168 lines
6.9 KiB
JSON
168 lines
6.9 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20191149",
|
||
"Version": "oval:org.altlinux.errata:def:20191149",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2019-1149: package `python3` update to version 3.6.8-alt1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch c10f1"
|
||
],
|
||
"Products": [
|
||
"ALT SP Workstation",
|
||
"ALT SP Server"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2019-1149",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-1149",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2018-01554",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2018-01554",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2019-02457",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2019-02457",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2018-14647",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14647",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2019-5010",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-5010",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades python3 to version 3.6.8-alt1. \nSecurity Fix(es):\n\n * BDU:2018-01554: Уязвимость пакета программ Python, связанная с ошибками при освобождении ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-02457: Уязвимость процедуры синтаксического анализа сертификата интерпретатора языка программирования Python, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2018-14647: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.\n\n * CVE-2019-5010: An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.\n\n * #35992: rpm-build-python3 нет в Requires",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "High",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2019-01-30"
|
||
},
|
||
"Updated": {
|
||
"Date": "2019-01-30"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2018-01554",
|
||
"CVSS": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
|
||
"CVSS3": "AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
|
||
"CWE": "CWE-404",
|
||
"Href": "https://bdu.fstec.ru/vul/2018-01554",
|
||
"Impact": "Low",
|
||
"Public": "20180910"
|
||
},
|
||
{
|
||
"ID": "BDU:2019-02457",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-476",
|
||
"Href": "https://bdu.fstec.ru/vul/2019-02457",
|
||
"Impact": "High",
|
||
"Public": "20190115"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2018-14647",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-909",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14647",
|
||
"Impact": "High",
|
||
"Public": "20180925"
|
||
},
|
||
{
|
||
"ID": "CVE-2019-5010",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-476",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-5010",
|
||
"Impact": "High",
|
||
"Public": "20191031"
|
||
}
|
||
],
|
||
"Bugzilla": [
|
||
{
|
||
"ID": "35992",
|
||
"Href": "https://bugzilla.altlinux.org/35992",
|
||
"Data": "rpm-build-python3 нет в Requires"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:spworkstation:10",
|
||
"cpe:/o:alt:spserver:10"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191149001",
|
||
"Comment": "libpython3 is earlier than 0:3.6.8-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191149002",
|
||
"Comment": "python3 is earlier than 0:3.6.8-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191149003",
|
||
"Comment": "python3-base is earlier than 0:3.6.8-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191149004",
|
||
"Comment": "python3-dev is earlier than 0:3.6.8-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191149005",
|
||
"Comment": "python3-modules-curses is earlier than 0:3.6.8-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191149006",
|
||
"Comment": "python3-modules-sqlite3 is earlier than 0:3.6.8-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191149007",
|
||
"Comment": "python3-modules-tkinter is earlier than 0:3.6.8-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191149008",
|
||
"Comment": "python3-test is earlier than 0:3.6.8-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191149009",
|
||
"Comment": "python3-tools is earlier than 0:3.6.8-alt1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |