pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2020-1879/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

155 lines
7.0 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20201879",
"Version": "oval:org.altlinux.errata:def:20201879",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-1879: package `openssl1.1` update to version 1.1.1g-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-1879",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-1879",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-00300",
"RefURL": "https://bdu.fstec.ru/vul/2020-00300",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02873",
"RefURL": "https://bdu.fstec.ru/vul/2020-02873",
"Source": "BDU"
},
{
"RefID": "CVE-2019-1551",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-1551",
"Source": "CVE"
},
{
"RefID": "CVE-2020-1967",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-1967",
"Source": "CVE"
}
],
"Description": "This update upgrades openssl1.1 to version 1.1.1g-alt1. \nSecurity Fix(es):\n\n * BDU:2020-00300: Уязвимость функции PA-RISC CRYPTO_memcmp библиотеки OpenSSL, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * BDU:2020-02873: Уязвимость функции SSL_check_chain реализации протокола TLS библиотеки OpenSSL, связанная с с возможностью разыменования нулевого указателя в результате неправильной обработки TLS расширения «signature_algorithms_cert», позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2019-1551: There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).\n\n * CVE-2020-1967: Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-04-24"
},
"Updated": {
"Date": "2020-04-24"
},
"BDUs": [
{
"ID": "BDU:2020-00300",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2020-00300",
"Impact": "Low",
"Public": "20191206"
},
{
"ID": "BDU:2020-02873",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2020-02873",
"Impact": "High",
"Public": "20200421"
}
],
"CVEs": [
{
"ID": "CVE-2019-1551",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-1551",
"Impact": "Low",
"Public": "20191206"
},
{
"ID": "CVE-2020-1967",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-1967",
"Impact": "High",
"Public": "20200421"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20201879001",
"Comment": "libcrypto1.1 is earlier than 0:1.1.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201879002",
"Comment": "libssl-devel is earlier than 0:1.1.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201879003",
"Comment": "libssl-devel-static is earlier than 0:1.1.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201879004",
"Comment": "libssl1.1 is earlier than 0:1.1.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201879005",
"Comment": "openssl is earlier than 0:1.1.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201879006",
"Comment": "openssl-doc is earlier than 0:1.1.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201879007",
"Comment": "openssl-engines is earlier than 0:1.1.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201879008",
"Comment": "tsget is earlier than 0:1.1.1g-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink