pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e0dc501afd
vuln-list-alt/oval/p10/ALT-PU-2019-3237/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

311 lines
16 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20193237",
"Version": "oval:org.altlinux.errata:def:20193237",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-3237: package `firefox-esr` update to version 68.3.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-3237",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-3237",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-01389",
"RefURL": "https://bdu.fstec.ru/vul/2020-01389",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01390",
"RefURL": "https://bdu.fstec.ru/vul/2020-01390",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01649",
"RefURL": "https://bdu.fstec.ru/vul/2020-01649",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01675",
"RefURL": "https://bdu.fstec.ru/vul/2020-01675",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01797",
"RefURL": "https://bdu.fstec.ru/vul/2020-01797",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01824",
"RefURL": "https://bdu.fstec.ru/vul/2020-01824",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05929",
"RefURL": "https://bdu.fstec.ru/vul/2022-05929",
"Source": "BDU"
},
{
"RefID": "CVE-2019-11745",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11745",
"Source": "CVE"
},
{
"RefID": "CVE-2019-13722",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-13722",
"Source": "CVE"
},
{
"RefID": "CVE-2019-17005",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-17005",
"Source": "CVE"
},
{
"RefID": "CVE-2019-17008",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-17008",
"Source": "CVE"
},
{
"RefID": "CVE-2019-17009",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-17009",
"Source": "CVE"
},
{
"RefID": "CVE-2019-17010",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-17010",
"Source": "CVE"
},
{
"RefID": "CVE-2019-17011",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-17011",
"Source": "CVE"
},
{
"RefID": "CVE-2019-17012",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-17012",
"Source": "CVE"
}
],
"Description": "This update upgrades firefox-esr to version 68.3.0-alt1. \nSecurity Fix(es):\n\n * BDU:2020-01389: Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с ошибкой извлечения документа из DocShell, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-01390: Уязвимость программного обеспечения Firefox, Firefox ESR, Thunderbird, связанная с копированием буфера без проверки размера входных данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-01649: Уязвимость механизма сериализации веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с отсутствием проверки размера вводимых данных при использовании буфера, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании и оказать воздействие на целостность данных\n\n * BDU:2020-01675: Уязвимость механизма идентификации по отпечатку пальца веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная использование области памяти после её освобождения, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании и оказать воздействие на целостность данных\n\n * BDU:2020-01797: Уязвимость механизма использования nested workers браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с использование области памяти после её освобождения, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании и оказать воздействие на целостность данных\n\n * BDU:2020-01824: Уязвимость браузера Firefox, связанная с записью за границами буфера в памяти, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность\n\n * BDU:2022-05929: Уязвимость службы обновления браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird для Windows, позволяющая нарушителю записать файлы состояний и журнала в незащищенный каталог\n\n * CVE-2019-11745: When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.\n\n * CVE-2019-13722: Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2019-17005: The plain text serializer used a fixed-size array for the number of \u003col\u003e elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.\n\n * CVE-2019-17008: When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.\n\n * CVE-2019-17009: When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.\n\n * CVE-2019-17010: Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.\n\n * CVE-2019-17011: Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.\n\n * CVE-2019-17012: Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-12-05"
},
"Updated": {
"Date": "2019-12-05"
},
"BDUs": [
{
"ID": "BDU:2020-01389",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-01389",
"Impact": "High",
"Public": "20191203"
},
{
"ID": "BDU:2020-01390",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2020-01390",
"Impact": "High",
"Public": "20191203"
},
{
"ID": "BDU:2020-01649",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2020-01649",
"Impact": "High",
"Public": "20191203"
},
{
"ID": "BDU:2020-01675",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-01675",
"Impact": "High",
"Public": "20190903"
},
{
"ID": "BDU:2020-01797",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-01797",
"Impact": "High",
"Public": "20191129"
},
{
"ID": "BDU:2020-01824",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-01824",
"Impact": "High",
"Public": "20190927"
},
{
"ID": "BDU:2022-05929",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-276, CWE-377",
"Href": "https://bdu.fstec.ru/vul/2022-05929",
"Impact": "High",
"Public": "20191203"
}
],
"CVEs": [
{
"ID": "CVE-2019-11745",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11745",
"Impact": "High",
"Public": "20200108"
},
{
"ID": "CVE-2019-13722",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-13722",
"Impact": "Low",
"Public": "20200114"
},
{
"ID": "CVE-2019-17005",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-17005",
"Impact": "High",
"Public": "20200108"
},
{
"ID": "CVE-2019-17008",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-17008",
"Impact": "High",
"Public": "20200108"
},
{
"ID": "CVE-2019-17009",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-17009",
"Impact": "High",
"Public": "20200108"
},
{
"ID": "CVE-2019-17010",
"CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-17010",
"Impact": "High",
"Public": "20200108"
},
{
"ID": "CVE-2019-17011",
"CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-17011",
"Impact": "High",
"Public": "20200108"
},
{
"ID": "CVE-2019-17012",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-17012",
"Impact": "High",
"Public": "20200108"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20193237001",
"Comment": "firefox-esr is earlier than 0:68.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193237002",
"Comment": "firefox-esr-wayland is earlier than 0:68.3.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink