pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2021-1376/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

293 lines
13 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20211376",
"Version": "oval:org.altlinux.errata:def:20211376",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-1376: package `golang` update to version 1.16-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-1376",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1376",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-00715",
"RefURL": "https://bdu.fstec.ru/vul/2022-00715",
"Source": "BDU"
},
{
"RefID": "BDU:2022-00723",
"RefURL": "https://bdu.fstec.ru/vul/2022-00723",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01685",
"RefURL": "https://bdu.fstec.ru/vul/2022-01685",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01781",
"RefURL": "https://bdu.fstec.ru/vul/2022-01781",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01783",
"RefURL": "https://bdu.fstec.ru/vul/2022-01783",
"Source": "BDU"
},
{
"RefID": "CVE-2021-27918",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918",
"Source": "CVE"
},
{
"RefID": "CVE-2021-31525",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"Source": "CVE"
},
{
"RefID": "CVE-2021-33194",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-33194",
"Source": "CVE"
},
{
"RefID": "CVE-2021-33195",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195",
"Source": "CVE"
},
{
"RefID": "CVE-2021-33196",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196",
"Source": "CVE"
},
{
"RefID": "CVE-2021-33197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197",
"Source": "CVE"
},
{
"RefID": "CVE-2021-33198",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198",
"Source": "CVE"
},
{
"RefID": "CVE-2021-34558",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558",
"Source": "CVE"
},
{
"RefID": "CVE-2021-36221",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221",
"Source": "CVE"
}
],
"Description": "This update upgrades golang to version 1.16-alt1. \nSecurity Fix(es):\n\n * BDU:2022-00715: Уязвимость пакета crypto/tls языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-00723: Уязвимость компонента math/big.Rat и метода unmarshaltext языка программирования Go, позволяющая нарушителю вызвать аварийный сбой и перезапуск устройства\n\n * BDU:2022-01685: Уязвимость компонента archive/zip языка программирования Golang, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01781: Уязвимость компонента net/http/httputil языка программирования Golang, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2022-01783: Уязвимость функций net.Lookup{Addr,CNAME,Host} языка программирования Golang, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2021-27918: encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.\n\n * CVE-2021-31525: net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.\n\n * CVE-2021-33194: golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.\n\n * CVE-2021-33195: Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.\n\n * CVE-2021-33196: In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.\n\n * CVE-2021-33197: In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.\n\n * CVE-2021-33198: In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.\n\n * CVE-2021-34558: The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.\n\n * CVE-2021-36221: Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-02-19"
},
"Updated": {
"Date": "2021-02-19"
},
"BDUs": [
{
"ID": "BDU:2022-00715",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2022-00715",
"Impact": "Low",
"Public": "20210715"
},
{
"ID": "BDU:2022-00723",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-789",
"Href": "https://bdu.fstec.ru/vul/2022-00723",
"Impact": "High",
"Public": "20210802"
},
{
"ID": "BDU:2022-01685",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2022-01685",
"Impact": "High",
"Public": "20210518"
},
{
"ID": "BDU:2022-01781",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-862",
"Href": "https://bdu.fstec.ru/vul/2022-01781",
"Impact": "Low",
"Public": "20210802"
},
{
"ID": "BDU:2022-01783",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-74",
"Href": "https://bdu.fstec.ru/vul/2022-01783",
"Impact": "High",
"Public": "20210802"
}
],
"CVEs": [
{
"ID": "CVE-2021-27918",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918",
"Impact": "High",
"Public": "20210311"
},
{
"ID": "CVE-2021-31525",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"Impact": "Low",
"Public": "20210527"
},
{
"ID": "CVE-2021-33194",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-33194",
"Impact": "High",
"Public": "20210526"
},
{
"ID": "CVE-2021-33195",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-74",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195",
"Impact": "High",
"Public": "20210802"
},
{
"ID": "CVE-2021-33196",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196",
"Impact": "High",
"Public": "20210802"
},
{
"ID": "CVE-2021-33197",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-862",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197",
"Impact": "Low",
"Public": "20210802"
},
{
"ID": "CVE-2021-33198",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198",
"Impact": "High",
"Public": "20210802"
},
{
"ID": "CVE-2021-34558",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558",
"Impact": "Low",
"Public": "20210715"
},
{
"ID": "CVE-2021-36221",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221",
"Impact": "Low",
"Public": "20210808"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20211376001",
"Comment": "golang is earlier than 0:1.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211376002",
"Comment": "golang-docs is earlier than 0:1.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211376003",
"Comment": "golang-gdb is earlier than 0:1.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211376004",
"Comment": "golang-misc is earlier than 0:1.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211376005",
"Comment": "golang-shared is earlier than 0:1.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211376006",
"Comment": "golang-src is earlier than 0:1.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211376007",
"Comment": "golang-tests is earlier than 0:1.16-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink