pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2dae4da41e
vuln-list-alt/oval/c10f1/ALT-PU-2014-2160/definitions.json
pepelyaevip 83c40c9d64 ALT Vulnerability
2024-07-06 03:04:52 +00:00

126 lines
4.7 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20142160",
"Version": "oval:org.altlinux.errata:def:20142160",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2014-2160: package `polipo` update to version 1.1.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2014-2160",
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-2160",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-03389",
"RefURL": "https://bdu.fstec.ru/vul/2015-03389",
"Source": "BDU"
},
{
"RefID": "CVE-2009-3305",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2009-3305",
"Source": "CVE"
},
{
"RefID": "CVE-2009-4413",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2009-4413",
"Source": "CVE"
},
{
"RefID": "CVE-2011-3596",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2011-3596",
"Source": "CVE"
}
],
"Description": "This update upgrades polipo to version 1.1.1-alt1. \nSecurity Fix(es):\n\n * BDU:2015-03389: Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации\n\n * CVE-2009-3305: Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and possibly other unspecified vectors.\n\n * CVE-2009-4413: The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault.\n\n * CVE-2011-3596: Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2014-09-19"
},
"Updated": {
"Date": "2014-09-19"
},
"BDUs": [
{
"ID": "BDU:2015-03389",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2015-03389",
"Impact": "Low",
"Public": "20091224"
}
],
"CVEs": [
{
"ID": "CVE-2009-3305",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2009-3305",
"Impact": "Low",
"Public": "20091224"
},
{
"ID": "CVE-2009-4413",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-189",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2009-4413",
"Impact": "Low",
"Public": "20091224"
},
{
"ID": "CVE-2011-3596",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2011-3596",
"Impact": "High",
"Public": "20191126"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20142160001",
"Comment": "polipo is earlier than 0:1.1.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink