154 lines
6.5 KiB
JSON
154 lines
6.5 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20211001",
|
||
"Version": "oval:org.altlinux.errata:def:20211001",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2021-1001: package `ImageMagick` update to version 6.9.11.53-alt1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch p11"
|
||
],
|
||
"Products": [
|
||
"ALT Container"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2021-1001",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1001",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-01009",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-01009",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-03444",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-03444",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2020-27752",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-27752",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2020-29599",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-29599",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades ImageMagick to version 6.9.11.53-alt1. \nSecurity Fix(es):\n\n * BDU:2021-01009: Уязвимость консольного графического редактора ImageMagick, вызванная переполнением буфера, позволяющая нарушителю оказать воздействие на целостность и доступность защищаемой информации\n\n * BDU:2021-03444: Уязвимость опции -authenticate консольного графического редактора ImageMagick, связанная с ошибками в обработке XML-запросов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2020-27752: A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.\n\n * CVE-2020-29599: ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "High",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2021-01-02"
|
||
},
|
||
"Updated": {
|
||
"Date": "2021-01-02"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2021-01009",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:C",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
|
||
"CWE": "CWE-122, CWE-787",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-01009",
|
||
"Impact": "High",
|
||
"Public": "20201208"
|
||
},
|
||
{
|
||
"ID": "BDU:2021-03444",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
|
||
"CWE": "CWE-91",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-03444",
|
||
"Impact": "High",
|
||
"Public": "20201121"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2020-27752",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-27752",
|
||
"Impact": "High",
|
||
"Public": "20201208"
|
||
},
|
||
{
|
||
"ID": "CVE-2020-29599",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-91",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-29599",
|
||
"Impact": "High",
|
||
"Public": "20201207"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:container:11"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20211001001",
|
||
"Comment": "ImageMagick is earlier than 0:6.9.11.53-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20211001002",
|
||
"Comment": "ImageMagick-doc is earlier than 0:6.9.11.53-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20211001003",
|
||
"Comment": "ImageMagick-tools is earlier than 0:6.9.11.53-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20211001004",
|
||
"Comment": "libImageMagick++6.8 is earlier than 0:6.9.11.53-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20211001005",
|
||
"Comment": "libImageMagick-devel is earlier than 0:6.9.11.53-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20211001006",
|
||
"Comment": "libImageMagick6-common is earlier than 0:6.9.11.53-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20211001007",
|
||
"Comment": "libImageMagick6.6 is earlier than 0:6.9.11.53-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20211001008",
|
||
"Comment": "perl-Magick is earlier than 0:6.9.11.53-alt1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |