151 lines
6.2 KiB
JSON
151 lines
6.2 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20172857",
|
||
"Version": "oval:org.altlinux.errata:def:20172857",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2017-2857: package `librsvg` update to version 2.41.2-alt1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch p11"
|
||
],
|
||
"Products": [
|
||
"ALT Container"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2017-2857",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-2857",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2018-01491",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2018-01491",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-00123",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-00123",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2018-1000041",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000041",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2019-20446",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-20446",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades librsvg to version 2.41.2-alt1. \nSecurity Fix(es):\n\n * BDU:2018-01491: Уязвимость библиотеки отрисовки векторной графики librsvg, связанная с ошибкой при проверке ввода данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-00123: Уязвимость множества функций из xml.rs библиотеки отрисовки векторной графики librsvg, связанная с ошибкой механизма контроля расходуемых ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2018-1000041: GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.\n\n * CVE-2019-20446: In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "High",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2017-12-31"
|
||
},
|
||
"Updated": {
|
||
"Date": "2017-12-31"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2018-01491",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-255",
|
||
"Href": "https://bdu.fstec.ru/vul/2018-01491",
|
||
"Impact": "High",
|
||
"Public": "20180209"
|
||
},
|
||
{
|
||
"ID": "BDU:2021-00123",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-400",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-00123",
|
||
"Impact": "Low",
|
||
"Public": "20200202"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2018-1000041",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "NVD-CWE-noinfo",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000041",
|
||
"Impact": "High",
|
||
"Public": "20180209"
|
||
},
|
||
{
|
||
"ID": "CVE-2019-20446",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-400",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-20446",
|
||
"Impact": "Low",
|
||
"Public": "20200202"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:container:11"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172857001",
|
||
"Comment": "librsvg is earlier than 1:2.41.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172857002",
|
||
"Comment": "librsvg-devel is earlier than 1:2.41.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172857003",
|
||
"Comment": "librsvg-devel-doc is earlier than 1:2.41.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172857004",
|
||
"Comment": "librsvg-gir is earlier than 1:2.41.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172857005",
|
||
"Comment": "librsvg-gir-devel is earlier than 1:2.41.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172857006",
|
||
"Comment": "librsvg-utils is earlier than 1:2.41.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172857007",
|
||
"Comment": "librsvg-utils-gtk3 is earlier than 1:2.41.2-alt1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |