pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2016-1082/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

141 lines
5.3 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20161082",
"Version": "oval:org.altlinux.errata:def:20161082",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2016-1082: package `cabextract` update to version 1.6-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2016-1082",
"RefURL": "https://errata.altlinux.org/ALT-PU-2016-1082",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-01873",
"RefURL": "https://bdu.fstec.ru/vul/2020-01873",
"Source": "BDU"
},
{
"RefID": "CVE-2018-14679",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14679",
"Source": "CVE"
},
{
"RefID": "CVE-2018-14680",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14680",
"Source": "CVE"
},
{
"RefID": "CVE-2018-14681",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14681",
"Source": "CVE"
},
{
"RefID": "CVE-2018-14682",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14682",
"Source": "CVE"
}
],
"Description": "This update upgrades cabextract to version 1.6-alt1. \nSecurity Fix(es):\n\n * BDU:2020-01873: Уязвимость функции kwajd_read_headers библиотеки Libmspack и утилиты разархивации CAB-файлов СabExtract, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2018-14679: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).\n\n * CVE-2018-14680: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.\n\n * CVE-2018-14681: An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.\n\n * CVE-2018-14682: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2016-02-07"
},
"Updated": {
"Date": "2016-02-07"
},
"BDUs": [
{
"ID": "BDU:2020-01873",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-01873",
"Impact": "High",
"Public": "20171126"
}
],
"CVEs": [
{
"ID": "CVE-2018-14679",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-193",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14679",
"Impact": "Low",
"Public": "20180728"
},
{
"ID": "CVE-2018-14680",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14680",
"Impact": "Low",
"Public": "20180728"
},
{
"ID": "CVE-2018-14681",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14681",
"Impact": "High",
"Public": "20180728"
},
{
"ID": "CVE-2018-14682",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-193",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14682",
"Impact": "High",
"Public": "20180728"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20161082001",
"Comment": "cabextract is earlier than 0:1.6-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink