pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c9f2/ALT-PU-2023-7055/definitions.json

571 lines
36 KiB
JSON
Raw Normal View History

ALT Vulnerability
2024-01-10 07:45:25 +00:00
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20237055",
"Version": "oval:org.altlinux.errata:def:20237055",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-7055: package `golang` update to version 1.20.11-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-7055",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-7055",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03200",
"RefURL": "https://bdu.fstec.ru/vul/2023-03200",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03201",
"RefURL": "https://bdu.fstec.ru/vul/2023-03201",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03470",
"RefURL": "https://bdu.fstec.ru/vul/2023-03470",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03471",
"RefURL": "https://bdu.fstec.ru/vul/2023-03471",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03472",
"RefURL": "https://bdu.fstec.ru/vul/2023-03472",
"Source": "BDU"
},
{
"RefID": "BDU:2023-04160",
"RefURL": "https://bdu.fstec.ru/vul/2023-04160",
"Source": "BDU"
},
{
"RefID": "BDU:2023-04161",
"RefURL": "https://bdu.fstec.ru/vul/2023-04161",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05718",
"RefURL": "https://bdu.fstec.ru/vul/2023-05718",
"Source": "BDU"
},
{
"RefID": "BDU:2023-06242",
"RefURL": "https://bdu.fstec.ru/vul/2023-06242",
"Source": "BDU"
},
{
"RefID": "BDU:2023-06559",
"RefURL": "https://bdu.fstec.ru/vul/2023-06559",
"Source": "BDU"
},
{
"RefID": "BDU:2023-07013",
"RefURL": "https://bdu.fstec.ru/vul/2023-07013",
"Source": "BDU"
},
{
"RefID": "BDU:2023-07201",
"RefURL": "https://bdu.fstec.ru/vul/2023-07201",
"Source": "BDU"
},
{
"RefID": "CVE-2023-24534",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-24534",
"Source": "CVE"
},
{
"RefID": "CVE-2023-24536",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-24536",
"Source": "CVE"
},
{
"RefID": "CVE-2023-24537",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-24537",
"Source": "CVE"
},
{
"RefID": "CVE-2023-24538",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-24538",
"Source": "CVE"
},
{
"RefID": "CVE-2023-24539",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-24539",
"Source": "CVE"
},
{
"RefID": "CVE-2023-24540",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540",
"Source": "CVE"
},
{
"RefID": "CVE-2023-29400",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-29400",
"Source": "CVE"
},
{
"RefID": "CVE-2023-29402",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-29402",
"Source": "CVE"
},
{
"RefID": "CVE-2023-29403",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-29403",
"Source": "CVE"
},
{
"RefID": "CVE-2023-29404",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-29404",
"Source": "CVE"
},
{
"RefID": "CVE-2023-29405",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-29405",
"Source": "CVE"
},
{
"RefID": "CVE-2023-29406",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"Source": "CVE"
},
{
"RefID": "CVE-2023-29409",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"Source": "CVE"
},
{
"RefID": "CVE-2023-39318",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318",
"Source": "CVE"
},
{
"RefID": "CVE-2023-39319",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319",
"Source": "CVE"
},
{
"RefID": "CVE-2023-39320",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-39320",
"Source": "CVE"
},
{
"RefID": "CVE-2023-39321",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321",
"Source": "CVE"
},
{
"RefID": "CVE-2023-39322",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322",
"Source": "CVE"
},
{
"RefID": "CVE-2023-39323",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-39323",
"Source": "CVE"
},
{
"RefID": "CVE-2023-39325",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"Source": "CVE"
},
{
"RefID": "CVE-2023-44487",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"Source": "CVE"
},
{
"RefID": "CVE-2023-45283",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-45283",
"Source": "CVE"
},
{
"RefID": "CVE-2023-45284",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-45284",
"Source": "CVE"
}
],
"Description": "This update upgrades golang to version 1.20.11-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03200: Уязвимость языка программирования Go, связанная с небезопасным внешним контролем за критическими данными состояния, позволяющая нарушителю повысить свои привилегии и получить доступ на чтение, изменение или удаление данных\n\n * BDU:2023-03201: Уязвимость модуля Cgo языка программирования Go, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-03470: Уязвимость языка программирования Go, связанная с ошибками при обработке специальных символов \u0026quot;\u0026lt;\u0026gt;\u0026quot; в контексте CSS, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-03471: Уязвимость языка программирования Go, связанная с ошибками при обработке пробельных символов в контексте JavaScript, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2023-03472: Уязвимость языка программирования Go, существующая из-за непринятия мер по нейтрализации специальных элементов, позволяющая нарушителю внедрить произвольные атрибуты в теги HTML\n\n * BDU:2023-04160: Уязвимость расширения Cgo языка программирования Go, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-04161: Уязвимость расширения Cgo языка программирования Go, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-05718: Уязвимость файла go.mod языка программирования Go, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код\n\n * BDU:2023-06242: Уязвимость пакета crypto/tls языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-06559: Уязвимость реализации протокола HTTP/2, связанная с возможностью формирования потока запросов в рамках уже установленного сетевого соединения, без открытия новых сетевых соединений и без подтверждения получения пакетов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-07013: Уязвимость пакета http2 языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-07201: Уязвимость директивы \u0026quot;//line\u0026quot; языка программирования Go, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2023-24534: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. A
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
ALT Vulnerability
2024-02-14 09:47:22 +00:00
"Rights": "Copyright 2024 BaseALT Ltd.",
ALT Vulnerability
2024-01-10 07:45:25 +00:00
"Issued": {
"Date": "2023-11-10"
},
"Updated": {
"Date": "2023-11-10"
},
"bdu": [
{
"Cvss": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"Cvss3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"Cwe": "CWE-642",
"Href": "https://bdu.fstec.ru/vul/2023-03200",
"Impact": "Low",
"Public": "20230405",
"CveID": "BDU:2023-03200"
},
{
"Cvss": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"Cvss3": "AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"Cwe": "CWE-94",
"Href": "https://bdu.fstec.ru/vul/2023-03201",
"Impact": "High",
"Public": "20230405",
"CveID": "BDU:2023-03201"
},
{
"Cvss": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"Cwe": "CWE-74",
"Href": "https://bdu.fstec.ru/vul/2023-03470",
"Impact": "High",
"Public": "20230511",
"CveID": "BDU:2023-03470"
},
{
"Cvss": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-74",
"Href": "https://bdu.fstec.ru/vul/2023-03471",
"Impact": "Critical",
"Public": "20230511",
"CveID": "BDU:2023-03471"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"Cwe": "CWE-74",
"Href": "https://bdu.fstec.ru/vul/2023-03472",
"Impact": "High",
"Public": "20230511",
"CveID": "BDU:2023-03472"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-74, CWE-88",
"Href": "https://bdu.fstec.ru/vul/2023-04160",
"Impact": "Critical",
"Public": "20230519",
"CveID": "BDU:2023-04160"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-94",
"Href": "https://bdu.fstec.ru/vul/2023-04161",
"Impact": "Critical",
"Public": "20230519",
"CveID": "BDU:2023-04161"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-94",
"Href": "https://bdu.fstec.ru/vul/2023-05718",
"Impact": "Critical",
"Public": "20230727",
"CveID": "BDU:2023-05718"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"Cwe": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2023-06242",
"Impact": "Low",
"Public": "20230802",
"CveID": "BDU:2023-06242"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2023-06559",
"Impact": "High",
"Public": "20231010",
"CveID": "BDU:2023-06559"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2023-07013",
"Impact": "High",
"Public": "20231006",
"CveID": "BDU:2023-07013"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-94",
"Href": "https://bdu.fstec.ru/vul/2023-07201",
"Impact": "Critical",
"Public": "20230510",
"CveID": "BDU:2023-07201"
}
],
"Cves": [
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-24534",
"Impact": "High",
"Public": "20230406",
"CveID": "CVE-2023-24534"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-24536",
"Impact": "High",
"Public": "20230406",
"CveID": "CVE-2023-24536"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-24537",
"Impact": "High",
"Public": "20230406",
"CveID": "CVE-2023-24537"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-94",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-24538",
"Impact": "Critical",
"Public": "20230406",
"CveID": "CVE-2023-24538"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"Cwe": "CWE-74",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-24539",
"Impact": "High",
"Public": "20230511",
"CveID": "CVE-2023-24539"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540",
"Impact": "Critical",
"Public": "20230511",
"CveID": "CVE-2023-24540"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"Cwe": "CWE-74",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-29400",
"Impact": "High",
"Public": "20230511",
"CveID": "CVE-2023-29400"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-94",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-29402",
"Impact": "Critical",
"Public": "20230608",
"CveID": "CVE-2023-29402"
},
{
"Cvss3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-668",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-29403",
"Impact": "High",
"Public": "20230608",
"CveID": "CVE-2023-29403"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-94",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-29404",
"Impact": "Critical",
"Public": "20230608",
"CveID": "CVE-2023-29404"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-74",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-29405",
"Impact": "Critical",
"Public": "20230608",
"CveID": "CVE-2023-29405"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"Cwe": "CWE-436",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"Impact": "Low",
"Public": "20230711",
"CveID": "CVE-2023-29406"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"Cwe": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"Impact": "Low",
"Public": "20230802",
"CveID": "CVE-2023-29409"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"Cwe": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318",
"Impact": "Low",
"Public": "20230908",
"CveID": "CVE-2023-39318"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"Cwe": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319",
"Impact": "Low",
"Public": "20230908",
"CveID": "CVE-2023-39319"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-94",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-39320",
"Impact": "Critical",
"Public": "20230908",
"CveID": "CVE-2023-39320"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321",
"Impact": "High",
"Public": "20230908",
"CveID": "CVE-2023-39321"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322",
"Impact": "High",
"Public": "20230908",
"CveID": "CVE-2023-39322"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-39323",
"Impact": "High",
"Public": "20231005",
"CveID": "CVE-2023-39323"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
ALT Vulnerability
2024-01-21 09:04:28 +00:00
"Cwe": "CWE-770",
ALT Vulnerability
2024-01-10 07:45:25 +00:00
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"Impact": "High",
"Public": "20231011",
"CveID": "CVE-2023-39325"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"Impact": "High",
"Public": "20231010",
"CveID": "CVE-2023-44487"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"Cwe": "CWE-22",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-45283",
"Impact": "High",
"Public": "20231109",
"CveID": "CVE-2023-45283"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"Cwe": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-45284",
"Impact": "Low",
"Public": "20231109",
"CveID": "CVE-2023-45284"
}
],
"Bugzilla": [
{
"Id": "45547",
"Href": "https://bugzilla.altlinux.org/45547",
"Data": "golang ultimately depends on cmake and /usr/bin/docker"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20237055001",
"Comment": "golang is earlier than 0:1.20.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20237055002",
"Comment": "golang-docs is earlier than 0:1.20.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20237055003",
"Comment": "golang-gdb is earlier than 0:1.20.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20237055004",
"Comment": "golang-misc is earlier than 0:1.20.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20237055005",
"Comment": "golang-shared is earlier than 0:1.20.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20237055006",
"Comment": "golang-src is earlier than 0:1.20.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20237055007",
"Comment": "golang-tests is earlier than 0:1.20.11-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue Copy Permalink