pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
413f0d5bc0
vuln-list-alt/oval/p9/ALT-PU-2021-2382/definitions.json

339 lines
18 KiB
JSON
Raw Normal View History

ALT Vulnerability
2024-04-16 17:26:14 +03:00
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20212382",
"Version": "oval:org.altlinux.errata:def:20212382",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-2382: package `mysql-workbench-community` update to version 8.0.25-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-2382",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-2382",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-02114",
"RefURL": "https://bdu.fstec.ru/vul/2020-02114",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02135",
"RefURL": "https://bdu.fstec.ru/vul/2020-02135",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02873",
"RefURL": "https://bdu.fstec.ru/vul/2020-02873",
"Source": "BDU"
},
{
"RefID": "BDU:2020-03619",
"RefURL": "https://bdu.fstec.ru/vul/2020-03619",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00758",
"RefURL": "https://bdu.fstec.ru/vul/2021-00758",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00799",
"RefURL": "https://bdu.fstec.ru/vul/2021-00799",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01844",
"RefURL": "https://bdu.fstec.ru/vul/2021-01844",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01845",
"RefURL": "https://bdu.fstec.ru/vul/2021-01845",
"Source": "BDU"
},
{
"RefID": "CVE-2018-14550",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14550",
"Source": "CVE"
},
{
"RefID": "CVE-2020-11655",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-11655",
"Source": "CVE"
},
{
"RefID": "CVE-2020-11656",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-11656",
"Source": "CVE"
},
{
"RefID": "CVE-2020-13871",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-13871",
"Source": "CVE"
},
{
"RefID": "CVE-2020-1730",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-1730",
"Source": "CVE"
},
{
"RefID": "CVE-2020-1967",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-1967",
"Source": "CVE"
},
{
"RefID": "CVE-2020-9327",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-9327",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3449",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3450",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450",
"Source": "CVE"
}
],
"Description": "This update upgrades mysql-workbench-community to version 8.0.25-alt2. \nSecurity Fix(es):\n\n * BDU:2020-02114: Уязвимость реализации инструкции ALTER TABLE системы управления базами данных SQLite, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2020-02135: Уязвимость библиотеки libssh, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02873: Уязвимость функции SSL_check_chain реализации протокола TLS библиотеки OpenSSL, связанная с с возможностью разыменования нулевого указателя в результате неправильной обработки TLS расширения «signature_algorithms_cert», позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-03619: Уязвимость компонента isAuxiliaryVtabOperator системы управления базами данных SQLite, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-00758: Уязвимость функции resetAccumulator из src/select.c системы управления базами данных SQLite, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-00799: Уязвимость реализации функции resetAccumulator() системы управления базами данных SQLite, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01844: Уязвимость реализации протокола TLS библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01845: Уязвимость реализации конфигурации X509_V_FLAG_X509_STRICT библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * CVE-2018-14550: An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.\n\n * CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.\n\n * CVE-2020-11656: In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.\n\n * CVE-2020-13871: SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.\n\n * CVE-2020-1730: A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.\n\n * CVE-2020-1967: Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL versi
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-07-30"
},
"Updated": {
"Date": "2021-07-30"
},
"BDUs": [
{
"ID": "BDU:2020-02114",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-02114",
"Impact": "Critical",
"Public": "20200409"
},
{
"ID": "BDU:2020-02135",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2020-02135",
"Impact": "High",
"Public": "20200212"
},
{
"ID": "BDU:2020-02873",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2020-02873",
"Impact": "High",
"Public": "20200421"
},
{
"ID": "BDU:2020-03619",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2020-03619",
"Impact": "High",
"Public": "20200222"
},
{
"ID": "BDU:2021-00758",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20, CWE-665",
"Href": "https://bdu.fstec.ru/vul/2021-00758",
"Impact": "High",
"Public": "20200409"
},
{
"ID": "BDU:2021-00799",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-00799",
"Impact": "High",
"Public": "20200606"
},
{
"ID": "BDU:2021-01844",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2021-01844",
"Impact": "Low",
"Public": "20180111"
},
{
"ID": "BDU:2021-01845",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2021-01845",
"Impact": "High",
"Public": "20210325"
}
],
"CVEs": [
{
"ID": "CVE-2018-14550",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14550",
"Impact": "High",
"Public": "20190710"
},
{
"ID": "CVE-2020-11655",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-665",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-11655",
"Impact": "High",
"Public": "20200409"
},
{
"ID": "CVE-2020-11656",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-11656",
"Impact": "Critical",
"Public": "20200409"
},
{
"ID": "CVE-2020-13871",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-13871",
"Impact": "High",
"Public": "20200606"
},
{
"ID": "CVE-2020-1730",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-1730",
"Impact": "Low",
"Public": "20200413"
},
{
"ID": "CVE-2020-1967",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-1967",
"Impact": "High",
"Public": "20200421"
},
{
"ID": "CVE-2020-9327",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-9327",
"Impact": "High",
"Public": "20200221"
},
{
"ID": "CVE-2021-3449",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449",
"Impact": "Low",
"Public": "20210325"
},
{
"ID": "CVE-2021-3450",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450",
"Impact": "High",
"Public": "20210325"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20212382001",
"Comment": "mysql-workbench-community is earlier than 0:8.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212382002",
"Comment": "mysql-workbench-community-data is earlier than 0:8.0.25-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue Copy Permalink