pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2021-1438/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

292 lines
14 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20211438",
"Version": "oval:org.altlinux.errata:def:20211438",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-1438: package `ImageMagick` update to version 6.9.12.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-1438",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1438",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-03651",
"RefURL": "https://bdu.fstec.ru/vul/2021-03651",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03652",
"RefURL": "https://bdu.fstec.ru/vul/2021-03652",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03654",
"RefURL": "https://bdu.fstec.ru/vul/2021-03654",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05183",
"RefURL": "https://bdu.fstec.ru/vul/2021-05183",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05277",
"RefURL": "https://bdu.fstec.ru/vul/2021-05277",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06962",
"RefURL": "https://bdu.fstec.ru/vul/2022-06962",
"Source": "BDU"
},
{
"RefID": "CVE-2021-20176",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20176",
"Source": "CVE"
},
{
"RefID": "CVE-2021-20224",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20224",
"Source": "CVE"
},
{
"RefID": "CVE-2021-20241",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20241",
"Source": "CVE"
},
{
"RefID": "CVE-2021-20245",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20245",
"Source": "CVE"
},
{
"RefID": "CVE-2021-20246",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20246",
"Source": "CVE"
},
{
"RefID": "CVE-2021-20309",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20309",
"Source": "CVE"
}
],
"Description": "This update upgrades ImageMagick to version 6.9.12.1-alt1. \nSecurity Fix(es):\n\n * BDU:2021-03651: Уязвимость файла gem.c набора программ для чтения и редактирования файлов ImageMagisk, связанная с отсутствием проверки деления на ноль, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-03652: Уязвимость файла coders/jp2.c. набора программ для чтения и редактирования файлов ImageMagisk, связанная с отсутствием проверки деления на ноль, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-03654: Уязвимость файла MagickCore/resample.c. набора программ для чтения и редактирования файлов ImageMagisk, связанная с отсутствием проверки деления на ноль, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-05183: Уязвимость компонента coders/webp.c консольного графического редактора ImageMagick, связанная с отсутствием проверки деления на ноль, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-05277: Уязвимость функции WaveImage() компонента MagickCore/visual-effects.c консольного графического редактора ImageMagick, связанная с отсутствием проверки деления на ноль, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06962: Уязвимость функции ExportIndexQuantum() графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * CVE-2021-20176: A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability.\n\n * CVE-2021-20224: An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.\n\n * CVE-2021-20241: A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.\n\n * CVE-2021-20245: A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.\n\n * CVE-2021-20246: A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.\n\n * CVE-2021-20309: A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-03-04"
},
"Updated": {
"Date": "2021-03-04"
},
"BDUs": [
{
"ID": "BDU:2021-03651",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2021-03651",
"Impact": "Low",
"Public": "20210115"
},
{
"ID": "BDU:2021-03652",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2021-03652",
"Impact": "Low",
"Public": "20210115"
},
{
"ID": "BDU:2021-03654",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2021-03654",
"Impact": "Low",
"Public": "20210215"
},
{
"ID": "BDU:2021-05183",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2021-05183",
"Impact": "Low",
"Public": "20210202"
},
{
"ID": "BDU:2021-05277",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2021-05277",
"Impact": "High",
"Public": "20210225"
},
{
"ID": "BDU:2022-06962",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-06962",
"Impact": "Low",
"Public": "20220825"
}
],
"CVEs": [
{
"ID": "CVE-2021-20176",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20176",
"Impact": "Low",
"Public": "20210206"
},
{
"ID": "CVE-2021-20224",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20224",
"Impact": "Low",
"Public": "20220825"
},
{
"ID": "CVE-2021-20241",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20241",
"Impact": "Low",
"Public": "20210309"
},
{
"ID": "CVE-2021-20245",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20245",
"Impact": "Low",
"Public": "20210309"
},
{
"ID": "CVE-2021-20246",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20246",
"Impact": "Low",
"Public": "20210309"
},
{
"ID": "CVE-2021-20309",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20309",
"Impact": "High",
"Public": "20210511"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20211438001",
"Comment": "ImageMagick is earlier than 0:6.9.12.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211438002",
"Comment": "ImageMagick-doc is earlier than 0:6.9.12.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211438003",
"Comment": "ImageMagick-tools is earlier than 0:6.9.12.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211438004",
"Comment": "libImageMagick++6.9 is earlier than 0:6.9.12.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211438005",
"Comment": "libImageMagick-devel is earlier than 0:6.9.12.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211438006",
"Comment": "libImageMagick6-common is earlier than 0:6.9.12.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211438007",
"Comment": "libImageMagick6.7 is earlier than 0:6.9.12.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211438008",
"Comment": "perl-Magick is earlier than 0:6.9.12.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink