pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0f9ca6c802
vuln-list-alt/oval/c10f2/ALT-PU-2023-8313/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

140 lines
5.3 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20238313",
"Version": "oval:org.altlinux.errata:def:20238313",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-8313: package `raptor2` update to version 2.0.16-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-8313",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-8313",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-03499",
"RefURL": "https://bdu.fstec.ru/vul/2021-03499",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05307",
"RefURL": "https://bdu.fstec.ru/vul/2022-05307",
"Source": "BDU"
},
{
"RefID": "CVE-2017-18926",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18926",
"Source": "CVE"
},
{
"RefID": "CVE-2020-25713",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25713",
"Source": "CVE"
}
],
"Description": "This update upgrades raptor2 to version 2.0.16-alt1. \nSecurity Fix(es):\n\n * BDU:2021-03499: Уязвимость компонента raptor_xml_writer_start_element_common библиотеки на Си Raptor, связанная с записью за границами буфера, позволяющая нарушителю нарушить целостность данных или вызвать отказ в обслуживании\n\n * BDU:2022-05307: Уязвимость функции raptor_xml_writer_start_element_common библиотеки Raptor, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2017-18926: raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).\n\n * CVE-2020-25713: A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.\n\n * #48916: FTBFS с 16 декабря",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-12-27"
},
"Updated": {
"Date": "2023-12-27"
},
"BDUs": [
{
"ID": "BDU:2021-03499",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-03499",
"Impact": "High",
"Public": "20201106"
},
{
"ID": "BDU:2022-05307",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-05307",
"Impact": "Low",
"Public": "20210513"
}
],
"CVEs": [
{
"ID": "CVE-2017-18926",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-18926",
"Impact": "High",
"Public": "20201106"
},
{
"ID": "CVE-2020-25713",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25713",
"Impact": "Low",
"Public": "20210513"
}
],
"Bugzilla": [
{
"ID": "48916",
"Href": "https://bugzilla.altlinux.org/48916",
"Data": "FTBFS с 16 декабря"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20238313001",
"Comment": "libraptor2 is earlier than 0:2.0.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20238313002",
"Comment": "raptor2 is earlier than 0:2.0.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20238313003",
"Comment": "raptor2-devel is earlier than 0:2.0.16-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink