pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2018-1702/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

262 lines
12 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20181702",
"Version": "oval:org.altlinux.errata:def:20181702",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-1702: package `php5` update to version 5.6.36-alt1.S1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-1702",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-1702",
"Source": "ALTPU"
},
{
"RefID": "BDU:2018-00525",
"RefURL": "https://bdu.fstec.ru/vul/2018-00525",
"Source": "BDU"
},
{
"RefID": "BDU:2018-01504",
"RefURL": "https://bdu.fstec.ru/vul/2018-01504",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04233",
"RefURL": "https://bdu.fstec.ru/vul/2019-04233",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04234",
"RefURL": "https://bdu.fstec.ru/vul/2019-04234",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04235",
"RefURL": "https://bdu.fstec.ru/vul/2019-04235",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04236",
"RefURL": "https://bdu.fstec.ru/vul/2019-04236",
"Source": "BDU"
},
{
"RefID": "CVE-2018-10545",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-10545",
"Source": "CVE"
},
{
"RefID": "CVE-2018-10546",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-10546",
"Source": "CVE"
},
{
"RefID": "CVE-2018-10547",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-10547",
"Source": "CVE"
},
{
"RefID": "CVE-2018-10548",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-10548",
"Source": "CVE"
},
{
"RefID": "CVE-2018-10549",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-10549",
"Source": "CVE"
},
{
"RefID": "CVE-2018-7584",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7584",
"Source": "CVE"
}
],
"Description": "This update upgrades php5 to version 5.6.36-alt1.S1. \nSecurity Fix(es):\n\n * BDU:2018-00525: Уязвимость функции php_stream_url_wrap_http_ex интерпретатора PHP, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2018-01504: Уязвимость функции ldap_get_dn интерпретатора PHP, связанная с ошибкой разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04233: Уязвимость дочерних FPM-процессов интерпретатора языка программирования PHP, позволяющая нарушителю обойти проверку доступа opcache и получить несанкционированный доступ к защищаемой информации\n\n * BDU:2019-04234: Уязвимость потокового фильтра iconv (ext/iconv/iconv.c) интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04235: Уязвимость компонента ext/phar/phar_object.c интерпретатора языка программирования PHP, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)\n\n * BDU:2019-04236: Уязвимость функции exif_read_data (ext/exif/exif.c) интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * CVE-2018-10545: An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.\n\n * CVE-2018-10546: An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.\n\n * CVE-2018-10547: An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.\n\n * CVE-2018-10548: An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.\n\n * CVE-2018-10549: An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\\0' character.\n\n * CVE-2018-7584: In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.\n\n * #34143: [FR] собирать без pcre jit на e2k",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-05-12"
},
"Updated": {
"Date": "2018-05-12"
},
"BDUs": [
{
"ID": "BDU:2018-00525",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2018-00525",
"Impact": "Critical",
"Public": "20180301"
},
{
"ID": "BDU:2018-01504",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2018-01504",
"Impact": "High",
"Public": "20180429"
},
{
"ID": "BDU:2019-04233",
"CVSS": "AV:L/AC:H/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2019-04233",
"Impact": "Low",
"Public": "20180329"
},
{
"ID": "BDU:2019-04234",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2019-04234",
"Impact": "High",
"Public": "20180426"
},
{
"ID": "BDU:2019-04235",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://bdu.fstec.ru/vul/2019-04235",
"Impact": "Low",
"Public": "20180426"
},
{
"ID": "BDU:2019-04236",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-04236",
"Impact": "High",
"Public": "20180426"
}
],
"CVEs": [
{
"ID": "CVE-2018-10545",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-10545",
"Impact": "Low",
"Public": "20180429"
},
{
"ID": "CVE-2018-10546",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-10546",
"Impact": "High",
"Public": "20180429"
},
{
"ID": "CVE-2018-10547",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-10547",
"Impact": "Low",
"Public": "20180429"
},
{
"ID": "CVE-2018-10548",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-10548",
"Impact": "High",
"Public": "20180429"
},
{
"ID": "CVE-2018-10549",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-10549",
"Impact": "High",
"Public": "20180429"
},
{
"ID": "CVE-2018-7584",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-7584",
"Impact": "Critical",
"Public": "20180301"
}
],
"Bugzilla": [
{
"ID": "34143",
"Href": "https://bugzilla.altlinux.org/34143",
"Data": "[FR] собирать без pcre jit на e2k"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20181702001",
"Comment": "php5 is earlier than 0:5.6.36-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181702002",
"Comment": "php5-devel is earlier than 0:5.6.36-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181702003",
"Comment": "php5-libs is earlier than 0:5.6.36-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181702004",
"Comment": "php5-mysqlnd is earlier than 0:5.6.36-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181702005",
"Comment": "rpm-build-php-version is earlier than 0:5.6.36-alt1.S1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink