130 lines
4.7 KiB
JSON
130 lines
4.7 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20212250",
|
|
"Version": "oval:org.altlinux.errata:def:20212250",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2021-2250: package `protobuf` update to version 3.16.0-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c10f1"
|
|
],
|
|
"Products": [
|
|
"ALT SP Workstation",
|
|
"ALT SP Server"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2021-2250",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-2250",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2021-22570",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-22570",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades protobuf to version 3.16.0-alt1. \nSecurity Fix(es):\n\n * CVE-2021-22570: Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Low",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2021-07-16"
|
|
},
|
|
"Updated": {
|
|
"Date": "2021-07-16"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2021-22570",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
|
|
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "CWE-476",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-22570",
|
|
"Impact": "Low",
|
|
"Public": "20220126"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:10",
|
|
"cpe:/o:alt:spserver:10"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20212250001",
|
|
"Comment": "libprotobuf-devel is earlier than 0:3.16.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20212250002",
|
|
"Comment": "libprotobuf-lite-devel is earlier than 0:3.16.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20212250003",
|
|
"Comment": "libprotobuf27 is earlier than 0:3.16.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20212250004",
|
|
"Comment": "libprotobuf27-lite is earlier than 0:3.16.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20212250005",
|
|
"Comment": "protobuf-bom is earlier than 0:3.16.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20212250006",
|
|
"Comment": "protobuf-compiler is earlier than 0:3.16.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20212250007",
|
|
"Comment": "protobuf-java is earlier than 0:3.16.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20212250008",
|
|
"Comment": "protobuf-java-util is earlier than 0:3.16.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20212250009",
|
|
"Comment": "protobuf-javadoc is earlier than 0:3.16.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20212250010",
|
|
"Comment": "protobuf-javalite is earlier than 0:3.16.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20212250011",
|
|
"Comment": "protobuf-parent is earlier than 0:3.16.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20212250012",
|
|
"Comment": "python3-module-protobuf is earlier than 0:3.16.0-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |