pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
26379462a9
vuln-list-alt/oval/c10f1/ALT-PU-2022-2882/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

101 lines
3.5 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20222882",
"Version": "oval:org.altlinux.errata:def:20222882",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-2882: package `lrzsz` update to version 0.12.20-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-2882",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-2882",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-04617",
"RefURL": "https://bdu.fstec.ru/vul/2021-04617",
"Source": "BDU"
},
{
"RefID": "CVE-2018-10195",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-10195",
"Source": "CVE"
}
],
"Description": "This update upgrades lrzsz to version 0.12.20-alt2. \nSecurity Fix(es):\n\n * BDU:2021-04617: Уязвимость функции zsdata инструментов для передачи файлов zmodem/xmodem/ymodem Lrzsz, связанная с целочисленным переполнением, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * CVE-2018-10195: lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-10-19"
},
"Updated": {
"Date": "2022-10-19"
},
"BDUs": [
{
"ID": "BDU:2021-04617",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-04617",
"Impact": "High",
"Public": "20180418"
}
],
"CVEs": [
{
"ID": "CVE-2018-10195",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-10195",
"Impact": "High",
"Public": "20210602"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20222882001",
"Comment": "lrzsz is earlier than 1:0.12.20-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink