pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1832c75415
vuln-list-alt/oval/c9f2/ALT-PU-2023-1006/definitions.json
pepelyaevip 9e8a5a2bb2 ALT Vulnerability
2024-02-14 09:47:22 +00:00

181 lines
7.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20231006",
"Version": "oval:org.altlinux.errata:def:20231006",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-1006: package `p11-kit` update to version 0.24.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-1006",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-1006",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-01897",
"RefURL": "https://bdu.fstec.ru/vul/2021-01897",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03158",
"RefURL": "https://bdu.fstec.ru/vul/2021-03158",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03634",
"RefURL": "https://bdu.fstec.ru/vul/2021-03634",
"Source": "BDU"
},
{
"RefID": "CVE-2020-29361",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-29361",
"Source": "CVE"
},
{
"RefID": "CVE-2020-29362",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-29362",
"Source": "CVE"
},
{
"RefID": "CVE-2020-29363",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-29363",
"Source": "CVE"
}
],
"Description": "This update upgrades p11-kit to version 0.24.1-alt1. \nSecurity Fix(es):\n\n * BDU:2021-01897: Уязвимость функции p11_rpc_buffer_get_byte_array_value библиотеки для работы с модулями PKCS P11-kit, связанная с записью за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-03158: Уязвимость в распределении массивов библиотеки для работы с модулями PKCS P11-kit, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-03634: Уязвимость функции p11_rpc_buffer_get_byte_array библиотеки для работы с модулями PKCS P11-kit, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * CVE-2020-29361: An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.\n\n * CVE-2020-29362: An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.\n\n * CVE-2020-29363: An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-01-04"
},
"Updated": {
"Date": "2023-01-04"
},
"bdu": [
{
"Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-01897",
"Impact": "High",
"Public": "20201127",
"CveID": "BDU:2021-01897"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"Cwe": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-03158",
"Impact": "Low",
"Public": "20201216",
"CveID": "BDU:2021-03158"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"Cwe": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-03634",
"Impact": "Low",
"Public": "20201216",
"CveID": "BDU:2021-03634"
}
],
"Cves": [
{
"Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-29361",
"Impact": "High",
"Public": "20201216",
"CveID": "CVE-2020-29361"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"Cwe": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-29362",
"Impact": "Low",
"Public": "20201216",
"CveID": "CVE-2020-29362"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-29363",
"Impact": "High",
"Public": "20201216",
"CveID": "CVE-2020-29363"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20231006001",
"Comment": "libp11-kit is earlier than 0:0.24.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231006002",
"Comment": "libp11-kit-devel is earlier than 0:0.24.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231006003",
"Comment": "libp11-kit-devel-doc is earlier than 0:0.24.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231006004",
"Comment": "p11-kit is earlier than 0:0.24.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231006005",
"Comment": "p11-kit-checkinstall is earlier than 0:0.24.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231006006",
"Comment": "p11-kit-server is earlier than 0:0.24.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231006007",
"Comment": "p11-kit-trust is earlier than 0:0.24.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink