pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
26379462a9
vuln-list-alt/oval/c10f1/ALT-PU-2020-3468/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

141 lines
5.4 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20203468",
"Version": "oval:org.altlinux.errata:def:20203468",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-3468: package `irssi` update to version 1.2.2-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-3468",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-3468",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-02521",
"RefURL": "https://bdu.fstec.ru/vul/2019-02521",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03213",
"RefURL": "https://bdu.fstec.ru/vul/2019-03213",
"Source": "BDU"
},
{
"RefID": "CVE-2019-13045",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-13045",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15717",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15717",
"Source": "CVE"
}
],
"Description": "This update upgrades irssi to version 1.2.2-alt1. \nSecurity Fix(es):\n\n * BDU:2019-02521: Уязвимость IRC-клиента Irssi для операционной системы Ubuntu, связанная с использованием памяти после её освобождения при отправке SASL логина на сервер, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * BDU:2019-03213: Уязвимость IRC-клиента Irssi операционных систем Ubuntu, связанная с использованием памяти после ее освобождения, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * CVE-2019-13045: Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.\n\n * CVE-2019-15717: Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-12-08"
},
"Updated": {
"Date": "2020-12-08"
},
"BDUs": [
{
"ID": "BDU:2019-02521",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2019-02521",
"Impact": "High",
"Public": "20190129"
},
{
"ID": "BDU:2019-03213",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2019-03213",
"Impact": "Critical",
"Public": "20190829"
}
],
"CVEs": [
{
"ID": "CVE-2019-13045",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-13045",
"Impact": "High",
"Public": "20190629"
},
{
"ID": "CVE-2019-15717",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15717",
"Impact": "Critical",
"Public": "20190829"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20203468001",
"Comment": "irssi is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203468002",
"Comment": "irssi-devel is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203468003",
"Comment": "irssi-otr is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203468004",
"Comment": "irssi-perl is earlier than 0:1.2.2-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink