pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2021-1803/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

163 lines
6.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20211803",
"Version": "oval:org.altlinux.errata:def:20211803",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-1803: package `klibc` update to version 2.0.9-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-1803",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1803",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-05232",
"RefURL": "https://bdu.fstec.ru/vul/2021-05232",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05239",
"RefURL": "https://bdu.fstec.ru/vul/2021-05239",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05247",
"RefURL": "https://bdu.fstec.ru/vul/2021-05247",
"Source": "BDU"
},
{
"RefID": "CVE-2021-31870",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-31870",
"Source": "CVE"
},
{
"RefID": "CVE-2021-31871",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-31871",
"Source": "CVE"
},
{
"RefID": "CVE-2021-31873",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-31873",
"Source": "CVE"
}
],
"Description": "This update upgrades klibc to version 2.0.9-alt1. \nSecurity Fix(es):\n\n * BDU:2021-05232: Уязвимость функции malloc() библиотеки среды выполнения Klibc, связанная с целочисленным переполнением, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-05239: Уязвимость команды cpio библиотеки среды выполнения Klibc на 64-битных системах, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-05247: Уязвимость функции calloc() библиотеки среды выполнения Klibc, связанная с целочисленным переполнением, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2021-31870: An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow.\n\n * CVE-2021-31871: An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.\n\n * CVE-2021-31873: An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-05-14"
},
"Updated": {
"Date": "2021-05-14"
},
"BDUs": [
{
"ID": "BDU:2021-05232",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-05232",
"Impact": "Critical",
"Public": "20210428"
},
{
"ID": "BDU:2021-05239",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-05239",
"Impact": "High",
"Public": "20210428"
},
{
"ID": "BDU:2021-05247",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-05247",
"Impact": "Critical",
"Public": "20210428"
}
],
"CVEs": [
{
"ID": "CVE-2021-31870",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-31870",
"Impact": "Critical",
"Public": "20210430"
},
{
"ID": "CVE-2021-31871",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-31871",
"Impact": "High",
"Public": "20210430"
},
{
"ID": "CVE-2021-31873",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-31873",
"Impact": "Critical",
"Public": "20210430"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20211803001",
"Comment": "klibc is earlier than 0:2.0.9-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211803002",
"Comment": "klibc-devel is earlier than 0:2.0.9-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211803003",
"Comment": "klibc-utils is earlier than 0:2.0.9-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink