pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
26379462a9
vuln-list-alt/oval/c10f1/ALT-PU-2017-1464/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

198 lines
9.4 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20171464",
"Version": "oval:org.altlinux.errata:def:20171464",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2017-1464: package `bind` update to version 9.10.4.P8-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2017-1464",
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-1464",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-00776",
"RefURL": "https://bdu.fstec.ru/vul/2020-00776",
"Source": "BDU"
},
{
"RefID": "CVE-2016-2775",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2775",
"Source": "CVE"
},
{
"RefID": "CVE-2016-6170",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-6170",
"Source": "CVE"
},
{
"RefID": "CVE-2016-8864",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8864",
"Source": "CVE"
},
{
"RefID": "CVE-2017-3136",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3136",
"Source": "CVE"
},
{
"RefID": "CVE-2017-3137",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3137",
"Source": "CVE"
},
{
"RefID": "CVE-2017-3138",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-3138",
"Source": "CVE"
}
],
"Description": "This update upgrades bind to version 9.10.4.P8-alt1. \nSecurity Fix(es):\n\n * BDU:2020-00776: Уязвимость сервера DNS BIND, связанная с ошибками обработки данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2016-2775: ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.\n\n * CVE-2016-6170: ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.\n\n * CVE-2016-8864: named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.\n\n * CVE-2017-3136: A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -\u003e 9.8.8-P1, 9.9.0 -\u003e 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.0 -\u003e 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0 -\u003e 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, 9.9.3-S1 -\u003e 9.9.9-S8.\n\n * CVE-2017-3137: Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, and 9.9.9-S8.\n\n * CVE-2017-3138: named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9-\u003e9.9.9-P7, 9.9.10b1-\u003e9.9.10rc2, 9.10.4-\u003e9.10.4-P7, 9.10.5b1-\u003e9.10.5rc2, 9.11.0-\u003e9.11.0-P4, 9.11.1b1-\u003e9.11.1rc2, 9.9.9-S1-\u003e9.9.9-S9.\n\n * #33239: control bind-chroot не работает в случае использования systemd",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2017-04-13"
},
"Updated": {
"Date": "2017-04-13"
},
"BDUs": [
{
"ID": "BDU:2020-00776",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-19",
"Href": "https://bdu.fstec.ru/vul/2020-00776",
"Impact": "High",
"Public": "20160211"
}
],
"CVEs": [
{
"ID": "CVE-2016-2775",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2775",
"Impact": "Low",
"Public": "20160719"
},
{
"ID": "CVE-2016-6170",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-6170",
"Impact": "Low",
"Public": "20160706"
},
{
"ID": "CVE-2016-8864",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-8864",
"Impact": "High",
"Public": "20161102"
},
{
"ID": "CVE-2017-3136",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3136",
"Impact": "Low",
"Public": "20190116"
},
{
"ID": "CVE-2017-3137",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3137",
"Impact": "High",
"Public": "20190116"
},
{
"ID": "CVE-2017-3138",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-3138",
"Impact": "Low",
"Public": "20190116"
}
],
"Bugzilla": [
{
"ID": "33239",
"Href": "https://bugzilla.altlinux.org/33239",
"Data": "control bind-chroot не работает в случае использования systemd"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20171464001",
"Comment": "bind is earlier than 0:9.10.4.P8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171464002",
"Comment": "bind-devel is earlier than 0:9.10.4.P8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171464003",
"Comment": "bind-doc is earlier than 0:9.10.4.P8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171464004",
"Comment": "bind-utils is earlier than 0:9.10.4.P8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171464005",
"Comment": "libbind is earlier than 0:9.10.4.P8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171464006",
"Comment": "lwresd is earlier than 0:9.10.4.P8-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink