pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2020-1129/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

287 lines
13 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20201129",
"Version": "oval:org.altlinux.errata:def:20201129",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-1129: package `chromium` update to version 79.0.3945.130-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-1129",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-1129",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-01442",
"RefURL": "https://bdu.fstec.ru/vul/2020-01442",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01443",
"RefURL": "https://bdu.fstec.ru/vul/2020-01443",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01444",
"RefURL": "https://bdu.fstec.ru/vul/2020-01444",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01445",
"RefURL": "https://bdu.fstec.ru/vul/2020-01445",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01803",
"RefURL": "https://bdu.fstec.ru/vul/2020-01803",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01061",
"RefURL": "https://bdu.fstec.ru/vul/2021-01061",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01062",
"RefURL": "https://bdu.fstec.ru/vul/2021-01062",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01063",
"RefURL": "https://bdu.fstec.ru/vul/2021-01063",
"Source": "BDU"
},
{
"RefID": "CVE-2019-13767",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-13767",
"Source": "CVE"
},
{
"RefID": "CVE-2020-6377",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6377",
"Source": "CVE"
},
{
"RefID": "CVE-2020-6378",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6378",
"Source": "CVE"
},
{
"RefID": "CVE-2020-6379",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6379",
"Source": "CVE"
},
{
"RefID": "CVE-2020-6380",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6380",
"Source": "CVE"
}
],
"Description": "This update upgrades chromium to version 79.0.3945.130-alt1. \nSecurity Fix(es):\n\n * BDU:2020-01442: Уязвимость браузера Google Chrome, связанная с использованием после освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-01443: Уязвимость браузера Google Chrome, связанная с использованием после освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-01444: Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, связанная с использованием памяти после ее освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-01445: Уязвимость браузера Google Chrome, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-01803: Уязвимость механизма подбора музыки браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании и оказать воздействие на целостность данных\n\n * BDU:2021-01061: Уязвимость функции распознавания речи SpeechRecognizerImpl::Abort веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01062: Уязвимость компонента распознавания речи Speech Recognizer веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01063: Уязвимость расширений веб-браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * CVE-2019-13767: Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2020-6377: Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2020-6378: Use after free in speech in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2020-6379: Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2020-6380: Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-02-04"
},
"Updated": {
"Date": "2020-02-04"
},
"BDUs": [
{
"ID": "BDU:2020-01442",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-01442",
"Impact": "High",
"Public": "20191129"
},
{
"ID": "BDU:2020-01443",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-01443",
"Impact": "High",
"Public": "20191129"
},
{
"ID": "BDU:2020-01444",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-01444",
"Impact": "High",
"Public": "20191129"
},
{
"ID": "BDU:2020-01445",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2020-01445",
"Impact": "High",
"Public": "20191129"
},
{
"ID": "BDU:2020-01803",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-01803",
"Impact": "High",
"Public": "20200110"
},
{
"ID": "BDU:2021-01061",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-01061",
"Impact": "High",
"Public": "20191028"
},
{
"ID": "BDU:2021-01062",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-01062",
"Impact": "High",
"Public": "20191212"
},
{
"ID": "BDU:2021-01063",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2021-01063",
"Impact": "High",
"Public": "20191209"
}
],
"CVEs": [
{
"ID": "CVE-2019-13767",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-13767",
"Impact": "High",
"Public": "20200110"
},
{
"ID": "CVE-2020-6377",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6377",
"Impact": "High",
"Public": "20200110"
},
{
"ID": "CVE-2020-6378",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6378",
"Impact": "High",
"Public": "20200211"
},
{
"ID": "CVE-2020-6379",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6379",
"Impact": "High",
"Public": "20200211"
},
{
"ID": "CVE-2020-6380",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-863",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6380",
"Impact": "High",
"Public": "20200211"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20201129001",
"Comment": "chromium is earlier than 0:79.0.3945.130-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201129002",
"Comment": "chromium-gnome is earlier than 0:79.0.3945.130-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201129003",
"Comment": "chromium-kde is earlier than 0:79.0.3945.130-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink