pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2019-3114/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

405 lines
20 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20193114",
"Version": "oval:org.altlinux.errata:def:20193114",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-3114: package `glibc` update to version 2.30-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-3114",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-3114",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-00571",
"RefURL": "https://bdu.fstec.ru/vul/2019-00571",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00682",
"RefURL": "https://bdu.fstec.ru/vul/2019-00682",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01066",
"RefURL": "https://bdu.fstec.ru/vul/2019-01066",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01242",
"RefURL": "https://bdu.fstec.ru/vul/2019-01242",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01772",
"RefURL": "https://bdu.fstec.ru/vul/2019-01772",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01773",
"RefURL": "https://bdu.fstec.ru/vul/2019-01773",
"Source": "BDU"
},
{
"RefID": "BDU:2020-04530",
"RefURL": "https://bdu.fstec.ru/vul/2020-04530",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05821",
"RefURL": "https://bdu.fstec.ru/vul/2021-05821",
"Source": "BDU"
},
{
"RefID": "CVE-2009-5155",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2009-5155",
"Source": "CVE"
},
{
"RefID": "CVE-2015-8985",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-8985",
"Source": "CVE"
},
{
"RefID": "CVE-2016-10739",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10739",
"Source": "CVE"
},
{
"RefID": "CVE-2018-11236",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-11236",
"Source": "CVE"
},
{
"RefID": "CVE-2018-11237",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-11237",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19591",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19591",
"Source": "CVE"
},
{
"RefID": "CVE-2018-20796",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796",
"Source": "CVE"
},
{
"RefID": "CVE-2019-6488",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-6488",
"Source": "CVE"
},
{
"RefID": "CVE-2019-7309",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-7309",
"Source": "CVE"
},
{
"RefID": "CVE-2019-9169",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9169",
"Source": "CVE"
},
{
"RefID": "CVE-2019-9192",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192",
"Source": "CVE"
}
],
"Description": "This update upgrades glibc to version 2.30-alt1. \nSecurity Fix(es):\n\n * BDU:2019-00571: Уязвимость функции getaddrinfo библиотеки libc6, позволяющая нарушителю вызвать исчерпание оперативной памяти в целевой системе\n\n * BDU:2019-00682: Уязвимость функции the __memmove_avx_unaligned_erms библиотеки, обеспечивающей системные вызовы и основные функции glibc, позволяющая нарушителю вызвать сбой в работе приложения\n\n * BDU:2019-01066: Уязвимость функции memcmp библиотеки GNU C (glibc), связанная с недостаточной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-01242: Уязвимость функции proceed_next_node в библиотеке GNU C, связанная с возможностью чтения за границей буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-01772: Уязвимость реализации функции mempcpy библиотеки, обеспечивающей системные вызовы и основные функции glibc, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-01773: Уязвимость функции mempcpy библиотеки, обеспечивающей системные вызовы и основные функции glibc, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2020-04530: Уязвимость библиотеки glibc, связанная с неконтролируемой рекурсии при поиске совпадений по регулярному выражению, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-05821: Уязвимость функции parse_reg_exp библиотеки glibc, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2009-5155: In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.\n\n * CVE-2015-8985: The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.\n\n * CVE-2016-10739: In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.\n\n * CVE-2018-11236: stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.\n\n * CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.\n\n * CVE-2018-19591: In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.\n\n * CVE-2018-20796: In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.\n\n * CVE-2019-6488: The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.\n\n * CVE-2019-7309: In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.\n\n * CVE-2019-9169: In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.\n\n * CVE-2019-9192: In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-11-11"
},
"Updated": {
"Date": "2019-11-11"
},
"BDUs": [
{
"ID": "BDU:2019-00571",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2019-00571",
"Impact": "High",
"Public": "20180412"
},
{
"ID": "BDU:2019-00682",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2019-00682",
"Impact": "Low",
"Public": "20190116"
},
{
"ID": "BDU:2019-01066",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-01066",
"Impact": "Low",
"Public": "20181127"
},
{
"ID": "BDU:2019-01242",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-01242",
"Impact": "Critical",
"Public": "20190312"
},
{
"ID": "BDU:2019-01772",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-01772",
"Impact": "High",
"Public": "20180517"
},
{
"ID": "BDU:2019-01773",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-01773",
"Impact": "Critical",
"Public": "20180204"
},
{
"ID": "BDU:2020-04530",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://bdu.fstec.ru/vul/2020-04530",
"Impact": "High",
"Public": "20190225"
},
{
"ID": "BDU:2021-05821",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-19",
"Href": "https://bdu.fstec.ru/vul/2021-05821",
"Impact": "High",
"Public": "20091204"
}
],
"CVEs": [
{
"ID": "CVE-2009-5155",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-19",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2009-5155",
"Impact": "High",
"Public": "20190226"
},
{
"ID": "CVE-2015-8985",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-19",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-8985",
"Impact": "Low",
"Public": "20170320"
},
{
"ID": "CVE-2016-10739",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10739",
"Impact": "Low",
"Public": "20190121"
},
{
"ID": "CVE-2018-11236",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-11236",
"Impact": "Critical",
"Public": "20180518"
},
{
"ID": "CVE-2018-11237",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-11237",
"Impact": "High",
"Public": "20180518"
},
{
"ID": "CVE-2018-19591",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19591",
"Impact": "High",
"Public": "20181204"
},
{
"ID": "CVE-2018-20796",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796",
"Impact": "High",
"Public": "20190226"
},
{
"ID": "CVE-2019-6488",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-404",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-6488",
"Impact": "High",
"Public": "20190118"
},
{
"ID": "CVE-2019-7309",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-7309",
"Impact": "Low",
"Public": "20190203"
},
{
"ID": "CVE-2019-9169",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9169",
"Impact": "Critical",
"Public": "20190226"
},
{
"ID": "CVE-2019-9192",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192",
"Impact": "High",
"Public": "20190226"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20193114001",
"Comment": "glibc is earlier than 6:2.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193114002",
"Comment": "glibc-core is earlier than 6:2.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193114003",
"Comment": "glibc-debug is earlier than 6:2.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193114004",
"Comment": "glibc-devel is earlier than 6:2.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193114005",
"Comment": "glibc-devel-static is earlier than 6:2.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193114006",
"Comment": "glibc-doc is earlier than 6:2.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193114007",
"Comment": "glibc-gconv-modules is earlier than 6:2.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193114008",
"Comment": "glibc-i18ndata is earlier than 6:2.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193114009",
"Comment": "glibc-locales is earlier than 6:2.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193114010",
"Comment": "glibc-nss is earlier than 6:2.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193114011",
"Comment": "glibc-preinstall is earlier than 6:2.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193114012",
"Comment": "glibc-pthread is earlier than 6:2.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193114013",
"Comment": "glibc-source is earlier than 6:2.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193114014",
"Comment": "glibc-timezones is earlier than 6:2.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193114015",
"Comment": "glibc-utils is earlier than 6:2.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193114016",
"Comment": "iconv is earlier than 6:2.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193114017",
"Comment": "libnsl1 is earlier than 6:2.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193114018",
"Comment": "nscd is earlier than 6:2.30-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink