pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2021-2008/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

155 lines
6.2 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20212008",
"Version": "oval:org.altlinux.errata:def:20212008",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-2008: package `tor` update to version 0.4.6.5-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-2008",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-2008",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-04714",
"RefURL": "https://bdu.fstec.ru/vul/2021-04714",
"Source": "BDU"
},
{
"RefID": "BDU:2021-04715",
"RefURL": "https://bdu.fstec.ru/vul/2021-04715",
"Source": "BDU"
},
{
"RefID": "BDU:2021-04716",
"RefURL": "https://bdu.fstec.ru/vul/2021-04716",
"Source": "BDU"
},
{
"RefID": "CVE-2021-34548",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-34548",
"Source": "CVE"
},
{
"RefID": "CVE-2021-34549",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-34549",
"Source": "CVE"
},
{
"RefID": "CVE-2021-34550",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-34550",
"Source": "CVE"
}
],
"Description": "This update upgrades tor to version 0.4.6.5-alt1. \nSecurity Fix(es):\n\n * BDU:2021-04714: Уязвимость анонимного веб-браузера Tor, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-04715: Уязвимость функцией SSL-Proxy анонимного веб-браузера Tor, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-04716: Уязвимость анонимного веб-браузера Tor, связанная с ошибками авторизации, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2021-34548: An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.\n\n * CVE-2021-34549: An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.\n\n * CVE-2021-34550: An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-06-16"
},
"Updated": {
"Date": "2021-06-16"
},
"BDUs": [
{
"ID": "BDU:2021-04714",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2021-04714",
"Impact": "High",
"Public": "20210617"
},
{
"ID": "BDU:2021-04715",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-755",
"Href": "https://bdu.fstec.ru/vul/2021-04715",
"Impact": "High",
"Public": "20210617"
},
{
"ID": "BDU:2021-04716",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-863",
"Href": "https://bdu.fstec.ru/vul/2021-04716",
"Impact": "High",
"Public": "20210617"
}
],
"CVEs": [
{
"ID": "CVE-2021-34548",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-290",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-34548",
"Impact": "High",
"Public": "20210629"
},
{
"ID": "CVE-2021-34549",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-34549",
"Impact": "High",
"Public": "20210629"
},
{
"ID": "CVE-2021-34550",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-34550",
"Impact": "High",
"Public": "20210629"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20212008001",
"Comment": "tor is earlier than 0:0.4.6.5-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink