pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7a88d47876
vuln-list-alt/oval/c10f1/ALT-PU-2016-1849/definitions.json

126 lines
4.9 KiB
JSON
Raw Normal View History

ALT Vulnerability
2024-06-28 16:17:52 +03:00
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20161849",
"Version": "oval:org.altlinux.errata:def:20161849",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2016-1849: package `golang` update to version 1.7-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2016-1849",
"RefURL": "https://errata.altlinux.org/ALT-PU-2016-1849",
"Source": "ALTPU"
},
{
"RefID": "CVE-2016-3958",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-3958",
"Source": "CVE"
},
{
"RefID": "CVE-2016-3959",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-3959",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5386",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5386",
"Source": "CVE"
}
],
"Description": "This update upgrades golang to version 1.7-alt1. \nSecurity Fix(es):\n\n * CVE-2016-3958: Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.\n\n * CVE-2016-3959: The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.\n\n * CVE-2016-5386: The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2016-08-16"
},
"Updated": {
"Date": "2016-08-16"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2016-3958",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-3958",
"Impact": "High",
"Public": "20160523"
},
{
"ID": "CVE-2016-3959",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-3959",
"Impact": "High",
"Public": "20160523"
},
{
"ID": "CVE-2016-5386",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-284",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5386",
"Impact": "High",
"Public": "20160719"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20161849001",
"Comment": "golang is earlier than 0:1.7-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161849002",
"Comment": "golang-docs is earlier than 0:1.7-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161849003",
"Comment": "golang-gdb is earlier than 0:1.7-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161849004",
"Comment": "golang-shared is earlier than 0:1.7-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue Copy Permalink