pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2020-2918/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

107 lines
3.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20202918",
"Version": "oval:org.altlinux.errata:def:20202918",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-2918: package `libssh2` update to version 1.9.0-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-2918",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-2918",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-05961",
"RefURL": "https://bdu.fstec.ru/vul/2022-05961",
"Source": "BDU"
},
{
"RefID": "CVE-2019-17498",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-17498",
"Source": "CVE"
}
],
"Description": "This update upgrades libssh2 to version 1.9.0-alt2. \nSecurity Fix(es):\n\n * BDU:2022-05961: Уязвимость компонента packet.c библиотеки реализации протокола SSH2 Libssh2, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * CVE-2019-17498: In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-10-02"
},
"Updated": {
"Date": "2020-10-02"
},
"BDUs": [
{
"ID": "BDU:2022-05961",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-05961",
"Impact": "High",
"Public": "20190701"
}
],
"CVEs": [
{
"ID": "CVE-2019-17498",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-17498",
"Impact": "High",
"Public": "20191021"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20202918001",
"Comment": "libssh2 is earlier than 0:1.9.0-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202918002",
"Comment": "libssh2-devel is earlier than 0:1.9.0-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202918003",
"Comment": "libssh2-docs is earlier than 0:1.9.0-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink