pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2018-2963/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

423 lines
22 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20182963",
"Version": "oval:org.altlinux.errata:def:20182963",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-2963: package `firefox` update to version 64.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-2963",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-2963",
"Source": "ALTPU"
},
{
"RefID": "BDU:2018-01339",
"RefURL": "https://bdu.fstec.ru/vul/2018-01339",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01422",
"RefURL": "https://bdu.fstec.ru/vul/2019-01422",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01423",
"RefURL": "https://bdu.fstec.ru/vul/2019-01423",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01424",
"RefURL": "https://bdu.fstec.ru/vul/2019-01424",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01425",
"RefURL": "https://bdu.fstec.ru/vul/2019-01425",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01426",
"RefURL": "https://bdu.fstec.ru/vul/2019-01426",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00610",
"RefURL": "https://bdu.fstec.ru/vul/2020-00610",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00611",
"RefURL": "https://bdu.fstec.ru/vul/2020-00611",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00782",
"RefURL": "https://bdu.fstec.ru/vul/2020-00782",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00783",
"RefURL": "https://bdu.fstec.ru/vul/2020-00783",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00784",
"RefURL": "https://bdu.fstec.ru/vul/2020-00784",
"Source": "BDU"
},
{
"RefID": "CVE-2018-12405",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-12405",
"Source": "CVE"
},
{
"RefID": "CVE-2018-12406",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-12406",
"Source": "CVE"
},
{
"RefID": "CVE-2018-12407",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-12407",
"Source": "CVE"
},
{
"RefID": "CVE-2018-17466",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-17466",
"Source": "CVE"
},
{
"RefID": "CVE-2018-18492",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18492",
"Source": "CVE"
},
{
"RefID": "CVE-2018-18493",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18493",
"Source": "CVE"
},
{
"RefID": "CVE-2018-18494",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18494",
"Source": "CVE"
},
{
"RefID": "CVE-2018-18495",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18495",
"Source": "CVE"
},
{
"RefID": "CVE-2018-18496",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18496",
"Source": "CVE"
},
{
"RefID": "CVE-2018-18497",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18497",
"Source": "CVE"
},
{
"RefID": "CVE-2018-18498",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18498",
"Source": "CVE"
},
{
"RefID": "CVE-2018-18510",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18510",
"Source": "CVE"
}
],
"Description": "This update upgrades firefox to version 64.0-alt1. \nSecurity Fix(es):\n\n * BDU:2018-01339: Уязвимость библиотеи angle веб-браузера Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-01422: Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-01423: Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с целочисленным переполнением, позволяющая нарушителю осуществить запись за границами буфера в памяти\n\n * BDU:2019-01424: Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с использованием памяти после освобождения, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2019-01425: Уязвимость графической библиотеки Skia веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2019-01426: Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с недостатками механизмов ограничения домена (Same Origin Policy), позволяющая нарушителю перенаправить пользователя на вредоносный сайт\n\n * BDU:2020-00610: Уязвимость компонента WebExtension браузера Firefox, связанная с некорректным ограничением URI, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * BDU:2020-00611: Уязвимость браузера Firefox, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-00782: Уязвимость браузера Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-00783: Уязвимость модуля VertexBuffer11 браузера Firefox, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-00784: Уязвимость компонента WebExtension браузера Firefox, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * CVE-2018-12405: Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.\n\n * CVE-2018-12406: Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 64.\n\n * CVE-2018-12407: A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 64.\n\n * CVE-2018-17466: Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.\n\n * CVE-2018-18492: A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.\n\n * CVE-2018-18493: A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.\n\n * CVE-2018-18494: A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.\n\n * CVE-2018-18495: WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox \u003c 64.\n\n * CVE-2018-18496: When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.*. This vulnerability affects Firefox \u003c 64.\n\n * CVE-2018-18497: Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This vulnerability affects Firefox \u003c 64.\n\n * CVE-2018-18498: A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.\n\n * CVE-2018-18510: The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service (DOS) attack by a malicious site which links to these pages. This vulnerability affects Firefox \u003c 64.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-12-26"
},
"Updated": {
"Date": "2018-12-26"
},
"BDUs": [
{
"ID": "BDU:2018-01339",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2018-01339",
"Impact": "High",
"Public": "20180905"
},
{
"ID": "BDU:2019-01422",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-01422",
"Impact": "Critical",
"Public": "20181211"
},
{
"ID": "BDU:2019-01423",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-01423",
"Impact": "Critical",
"Public": "20181211"
},
{
"ID": "BDU:2019-01424",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2019-01424",
"Impact": "Critical",
"Public": "20181211"
},
{
"ID": "BDU:2019-01425",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-01425",
"Impact": "Critical",
"Public": "20181211"
},
{
"ID": "BDU:2019-01426",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-346",
"Href": "https://bdu.fstec.ru/vul/2019-01426",
"Impact": "Low",
"Public": "20181211"
},
{
"ID": "BDU:2020-00610",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2020-00610",
"Impact": "Low",
"Public": "20190228"
},
{
"ID": "BDU:2020-00611",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2020-00611",
"Impact": "High",
"Public": "20190228"
},
{
"ID": "BDU:2020-00782",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2020-00782",
"Impact": "High",
"Public": "20190228"
},
{
"ID": "BDU:2020-00783",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2020-00783",
"Impact": "Critical",
"Public": "20190228"
},
{
"ID": "BDU:2020-00784",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-275",
"Href": "https://bdu.fstec.ru/vul/2020-00784",
"Impact": "Low",
"Public": "20190228"
}
],
"CVEs": [
{
"ID": "CVE-2018-12405",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-12405",
"Impact": "Critical",
"Public": "20190228"
},
{
"ID": "CVE-2018-12406",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-12406",
"Impact": "High",
"Public": "20190228"
},
{
"ID": "CVE-2018-12407",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-12407",
"Impact": "Critical",
"Public": "20190228"
},
{
"ID": "CVE-2018-17466",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-17466",
"Impact": "High",
"Public": "20181114"
},
{
"ID": "CVE-2018-18492",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18492",
"Impact": "Critical",
"Public": "20190228"
},
{
"ID": "CVE-2018-18493",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18493",
"Impact": "Critical",
"Public": "20190228"
},
{
"ID": "CVE-2018-18494",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-346",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18494",
"Impact": "Low",
"Public": "20190228"
},
{
"ID": "CVE-2018-18495",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-732",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18495",
"Impact": "Low",
"Public": "20190228"
},
{
"ID": "CVE-2018-18496",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-1021",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18496",
"Impact": "High",
"Public": "20190228"
},
{
"ID": "CVE-2018-18497",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18497",
"Impact": "Low",
"Public": "20190228"
},
{
"ID": "CVE-2018-18498",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18498",
"Impact": "Critical",
"Public": "20190228"
},
{
"ID": "CVE-2018-18510",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18510",
"Impact": "Low",
"Public": "20190426"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20182963001",
"Comment": "firefox is earlier than 0:64.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182963002",
"Comment": "rpm-build-firefox is earlier than 0:64.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink