pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2022-3447/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

111 lines
4.1 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20223447",
"Version": "oval:org.altlinux.errata:def:20223447",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-3447: package `libxerces-c` update to version 3.2.4-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-3447",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-3447",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-03489",
"RefURL": "https://bdu.fstec.ru/vul/2021-03489",
"Source": "BDU"
},
{
"RefID": "CVE-2018-1311",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1311",
"Source": "CVE"
}
],
"Description": "This update upgrades libxerces-c to version 3.2.4-alt1. \nSecurity Fix(es):\n\n * BDU:2021-03489: Уязвимость библиотеки для работы с XML Xerces-C, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании\n\n * CVE-2018-1311: The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-12-31"
},
"Updated": {
"Date": "2022-12-31"
},
"BDUs": [
{
"ID": "BDU:2021-03489",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-03489",
"Impact": "High",
"Public": "20191226"
}
],
"CVEs": [
{
"ID": "CVE-2018-1311",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1311",
"Impact": "High",
"Public": "20191218"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20223447001",
"Comment": "libxerces-c is earlier than 0:3.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20223447002",
"Comment": "libxerces-c-devel is earlier than 0:3.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20223447003",
"Comment": "libxerces-c-doc is earlier than 0:3.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20223447004",
"Comment": "libxerces-c-utils is earlier than 0:3.2.4-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink