111 lines
4.0 KiB
JSON
111 lines
4.0 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20192544",
|
|
"Version": "oval:org.altlinux.errata:def:20192544",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2019-2544: package `libvncserver` update to version 0.9.11-alt4",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p11"
|
|
],
|
|
"Products": [
|
|
"ALT Container"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2019-2544",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-2544",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2018-01493",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2018-01493",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2018-7225",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7225",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades libvncserver to version 0.9.11-alt4. \nSecurity Fix(es):\n\n * BDU:2018-01493: Уязвимость функции rfbProcessClientNormalMessage() кроссплатформенной библиотеки LibVNCServer, позволяющая нарушителю вызвать отказ в обслуживании и получить несанкционированный доступ к конфиденциальным данным\n\n * CVE-2018-7225: An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Critical",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2019-08-27"
|
|
},
|
|
"Updated": {
|
|
"Date": "2019-08-27"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2018-01493",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-190",
|
|
"Href": "https://bdu.fstec.ru/vul/2018-01493",
|
|
"Impact": "Critical",
|
|
"Public": "20180218"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2018-7225",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-190",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-7225",
|
|
"Impact": "Critical",
|
|
"Public": "20180219"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:container:11"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20192544001",
|
|
"Comment": "libvncclient0 is earlier than 0:0.9.11-alt4"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20192544002",
|
|
"Comment": "libvncserver is earlier than 0:0.9.11-alt4"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20192544003",
|
|
"Comment": "libvncserver-devel is earlier than 0:0.9.11-alt4"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20192544004",
|
|
"Comment": "libvncserver0 is earlier than 0:0.9.11-alt4"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |