pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2020-2503/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

415 lines
18 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20202503",
"Version": "oval:org.altlinux.errata:def:20202503",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-2503: package `vlc` update to version 3.0.11.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-2503",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-2503",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-02233",
"RefURL": "https://bdu.fstec.ru/vul/2022-02233",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02238",
"RefURL": "https://bdu.fstec.ru/vul/2022-02238",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02239",
"RefURL": "https://bdu.fstec.ru/vul/2022-02239",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02240",
"RefURL": "https://bdu.fstec.ru/vul/2022-02240",
"Source": "BDU"
},
{
"RefID": "CVE-2021-25801",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-25801",
"Source": "CVE"
},
{
"RefID": "CVE-2021-25802",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-25802",
"Source": "CVE"
},
{
"RefID": "CVE-2021-25803",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-25803",
"Source": "CVE"
},
{
"RefID": "CVE-2021-25804",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-25804",
"Source": "CVE"
}
],
"Description": "This update upgrades vlc to version 3.0.11.1-alt1. \nSecurity Fix(es):\n\n * BDU:2022-02233: Уязвимость компонента avi.c медиаплеера VLC Media Player, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02238: Уязвимость компонента vlc_input_attachment_New медиаплеера VLC Media Player, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * BDU:2022-02239: Уязвимость компонента AVI_ExtractSubtitle медиаплеера VLC Media Player, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * BDU:2022-02240: Уязвимость компонента __Parse_indx медиаплеера VLC Media Player, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * CVE-2021-25801: A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.\n\n * CVE-2021-25802: A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.\n\n * CVE-2021-25803: A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.\n\n * CVE-2021-25804: A NULL-pointer dereference in \"Open\" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-08-05"
},
"Updated": {
"Date": "2020-08-05"
},
"BDUs": [
{
"ID": "BDU:2022-02233",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2022-02233",
"Impact": "High",
"Public": "20210726"
},
{
"ID": "BDU:2022-02238",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2022-02238",
"Impact": "High",
"Public": "20210726"
},
{
"ID": "BDU:2022-02239",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2022-02239",
"Impact": "High",
"Public": "20200726"
},
{
"ID": "BDU:2022-02240",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2022-02240",
"Impact": "High",
"Public": "20201022"
}
],
"CVEs": [
{
"ID": "CVE-2021-25801",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-25801",
"Impact": "High",
"Public": "20210726"
},
{
"ID": "CVE-2021-25802",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-25802",
"Impact": "High",
"Public": "20210726"
},
{
"ID": "CVE-2021-25803",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-25803",
"Impact": "High",
"Public": "20210726"
},
{
"ID": "CVE-2021-25804",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-25804",
"Impact": "High",
"Public": "20210726"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20202503001",
"Comment": "fortunes-vlc is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503002",
"Comment": "libvlc is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503003",
"Comment": "libvlc-devel is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503004",
"Comment": "vim-plugin-vlc-syntax is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503005",
"Comment": "vlc is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503006",
"Comment": "vlc-interface-lirc is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503007",
"Comment": "vlc-interface-ncurses is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503008",
"Comment": "vlc-interface-qt is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503009",
"Comment": "vlc-interface-skins2 is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503010",
"Comment": "vlc-maxi is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503011",
"Comment": "vlc-mini is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503012",
"Comment": "vlc-plugin-aa is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503013",
"Comment": "vlc-plugin-ass is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503014",
"Comment": "vlc-plugin-audiocd is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503015",
"Comment": "vlc-plugin-bluray is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503016",
"Comment": "vlc-plugin-chromaprint is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503017",
"Comment": "vlc-plugin-dbus is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503018",
"Comment": "vlc-plugin-dv is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503019",
"Comment": "vlc-plugin-dvdnav is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503020",
"Comment": "vlc-plugin-dvdread is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503021",
"Comment": "vlc-plugin-ffmpeg is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503022",
"Comment": "vlc-plugin-flac is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503023",
"Comment": "vlc-plugin-fluidsynth is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503024",
"Comment": "vlc-plugin-framebuffer is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503025",
"Comment": "vlc-plugin-freetype is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503026",
"Comment": "vlc-plugin-globalhotkeys is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503027",
"Comment": "vlc-plugin-gnutls is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503028",
"Comment": "vlc-plugin-h264 is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503029",
"Comment": "vlc-plugin-h265 is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503030",
"Comment": "vlc-plugin-jack is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503031",
"Comment": "vlc-plugin-linsys is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503032",
"Comment": "vlc-plugin-live555 is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503033",
"Comment": "vlc-plugin-matroska is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503034",
"Comment": "vlc-plugin-modplug is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503035",
"Comment": "vlc-plugin-mpeg2 is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503036",
"Comment": "vlc-plugin-mtp is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503037",
"Comment": "vlc-plugin-musepack is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503038",
"Comment": "vlc-plugin-notify is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503039",
"Comment": "vlc-plugin-ogg is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503040",
"Comment": "vlc-plugin-opus is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503041",
"Comment": "vlc-plugin-png is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503042",
"Comment": "vlc-plugin-podcast is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503043",
"Comment": "vlc-plugin-projectm is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503044",
"Comment": "vlc-plugin-pulseaudio is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503045",
"Comment": "vlc-plugin-realrtsp is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503046",
"Comment": "vlc-plugin-schroedinger is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503047",
"Comment": "vlc-plugin-shout is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503048",
"Comment": "vlc-plugin-smb is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503049",
"Comment": "vlc-plugin-speex is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503050",
"Comment": "vlc-plugin-svg is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503051",
"Comment": "vlc-plugin-taglib is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503052",
"Comment": "vlc-plugin-theora is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503053",
"Comment": "vlc-plugin-twolame is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503054",
"Comment": "vlc-plugin-upnp is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503055",
"Comment": "vlc-plugin-v4l is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503056",
"Comment": "vlc-plugin-videocd is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503057",
"Comment": "vlc-plugin-vpx is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503058",
"Comment": "vlc-plugin-xcb is earlier than 0:3.0.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202503059",
"Comment": "vlc-plugin-xml is earlier than 0:3.0.11.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink