pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2019-1060/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

295 lines
15 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20191060",
"Version": "oval:org.altlinux.errata:def:20191060",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-1060: package `php7` update to version 7.2.14-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-1060",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-1060",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-01249",
"RefURL": "https://bdu.fstec.ru/vul/2019-01249",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01287",
"RefURL": "https://bdu.fstec.ru/vul/2019-01287",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01552",
"RefURL": "https://bdu.fstec.ru/vul/2019-01552",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01553",
"RefURL": "https://bdu.fstec.ru/vul/2019-01553",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01554",
"RefURL": "https://bdu.fstec.ru/vul/2019-01554",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01555",
"RefURL": "https://bdu.fstec.ru/vul/2019-01555",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01565",
"RefURL": "https://bdu.fstec.ru/vul/2019-01565",
"Source": "BDU"
},
{
"RefID": "CVE-2018-19935",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19935",
"Source": "CVE"
},
{
"RefID": "CVE-2019-6977",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-6977",
"Source": "CVE"
},
{
"RefID": "CVE-2019-9020",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9020",
"Source": "CVE"
},
{
"RefID": "CVE-2019-9021",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9021",
"Source": "CVE"
},
{
"RefID": "CVE-2019-9022",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9022",
"Source": "CVE"
},
{
"RefID": "CVE-2019-9023",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9023",
"Source": "CVE"
},
{
"RefID": "CVE-2019-9024",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9024",
"Source": "CVE"
}
],
"Description": "This update upgrades php7 to version 7.2.14-alt1. \nSecurity Fix(es):\n\n * BDU:2019-01249: Уязвимость функции imap_mail интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-01287: Уязвимость функции gdImageColorMatch (gd_color_match.c) графической библиотеки The GD Graphics Library, позволяющая нарушителю инициировать вызовы imagecolormatch\n\n * BDU:2019-01552: Уязвимость функции чтения PHAR интерпретатора языка программирования PHP, связанная с чтением за пределами границ буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании, нарушить конфиденциальность и целостность защищаемых данных\n\n * BDU:2019-01553: Уязвимость функции чтения PHAR dns_get_record интерпретатора языка программирования PHP, связанная с чтением за пределами границ буфера памяти, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * BDU:2019-01554: Уязвимость в интерпретаторе языка программирования PHP, связанная с чтением за пределами границ буфера динамической памяти, позволяющая нарушителю вызвать отказ в обслуживании, нарушить конфиденциальность и целостность защищаемых данных\n\n * BDU:2019-01555: Уязвимость функции xmlrpc_decode() расширения XMLRPC интерпретатора языка программирования PHP, связана с чтением данных за границами буфера памяти, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * BDU:2019-01565: Уязвимость функции xml_elem_parse_buf() интерпретатора языка программирования PHP, связанная с чтением за пределами границ буфера памяти, позволяющая нарушителю получить несанкционированный доступ к защищаемым данным\n\n * CVE-2018-19935: ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.\n\n * CVE-2019-6977: gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.\n\n * CVE-2019-9020: An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.\n\n * CVE-2019-9021: An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.\n\n * CVE-2019-9022: An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.\n\n * CVE-2019-9023: An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.\n\n * CVE-2019-9024: An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.\n\n * #34521: В php7-mysqlnd упакован .a-архив\n\n * #35856: [PATCH] собираемость lcc-1.23",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-01-17"
},
"Updated": {
"Date": "2019-01-17"
},
"BDUs": [
{
"ID": "BDU:2019-01249",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2019-01249",
"Impact": "High",
"Public": "20181207"
},
{
"ID": "BDU:2019-01287",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-01287",
"Impact": "High",
"Public": "20190117"
},
{
"ID": "BDU:2019-01552",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-01552",
"Impact": "Critical",
"Public": "20190222"
},
{
"ID": "BDU:2019-01553",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-01553",
"Impact": "High",
"Public": "20190222"
},
{
"ID": "BDU:2019-01554",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-01554",
"Impact": "Critical",
"Public": "20190222"
},
{
"ID": "BDU:2019-01555",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-01555",
"Impact": "High",
"Public": "20190222"
},
{
"ID": "BDU:2019-01565",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-01565",
"Impact": "Critical",
"Public": "20181205"
}
],
"CVEs": [
{
"ID": "CVE-2018-19935",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19935",
"Impact": "High",
"Public": "20181207"
},
{
"ID": "CVE-2019-6977",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-6977",
"Impact": "High",
"Public": "20190127"
},
{
"ID": "CVE-2019-9020",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9020",
"Impact": "Critical",
"Public": "20190222"
},
{
"ID": "CVE-2019-9021",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9021",
"Impact": "Critical",
"Public": "20190222"
},
{
"ID": "CVE-2019-9022",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9022",
"Impact": "High",
"Public": "20190222"
},
{
"ID": "CVE-2019-9023",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9023",
"Impact": "Critical",
"Public": "20190222"
},
{
"ID": "CVE-2019-9024",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9024",
"Impact": "High",
"Public": "20190222"
}
],
"Bugzilla": [
{
"ID": "34521",
"Href": "https://bugzilla.altlinux.org/34521",
"Data": "В php7-mysqlnd упакован .a-архив"
},
{
"ID": "35856",
"Href": "https://bugzilla.altlinux.org/35856",
"Data": "[PATCH] собираемость lcc-1.23"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20191060001",
"Comment": "php7 is earlier than 0:7.2.14-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191060002",
"Comment": "php7-devel is earlier than 0:7.2.14-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191060003",
"Comment": "php7-libs is earlier than 0:7.2.14-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191060004",
"Comment": "php7-mysqlnd is earlier than 0:7.2.14-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191060005",
"Comment": "rpm-build-php7-version is earlier than 0:7.2.14-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink