vuln-list-alt/oval/c10f1/ALT-PU-2018-2665/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20182665",
      "Version": "oval:org.altlinux.errata:def:20182665",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2018-2665: package `binutils` update to version 2.31.1-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c10f1"
            ],
            "Products": [
              "ALT SP Workstation",
              "ALT SP Server"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2018-2665",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2018-2665",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2019-00676",
            "RefURL": "https://bdu.fstec.ru/vul/2019-00676",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2018-19931",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19931",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2018-19932",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19932",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades binutils to version 2.31.1-alt1. \nSecurity Fix(es):\n\n * BDU:2019-00676: Уязвимость функции bfd_elf32_swap_phdr_in программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2018-19931: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.\n\n * CVE-2018-19932: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2018-11-20"
          },
          "Updated": {
            "Date": "2018-11-20"
          },
          "BDUs": [
            {
              "ID": "BDU:2019-00676",
              "CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
              "CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "CWE": "CWE-119",
              "Href": "https://bdu.fstec.ru/vul/2019-00676",
              "Impact": "High",
              "Public": "20181207"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2018-19931",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "CWE": "CWE-787",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19931",
              "Impact": "High",
              "Public": "20181207"
            },
            {
              "ID": "CVE-2018-19932",
              "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
              "CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "CWE": "CWE-190",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19932",
              "Impact": "Low",
              "Public": "20181207"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:10",
              "cpe:/o:alt:spserver:10"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:4001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182665001",
                "Comment": "binutils is earlier than 1:2.31.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182665002",
                "Comment": "binutils-devel is earlier than 1:2.31.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182665003",
                "Comment": "binutils-source is earlier than 1:2.31.1-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}