pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2014-1162/definitions.json
pepelyaevip 83c40c9d64 ALT Vulnerability
2024-07-06 03:04:52 +00:00

134 lines
4.8 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20141162",
"Version": "oval:org.altlinux.errata:def:20141162",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2014-1162: package `libyaml` update to version 0.1.5-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2014-1162",
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-1162",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-04120",
"RefURL": "https://bdu.fstec.ru/vul/2015-04120",
"Source": "BDU"
},
{
"RefID": "CVE-2013-6393",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6393",
"Source": "CVE"
}
],
"Description": "This update upgrades libyaml to version 0.1.5-alt1. \nSecurity Fix(es):\n\n * BDU:2015-04120: Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2013-6393: The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.\n\n * #29802: CVE-2013-6393 -- libyaml: heap-based buffer overflow when parsing YAML tags",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2014-02-06"
},
"Updated": {
"Date": "2014-02-06"
},
"BDUs": [
{
"ID": "BDU:2015-04120",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-04120",
"Impact": "Low",
"Public": "20140206"
}
],
"CVEs": [
{
"ID": "CVE-2013-6393",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6393",
"Impact": "Low",
"Public": "20140206"
}
],
"Bugzilla": [
{
"ID": "29802",
"Href": "https://bugzilla.altlinux.org/29802",
"Data": "CVE-2013-6393 -- libyaml: heap-based buffer overflow when parsing YAML tags"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20141162001",
"Comment": "libyaml-devel is earlier than 0:0.1.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141162002",
"Comment": "libyaml2 is earlier than 0:0.1.5-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink