141 lines
5.7 KiB
JSON
141 lines
5.7 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20222960",
|
||
"Version": "oval:org.altlinux.errata:def:20222960",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2022-2960: package `php8.0` update to version 8.0.25-alt1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch p11"
|
||
],
|
||
"Products": [
|
||
"ALT Container"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2022-2960",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-2960",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2022-06445",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2022-06445",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2022-07409",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2022-07409",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2022-31630",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-31630",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2022-37454",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-37454",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades php8.0 to version 8.0.25-alt1. \nSecurity Fix(es):\n\n * BDU:2022-06445: Уязвимость криптографической хэш-функции SHA-3 программного пакета eXtended Keccak Code Package (XKCP), позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-07409: Уязвимость функции imageloadfont() интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании\n\n * CVE-2022-31630: In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. \n\n * CVE-2022-37454: The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "Critical",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2022-10-31"
|
||
},
|
||
"Updated": {
|
||
"Date": "2022-10-31"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2022-06445",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-20, CWE-120",
|
||
"Href": "https://bdu.fstec.ru/vul/2022-06445",
|
||
"Impact": "Critical",
|
||
"Public": "20221021"
|
||
},
|
||
{
|
||
"ID": "BDU:2022-07409",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:C/I:N/A:C",
|
||
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
|
||
"CWE": "CWE-125, CWE-131, CWE-190",
|
||
"Href": "https://bdu.fstec.ru/vul/2022-07409",
|
||
"Impact": "High",
|
||
"Public": "20221114"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2022-31630",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
|
||
"CWE": "CWE-125",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-31630",
|
||
"Impact": "High",
|
||
"Public": "20221114"
|
||
},
|
||
{
|
||
"ID": "CVE-2022-37454",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-190",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-37454",
|
||
"Impact": "Critical",
|
||
"Public": "20221021"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:container:11"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20222960001",
|
||
"Comment": "php8.0 is earlier than 0:8.0.25-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20222960002",
|
||
"Comment": "php8.0-devel is earlier than 0:8.0.25-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20222960003",
|
||
"Comment": "php8.0-libs is earlier than 0:8.0.25-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20222960004",
|
||
"Comment": "php8.0-mysqlnd is earlier than 0:8.0.25-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20222960005",
|
||
"Comment": "rpm-build-php8.0-version is earlier than 0:8.0.25-alt1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |