pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2024-16262/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

166 lines
7.0 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416262",
"Version": "oval:org.altlinux.errata:def:202416262",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16262: package `php8.2` update to version 8.2.26-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16262",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16262",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-09951",
"RefURL": "https://bdu.fstec.ru/vul/2024-09951",
"Source": "BDU"
},
{
"RefID": "CVE-2024-11233",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-11233",
"Source": "CVE"
},
{
"RefID": "CVE-2024-11234",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-11234",
"Source": "CVE"
},
{
"RefID": "CVE-2024-11236",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-11236",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8929",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8929",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8932",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8932",
"Source": "CVE"
}
],
"Description": "This update upgrades php8.2 to version 8.2.26-alt1. \nSecurity Fix(es):\n\n * BDU:2024-09951: Уязвимость компонентов dblib и firebird интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2024-11233: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.\n\n * CVE-2024-11234: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and \"request_fulluri\" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.\n\n * CVE-2024-11236: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.\n\n * CVE-2024-8929: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.\n\n * CVE-2024-8932: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-02"
},
"Updated": {
"Date": "2024-12-02"
},
"BDUs": [
{
"ID": "BDU:2024-09951",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2024-09951",
"Impact": "Critical",
"Public": "20241120"
}
],
"CVEs": [
{
"ID": "CVE-2024-11233",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-11233",
"Impact": "High",
"Public": "20241124"
},
{
"ID": "CVE-2024-11234",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"CWE": "CWE-74",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-11234",
"Impact": "High",
"Public": "20241124"
},
{
"ID": "CVE-2024-11236",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-11236",
"Impact": "Critical",
"Public": "20241124"
},
{
"ID": "CVE-2024-8929",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8929",
"Impact": "None",
"Public": "20241122"
},
{
"ID": "CVE-2024-8932",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8932",
"Impact": "None",
"Public": "20241122"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416262001",
"Comment": "php8.2 is earlier than 0:8.2.26-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416262002",
"Comment": "php8.2-devel is earlier than 0:8.2.26-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416262003",
"Comment": "php8.2-libs is earlier than 0:8.2.26-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416262004",
"Comment": "php8.2-mysqlnd is earlier than 0:8.2.26-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416262005",
"Comment": "php8.2-openssl is earlier than 0:8.2.26-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416262006",
"Comment": "rpm-build-php8.2-version is earlier than 0:8.2.26-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink