pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2018-1905/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

173 lines
6.8 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20181905",
"Version": "oval:org.altlinux.errata:def:20181905",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-1905: package `devscripts` update to version 2.18.3-alt1_1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-1905",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-1905",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-02662",
"RefURL": "https://bdu.fstec.ru/vul/2015-02662",
"Source": "BDU"
},
{
"RefID": "BDU:2017-02344",
"RefURL": "https://bdu.fstec.ru/vul/2017-02344",
"Source": "BDU"
},
{
"RefID": "CVE-2013-6888",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6888",
"Source": "CVE"
},
{
"RefID": "CVE-2013-7050",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-7050",
"Source": "CVE"
},
{
"RefID": "CVE-2013-7325",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-7325",
"Source": "CVE"
},
{
"RefID": "CVE-2015-5704",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-5704",
"Source": "CVE"
},
{
"RefID": "CVE-2015-5705",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-5705",
"Source": "CVE"
}
],
"Description": "This update upgrades devscripts to version 2.18.3-alt1_1. \nSecurity Fix(es):\n\n * BDU:2015-02662: Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2017-02344: Уязвимость пакета сценариев devscripts (scripts/licensecheck.pl) для операционной системы Fedora, позволяющая нарушителю выполнить произвольные shell-команды\n\n * CVE-2013-6888: Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.\n\n * CVE-2013-7050: The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.\n\n * CVE-2013-7325: An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.\n\n * CVE-2015-5704: scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.\n\n * CVE-2015-5705: Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-06-16"
},
"Updated": {
"Date": "2018-06-16"
},
"BDUs": [
{
"ID": "BDU:2015-02662",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"Href": "https://bdu.fstec.ru/vul/2015-02662",
"Impact": "High",
"Public": "20140107"
},
{
"ID": "BDU:2017-02344",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-77",
"Href": "https://bdu.fstec.ru/vul/2017-02344",
"Impact": "High",
"Public": "20150804"
}
],
"CVEs": [
{
"ID": "CVE-2013-6888",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6888",
"Impact": "High",
"Public": "20140107"
},
{
"ID": "CVE-2013-7050",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-94",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-7050",
"Impact": "Low",
"Public": "20131213"
},
{
"ID": "CVE-2013-7325",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-7325",
"Impact": "High",
"Public": "20191203"
},
{
"ID": "CVE-2015-5704",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-77",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-5704",
"Impact": "High",
"Public": "20170925"
},
{
"ID": "CVE-2015-5705",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-59",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-5705",
"Impact": "High",
"Public": "20170906"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20181905001",
"Comment": "checkbashisms is earlier than 0:2.18.3-alt1_1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181905002",
"Comment": "devscripts is earlier than 0:2.18.3-alt1_1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181905003",
"Comment": "python3-module-devscripts is earlier than 0:2.18.3-alt1_1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink