vuln-list-alt/oval/p10/ALT-PU-2019-2781/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20192781",
      "Version": "oval:org.altlinux.errata:def:20192781",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2019-2781: package `librsvg` update to version 2.46.0-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p10"
            ],
            "Products": [
              "ALT Server",
              "ALT Virtualization Server",
              "ALT Workstation",
              "ALT Workstation K",
              "ALT Education",
              "Simply Linux",
              "Starterkit"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2019-2781",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2019-2781",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2021-00123",
            "RefURL": "https://bdu.fstec.ru/vul/2021-00123",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2019-20446",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-20446",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades librsvg to version 2.46.0-alt1. \nSecurity Fix(es):\n\n * BDU:2021-00123: Уязвимость множества функций из xml.rs библиотеки отрисовки векторной графики librsvg, связанная с ошибкой механизма контроля расходуемых ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2019-20446: In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2019-09-25"
          },
          "Updated": {
            "Date": "2019-09-25"
          },
          "BDUs": [
            {
              "ID": "BDU:2021-00123",
              "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
              "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "CWE": "CWE-400",
              "Href": "https://bdu.fstec.ru/vul/2021-00123",
              "Impact": "Low",
              "Public": "20200202"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2019-20446",
              "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "CWE": "CWE-400",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-20446",
              "Impact": "Low",
              "Public": "20200202"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:kworkstation:10",
              "cpe:/o:alt:workstation:10",
              "cpe:/o:alt:server:10",
              "cpe:/o:alt:server-v:10",
              "cpe:/o:alt:education:10",
              "cpe:/o:alt:slinux:10",
              "cpe:/o:alt:starterkit:p10",
              "cpe:/o:alt:kworkstation:10.1",
              "cpe:/o:alt:workstation:10.1",
              "cpe:/o:alt:server:10.1",
              "cpe:/o:alt:server-v:10.1",
              "cpe:/o:alt:education:10.1",
              "cpe:/o:alt:slinux:10.1",
              "cpe:/o:alt:starterkit:10.1",
              "cpe:/o:alt:kworkstation:10.2",
              "cpe:/o:alt:workstation:10.2",
              "cpe:/o:alt:server:10.2",
              "cpe:/o:alt:server-v:10.2",
              "cpe:/o:alt:education:10.2",
              "cpe:/o:alt:slinux:10.2",
              "cpe:/o:alt:starterkit:10.2"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:2001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20192781001",
                "Comment": "librsvg is earlier than 1:2.46.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20192781002",
                "Comment": "librsvg-devel is earlier than 1:2.46.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20192781003",
                "Comment": "librsvg-devel-doc is earlier than 1:2.46.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20192781004",
                "Comment": "librsvg-gir is earlier than 1:2.46.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20192781005",
                "Comment": "librsvg-gir-devel is earlier than 1:2.46.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20192781006",
                "Comment": "librsvg-utils is earlier than 1:2.46.0-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}