": "BDU"
},
{
"RefID": "BDU:2017-00218",
"RefURL": "https://bdu.fstec.ru/vul/2017-00218",
"Source": "BDU"
},
{
"RefID": "BDU:2017-00219",
"RefURL": "https://bdu.fstec.ru/vul/2017-00219",
"Source": "BDU"
},
{
"RefID": "BDU:2017-00220",
"RefURL": "https://bdu.fstec.ru/vul/2017-00220",
"Source": "BDU"
},
{
"RefID": "CVE-2017-2925",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2925",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2926",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2926",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2927",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2927",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2928",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2928",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2930",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2930",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2931",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2931",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2932",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2932",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2933",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2933",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2934",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2934",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2935",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2935",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2936",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2936",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2937",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2937",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2938",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2938",
"Source": "CVE"
}
],
"Description": "This update upgrades adobe-flash-player-ppapi to version 24-alt2. \nSecurity Fix(es):\n\n * BDU:2017-00208: Уязвимость программной платформы Flash Player, позволяющая нарушителю обойти механизм защиты\n\n * BDU:2017-00209: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-00210: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-00211: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-00212: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-00213: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-00214: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-00215: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-00216: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-00217: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-00218: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-00219: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-00220: Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2017-2925: Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-2926: Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-2927: Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-2928: Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-2930: Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-2931: Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-2932: Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-2933: Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-2934: Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-2935: Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-2936: Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-2937: Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution.\n\n * CVE-2017-2938: Adobe Flash Player versions 24.0.0.186 and earlier have a security bypass vulnerability related to handling TCP connections.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2017-01-12"
},
"Updated": {
"Date": "2017-01-12"
},
"BDUs": [
{
"ID": "BDU:2017-00208",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-254",
"Href": "https://bdu.fstec.ru/vul/2017-00208",
"Impact": "High",
"Public": "20170111"
},
{
"ID": "BDU:2017-00209",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2017-00209",
"Impact": "Critical",
"Public": "20170111"
},
{
"ID": "BDU:2017-00210",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2017-00210",
"Impact": "Critical",
"Public": "20170111"
},
{
"ID": "BDU:2017-00211",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-00211",
"Impact": "Critical",
"Public": "20170111"
},
{
"ID": "BDU:2017-00212",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-00212",
"Impact": "Critical",
"Public": "20170111"
},
{
"ID": "BDU:2017-00213",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-00213",
"Impact": "Critical",
"Public": "20170111"
},
{
"ID": "BDU:2017-00214",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2017-00214",
"Impact": "Critical",
"Public": "20170111"
},
{
"ID": "BDU:2017-00215",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-00215",
"Impact": "Critical",
"Public": "20170111"
},
{
"ID": "BDU:2017-00216",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-00216",
"Impact": "Critical",
"Public": "20170111"
},
{
"ID": "BDU:2017-00217",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-00217",
"Impact": "Critical",
"Public": "20170111"
},
{
"ID": "BDU:2017-00218",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-00218",
"Impact": "Critical",
"Public": "20170111"
},
{
"ID": "BDU:2017-00219",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-00219",
"Impact": "Critical",
"Public": "20170111"
},
{
"ID": "BDU:2017-00220",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-00220",
"Impact": "Critical",
"Public": "20170111"
}
],
"CVEs": [
{
"ID": "CVE-2017-2925",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2925",
"Impact": "High",
"Public": "20170111"
},
{
"ID": "CVE-2017-2926",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2926",
"Impact": "High",
"Public": "20170111"
},
{
"ID": "CVE-2017-2927",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2927",
"Impact": "High",
"Public": "20170111"
},
{
"ID": "CVE-2017-2928",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2928",
"Impact": "High",
"Public": "20170111"
},
{
"ID": "CVE-2017-2930",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2930",
"Impact": "High",
"Public": "20170111"
},
{
"ID": "CVE-2017-2931",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2931",
"Impact": "High",
"Public": "20170111"
},
{
"ID": "CVE-2017-2932",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2932",
"Impact": "High",
"Public": "20170111"
},
{
"ID": "CVE-2017-2933",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2933",
"Impact": "High",
"Public": "20170111"
},
{
"ID": "CVE-2017-2934",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2934",
"Impact": "High",
"Public": "20170111"
},
{
"ID": "CVE-2017-2935",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2935",
"Impact": "High",
"Public": "20170111"
},
{
"ID": "CVE-2017-2936",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2936",
"Impact": "High",
"Public": "20170111"
},
{
"ID": "CVE-2017-2937",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2937",
"Impact": "High",
"Public": "20170111"
},
{
"ID": "CVE-2017-2938",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2938",
"Impact": "Low",
"Public": "20170111"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20171029001",
"Comment": "i586-ppapi-plugin-adobe-flash is earlier than 3:24.0.0.194-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171029002",
"Comment": "ppapi-plugin-adobe-flash is earlier than 3:24.0.0.194-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink