pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
307fb8e080
vuln-list-alt/oval/c10f1/ALT-PU-2020-1410/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

441 lines
20 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20201410",
"Version": "oval:org.altlinux.errata:def:20201410",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-1410: package `libde265` update to version 1.0.5-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-1410",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-1410",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-01699",
"RefURL": "https://bdu.fstec.ru/vul/2022-01699",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01736",
"RefURL": "https://bdu.fstec.ru/vul/2022-01736",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01745",
"RefURL": "https://bdu.fstec.ru/vul/2022-01745",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01746",
"RefURL": "https://bdu.fstec.ru/vul/2022-01746",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01747",
"RefURL": "https://bdu.fstec.ru/vul/2022-01747",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01748",
"RefURL": "https://bdu.fstec.ru/vul/2022-01748",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01749",
"RefURL": "https://bdu.fstec.ru/vul/2022-01749",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02081",
"RefURL": "https://bdu.fstec.ru/vul/2022-02081",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02082",
"RefURL": "https://bdu.fstec.ru/vul/2022-02082",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02084",
"RefURL": "https://bdu.fstec.ru/vul/2022-02084",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02085",
"RefURL": "https://bdu.fstec.ru/vul/2022-02085",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02086",
"RefURL": "https://bdu.fstec.ru/vul/2022-02086",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02087",
"RefURL": "https://bdu.fstec.ru/vul/2022-02087",
"Source": "BDU"
},
{
"RefID": "CVE-2020-21594",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21594",
"Source": "CVE"
},
{
"RefID": "CVE-2020-21595",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21595",
"Source": "CVE"
},
{
"RefID": "CVE-2020-21596",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21596",
"Source": "CVE"
},
{
"RefID": "CVE-2020-21597",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21597",
"Source": "CVE"
},
{
"RefID": "CVE-2020-21598",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21598",
"Source": "CVE"
},
{
"RefID": "CVE-2020-21599",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21599",
"Source": "CVE"
},
{
"RefID": "CVE-2020-21600",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21600",
"Source": "CVE"
},
{
"RefID": "CVE-2020-21601",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21601",
"Source": "CVE"
},
{
"RefID": "CVE-2020-21602",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21602",
"Source": "CVE"
},
{
"RefID": "CVE-2020-21603",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21603",
"Source": "CVE"
},
{
"RefID": "CVE-2020-21604",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21604",
"Source": "CVE"
},
{
"RefID": "CVE-2020-21605",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21605",
"Source": "CVE"
},
{
"RefID": "CVE-2020-21606",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21606",
"Source": "CVE"
}
],
"Description": "This update upgrades libde265 to version 1.0.5-alt1. \nSecurity Fix(es):\n\n * BDU:2022-01699: Уязвимость функции put_weighted_bipred_16_fallback реализации видеокодека h.265 Libde265, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01736: Уязвимость функции mc_luma реализации видеокодека h.265 Libde265, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01745: Уязвимость функции mc_chroma реализации видеокодека h.265 Libde265, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01746: Уязвимость функции ff_hevc_put_unweighted_pred_8_sse реализации видеокодека h.265 Libde265, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-01747: Уязвимость функции put_weighted_pred_avg_16_fallback реализации видеокодека h.265 Libde265, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01748: Уязвимость функции put_qpel_0_0_fallback_16 реализации видеокодека h.265 Libde265, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01749: Уязвимость функции apply_sao_internal реализации видеокодека h.265 Libde265, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02081: Уязвимость функции put_epel_hv_fallback реализации видеокодека h.265 Libde265, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02082: Уязвимость функции decode_CABAC_bit реализации видеокодека h.265 Libde265, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02084: Уязвимость функции de265_image::available_zscan реализации видеокодека h.265 Libde265, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02085: Уязвимость функции put_qpel_fallback реализации видеокодека h.265 Libde265, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02086: Уязвимость функции _mm_loadl_epi64 реализации видеокодека h.265 Libde265, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02087: Уязвимость функции put_epel_16_fallback реализации видеокодека h.265 Libde265, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2020-21594: libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.\n\n * CVE-2020-21595: libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.\n\n * CVE-2020-21596: libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.\n\n * CVE-2020-21597: libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.\n\n * CVE-2020-21598: libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.\n\n * CVE-2020-21599: libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.\n\n * CVE-2020-21600: libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.\n\n * CVE-2020-21601: libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.\n\n * CVE-2020-21602: libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.\n\n * CVE-2020-21603: libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.\n\n * CVE-2020-21604: libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.\n\n * CVE-2020-21605: libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file.\n\n * CVE-2020-21606: libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-02-28"
},
"Updated": {
"Date": "2020-02-28"
},
"BDUs": [
{
"ID": "BDU:2022-01699",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-01699",
"Impact": "Low",
"Public": "20191224"
},
{
"ID": "BDU:2022-01736",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-01736",
"Impact": "Low",
"Public": "20191224"
},
{
"ID": "BDU:2022-01745",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-01745",
"Impact": "Low",
"Public": "20210916"
},
{
"ID": "BDU:2022-01746",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-01746",
"Impact": "High",
"Public": "20210916"
},
{
"ID": "BDU:2022-01747",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-01747",
"Impact": "Low",
"Public": "20191224"
},
{
"ID": "BDU:2022-01748",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-01748",
"Impact": "Low",
"Public": "20191224"
},
{
"ID": "BDU:2022-01749",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2022-01749",
"Impact": "Low",
"Public": "20191224"
},
{
"ID": "BDU:2022-02081",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-02081",
"Impact": "Low",
"Public": "20191224"
},
{
"ID": "BDU:2022-02082",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2022-02082",
"Impact": "Low",
"Public": "20191224"
},
{
"ID": "BDU:2022-02084",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-02084",
"Impact": "Low",
"Public": "20191224"
},
{
"ID": "BDU:2022-02085",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-02085",
"Impact": "Low",
"Public": "20191224"
},
{
"ID": "BDU:2022-02086",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-02086",
"Impact": "Low",
"Public": "20191224"
},
{
"ID": "BDU:2022-02087",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-02087",
"Impact": "Low",
"Public": "20191224"
}
],
"CVEs": [
{
"ID": "CVE-2020-21594",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21594",
"Impact": "Low",
"Public": "20210916"
},
{
"ID": "CVE-2020-21595",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21595",
"Impact": "Low",
"Public": "20210916"
},
{
"ID": "CVE-2020-21596",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21596",
"Impact": "Low",
"Public": "20210916"
},
{
"ID": "CVE-2020-21597",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21597",
"Impact": "Low",
"Public": "20210916"
},
{
"ID": "CVE-2020-21598",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21598",
"Impact": "High",
"Public": "20210916"
},
{
"ID": "CVE-2020-21599",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21599",
"Impact": "Low",
"Public": "20210916"
},
{
"ID": "CVE-2020-21600",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21600",
"Impact": "Low",
"Public": "20210916"
},
{
"ID": "CVE-2020-21601",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21601",
"Impact": "Low",
"Public": "20210916"
},
{
"ID": "CVE-2020-21602",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21602",
"Impact": "Low",
"Public": "20210916"
},
{
"ID": "CVE-2020-21603",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21603",
"Impact": "Low",
"Public": "20210916"
},
{
"ID": "CVE-2020-21604",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21604",
"Impact": "Low",
"Public": "20210916"
},
{
"ID": "CVE-2020-21605",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21605",
"Impact": "Low",
"Public": "20210916"
},
{
"ID": "CVE-2020-21606",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21606",
"Impact": "Low",
"Public": "20210916"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20201410001",
"Comment": "libde265 is earlier than 0:1.0.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201410002",
"Comment": "libde265-devel is earlier than 0:1.0.5-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink