pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0707cb759b
vuln-list-alt/oval/p9/ALT-PU-2020-2593/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

160 lines
6.3 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20202593",
"Version": "oval:org.altlinux.errata:def:20202593",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-2593: package `dotnet-coreclr` update to version 3.1.6-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-2593",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-2593",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-02481",
"RefURL": "https://bdu.fstec.ru/vul/2020-02481",
"Source": "BDU"
},
{
"RefID": "BDU:2020-03369",
"RefURL": "https://bdu.fstec.ru/vul/2020-03369",
"Source": "BDU"
},
{
"RefID": "CVE-2020-1108",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-1108",
"Source": "CVE"
},
{
"RefID": "CVE-2020-1147",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-1147",
"Source": "CVE"
}
],
"Description": "This update upgrades dotnet-coreclr to version 3.1.6-alt1. \nSecurity Fix(es):\n\n * BDU:2020-02481: Уязвимость программных платформ .NET Core и Microsoft .NET Framework, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-03369: Уязвимость программной платформы Microsoft .NET Framework, средства разработки программного обеспечения Microsoft Visual Studio, пакетов программ Microsoft SharePoint Server и Microsoft SharePoint Enterprise Server, связанная с ошибками при обработке XML-запросов, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2020-1108: A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core \u0026 .NET Framework Denial of Service Vulnerability'.\n\n * CVE-2020-1147: A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.\n\n * #38744: Обновить .Net Core 3.1",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-08-14"
},
"Updated": {
"Date": "2020-08-14"
},
"BDUs": [
{
"ID": "BDU:2020-02481",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2020-02481",
"Impact": "High",
"Public": "20200512"
},
{
"ID": "BDU:2020-03369",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-91",
"Href": "https://bdu.fstec.ru/vul/2020-03369",
"Impact": "Critical",
"Public": "20200714"
}
],
"CVEs": [
{
"ID": "CVE-2020-1108",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-1108",
"Impact": "High",
"Public": "20200521"
},
{
"ID": "CVE-2020-1147",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-1147",
"Impact": "High",
"Public": "20200714"
}
],
"Bugzilla": [
{
"ID": "38744",
"Href": "https://bugzilla.altlinux.org/38744",
"Data": "Обновить .Net Core 3.1"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20202593001",
"Comment": "dotnet-coreclr is earlier than 0:3.1.6-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink