vuln-list-alt/oval/p11/ALT-PU-2019-3161/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20193161",
      "Version": "oval:org.altlinux.errata:def:20193161",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2019-3161: package `php7` update to version 7.3.11-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2019-3161",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2019-3161",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2020-00013",
            "RefURL": "https://bdu.fstec.ru/vul/2020-00013",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2019-11043",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11043",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades php7 to version 7.3.11-alt1. \nSecurity Fix(es):\n\n * BDU:2020-00013: Уязвимость компонента sapi/fpm/fpm/fpm_main.c расширения PHP-FPM интерпретатора языка программирования PHP, позволяющая нарушителю выполнять произвольные команды\n\n * CVE-2019-11043: In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Critical",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2019-11-21"
          },
          "Updated": {
            "Date": "2019-11-21"
          },
          "BDUs": [
            {
              "ID": "BDU:2020-00013",
              "CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:N",
              "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
              "CWE": "CWE-120, CWE-787",
              "Href": "https://bdu.fstec.ru/vul/2020-00013",
              "Impact": "High",
              "Public": "20191028"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2019-11043",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-787",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11043",
              "Impact": "Critical",
              "Public": "20191028"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20193161001",
                "Comment": "php7 is earlier than 0:7.3.11-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20193161002",
                "Comment": "php7-devel is earlier than 0:7.3.11-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20193161003",
                "Comment": "php7-libs is earlier than 0:7.3.11-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20193161004",
                "Comment": "php7-mysqlnd is earlier than 0:7.3.11-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20193161005",
                "Comment": "rpm-build-php7-version is earlier than 0:7.3.11-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}