pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0f9ca6c802
vuln-list-alt/oval/c10f2/ALT-PU-2023-6270/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

378 lines
18 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20236270",
"Version": "oval:org.altlinux.errata:def:20236270",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-6270: package `file` update to version 5.44-alt3",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-6270",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-6270",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-00377",
"RefURL": "https://bdu.fstec.ru/vul/2015-00377",
"Source": "BDU"
},
{
"RefID": "BDU:2015-00378",
"RefURL": "https://bdu.fstec.ru/vul/2015-00378",
"Source": "BDU"
},
{
"RefID": "BDU:2015-00379",
"RefURL": "https://bdu.fstec.ru/vul/2015-00379",
"Source": "BDU"
},
{
"RefID": "BDU:2015-01282",
"RefURL": "https://bdu.fstec.ru/vul/2015-01282",
"Source": "BDU"
},
{
"RefID": "BDU:2015-06092",
"RefURL": "https://bdu.fstec.ru/vul/2015-06092",
"Source": "BDU"
},
{
"RefID": "BDU:2015-06093",
"RefURL": "https://bdu.fstec.ru/vul/2015-06093",
"Source": "BDU"
},
{
"RefID": "BDU:2015-06094",
"RefURL": "https://bdu.fstec.ru/vul/2015-06094",
"Source": "BDU"
},
{
"RefID": "BDU:2015-06095",
"RefURL": "https://bdu.fstec.ru/vul/2015-06095",
"Source": "BDU"
},
{
"RefID": "BDU:2015-06096",
"RefURL": "https://bdu.fstec.ru/vul/2015-06096",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09797",
"RefURL": "https://bdu.fstec.ru/vul/2015-09797",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09882",
"RefURL": "https://bdu.fstec.ru/vul/2015-09882",
"Source": "BDU"
},
{
"RefID": "BDU:2015-10226",
"RefURL": "https://bdu.fstec.ru/vul/2015-10226",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01768",
"RefURL": "https://bdu.fstec.ru/vul/2020-01768",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05320",
"RefURL": "https://bdu.fstec.ru/vul/2023-05320",
"Source": "BDU"
},
{
"RefID": "CVE-2014-2270",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-2270",
"Source": "CVE"
},
{
"RefID": "CVE-2014-3479",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-3479",
"Source": "CVE"
},
{
"RefID": "CVE-2014-3480",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-3480",
"Source": "CVE"
},
{
"RefID": "CVE-2014-3487",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-3487",
"Source": "CVE"
},
{
"RefID": "CVE-2014-8117",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-8117",
"Source": "CVE"
},
{
"RefID": "CVE-2014-9652",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-9652",
"Source": "CVE"
},
{
"RefID": "CVE-2014-9653",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-9653",
"Source": "CVE"
},
{
"RefID": "CVE-2019-18218",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-18218",
"Source": "CVE"
},
{
"RefID": "CVE-2022-48554",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-48554",
"Source": "CVE"
}
],
"Description": "This update upgrades file to version 5.44-alt3. \nSecurity Fix(es):\n\n * BDU:2015-00377: Уязвимость программного обеспечения PHP, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-00378: Уязвимость программного обеспечения PHP, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-00379: Уязвимость программного обеспечения PHP, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-01282: Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-06092: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-06093: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-06094: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-06095: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-06096: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-09797: Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-09882: Уязвимость интерпретатора PHP, позволяющая удалённому злоумышленнику получить доступ к области памяти за пределами границ приложения или вызвать аварийное завершение приложения\n\n * BDU:2015-10226: Уязвимость интерпретатора PHP, позволяющая удалённому нарушителю вызвать отказ в обслуживании или оказать иное воздействие на систему\n\n * BDU:2020-01768: Уязвимость функции cdf_read_property_info инструмента для классификации типов файлов file, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2023-05320: Уязвимость функции file_copystr (funcs.c) утилиты для определения типа заданных файлов File, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2014-2270: softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.\n\n * CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.\n\n * CVE-2014-3480: The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.\n\n * CVE-2014-3487: The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.\n\n * CVE-2014-8117: softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.\n\n * CVE-2014-9652: The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.\n\n * CVE-2014-9653: readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.\n\n * CVE-2019-18218: cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).\n\n * CVE-2022-48554: File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.\n\n * #42873: file из-под root не может открыть файл на чтение",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-10-18"
},
"Updated": {
"Date": "2023-10-18"
},
"BDUs": [
{
"ID": "BDU:2015-00377",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CWE": "CWE-189",
"Href": "https://bdu.fstec.ru/vul/2015-00377",
"Impact": "Low",
"Public": "20140609"
},
{
"ID": "BDU:2015-00378",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"Href": "https://bdu.fstec.ru/vul/2015-00378",
"Impact": "Low",
"Public": "20140608"
},
{
"ID": "BDU:2015-00379",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2015-00379",
"Impact": "Low",
"Public": "20140609"
},
{
"ID": "BDU:2015-01282",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"Href": "https://bdu.fstec.ru/vul/2015-01282",
"Impact": "Low",
"Public": "19700101"
},
{
"ID": "BDU:2015-06092",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"Href": "https://bdu.fstec.ru/vul/2015-06092",
"Impact": "Low",
"Public": "20141014"
},
{
"ID": "BDU:2015-06093",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"Href": "https://bdu.fstec.ru/vul/2015-06093",
"Impact": "Low",
"Public": "20141014"
},
{
"ID": "BDU:2015-06094",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"Href": "https://bdu.fstec.ru/vul/2015-06094",
"Impact": "Low",
"Public": "20141014"
},
{
"ID": "BDU:2015-06095",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"Href": "https://bdu.fstec.ru/vul/2015-06095",
"Impact": "Low",
"Public": "20141014"
},
{
"ID": "BDU:2015-06096",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"Href": "https://bdu.fstec.ru/vul/2015-06096",
"Impact": "Low",
"Public": "20141014"
},
{
"ID": "BDU:2015-09797",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"Href": "https://bdu.fstec.ru/vul/2015-09797",
"Impact": "Low",
"Public": "20141227"
},
{
"ID": "BDU:2015-09882",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-09882",
"Impact": "Low",
"Public": "20140122"
},
{
"ID": "BDU:2015-10226",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2015-10226",
"Impact": "High",
"Public": "20150330"
},
{
"ID": "BDU:2020-01768",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-01768",
"Impact": "Critical",
"Public": "20191021"
},
{
"ID": "BDU:2023-05320",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2023-05320",
"Impact": "Low",
"Public": "20220121"
}
],
"CVEs": [
{
"ID": "CVE-2014-2270",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-2270",
"Impact": "Low",
"Public": "20140314"
},
{
"ID": "CVE-2014-3479",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-3479",
"Impact": "Low",
"Public": "20140709"
},
{
"ID": "CVE-2014-3480",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-3480",
"Impact": "Low",
"Public": "20140709"
},
{
"ID": "CVE-2014-3487",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-3487",
"Impact": "Low",
"Public": "20140709"
},
{
"ID": "CVE-2014-8117",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-8117",
"Impact": "Low",
"Public": "20141217"
},
{
"ID": "CVE-2014-9652",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-9652",
"Impact": "Low",
"Public": "20150330"
},
{
"ID": "CVE-2014-9653",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-9653",
"Impact": "High",
"Public": "20150330"
},
{
"ID": "CVE-2019-18218",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-18218",
"Impact": "High",
"Public": "20191021"
},
{
"ID": "CVE-2022-48554",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-48554",
"Impact": "Low",
"Public": "20230822"
}
],
"Bugzilla": [
{
"ID": "42873",
"Href": "https://bugzilla.altlinux.org/42873",
"Data": "file из-под root не может открыть файл на чтение"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20236270001",
"Comment": "file is earlier than 0:5.44-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20236270002",
"Comment": "libmagic is earlier than 0:5.44-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20236270003",
"Comment": "libmagic-devel is earlier than 0:5.44-alt3"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink