pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4e92ad8a0e
vuln-list-alt/oval/p10/ALT-PU-2018-1654/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

192 lines
7.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20181654",
"Version": "oval:org.altlinux.errata:def:20181654",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-1654: package `python3` update to version 3.6.4-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-1654",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-1654",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-00438",
"RefURL": "https://bdu.fstec.ru/vul/2019-00438",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01646",
"RefURL": "https://bdu.fstec.ru/vul/2023-01646",
"Source": "BDU"
},
{
"RefID": "CVE-2017-1000158",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000158",
"Source": "CVE"
},
{
"RefID": "CVE-2017-17522",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-17522",
"Source": "CVE"
}
],
"Description": "This update upgrades python3 to version 3.6.4-alt1. \nSecurity Fix(es):\n\n * BDU:2019-00438: Уязвимость функции PyString_DecodeEscape интерпретатора языка программирования Python (CPython), позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-01646: Уязвимость компонента Lib/webbrowser.py интерпретатора языка программирования Python, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2017-1000158: CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)\n\n * CVE-2017-17522: Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting\n\n * #34658: spoils buildreq results again (while reading the list of available pkgs)",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-05-04"
},
"Updated": {
"Date": "2018-05-04"
},
"BDUs": [
{
"ID": "BDU:2019-00438",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-00438",
"Impact": "Critical",
"Public": "20171117"
},
{
"ID": "BDU:2023-01646",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-74",
"Href": "https://bdu.fstec.ru/vul/2023-01646",
"Impact": "High",
"Public": "20171218"
}
],
"CVEs": [
{
"ID": "CVE-2017-1000158",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000158",
"Impact": "Critical",
"Public": "20171117"
},
{
"ID": "CVE-2017-17522",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-74",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-17522",
"Impact": "High",
"Public": "20171214"
}
],
"Bugzilla": [
{
"ID": "34658",
"Href": "https://bugzilla.altlinux.org/34658",
"Data": "spoils buildreq results again (while reading the list of available pkgs)"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20181654001",
"Comment": "libpython3 is earlier than 0:3.6.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181654002",
"Comment": "python3 is earlier than 0:3.6.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181654003",
"Comment": "python3-base is earlier than 0:3.6.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181654004",
"Comment": "python3-dev is earlier than 0:3.6.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181654005",
"Comment": "python3-modules-curses is earlier than 0:3.6.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181654006",
"Comment": "python3-modules-sqlite3 is earlier than 0:3.6.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181654007",
"Comment": "python3-modules-tkinter is earlier than 0:3.6.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181654008",
"Comment": "python3-test is earlier than 0:3.6.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181654009",
"Comment": "python3-tools is earlier than 0:3.6.4-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink