2024-06-28 13:17:52 +00:00

307 lines
15 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20222830",
"Version": "oval:org.altlinux.errata:def:20222830",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-2830: package `dnsmasq` update to version 2.87-alt2.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-2830",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-2830",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-03253",
"RefURL": "https://bdu.fstec.ru/vul/2022-03253",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01666",
"RefURL": "https://bdu.fstec.ru/vul/2023-01666",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01684",
"RefURL": "https://bdu.fstec.ru/vul/2023-01684",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01685",
"RefURL": "https://bdu.fstec.ru/vul/2023-01685",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01689",
"RefURL": "https://bdu.fstec.ru/vul/2023-01689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01693",
"RefURL": "https://bdu.fstec.ru/vul/2023-01693",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01702",
"RefURL": "https://bdu.fstec.ru/vul/2023-01702",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01703",
"RefURL": "https://bdu.fstec.ru/vul/2023-01703",
"Source": "BDU"
},
{
"RefID": "CVE-2021-45951",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-45951",
"Source": "CVE"
},
{
"RefID": "CVE-2021-45952",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-45952",
"Source": "CVE"
},
{
"RefID": "CVE-2021-45953",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-45953",
"Source": "CVE"
},
{
"RefID": "CVE-2021-45954",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-45954",
"Source": "CVE"
},
{
"RefID": "CVE-2021-45955",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-45955",
"Source": "CVE"
},
{
"RefID": "CVE-2021-45956",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-45956",
"Source": "CVE"
},
{
"RefID": "CVE-2021-45957",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-45957",
"Source": "CVE"
},
{
"RefID": "CVE-2022-0934",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-0934",
"Source": "CVE"
}
],
"Description": "This update upgrades dnsmasq to version 2.87-alt2.1. \nSecurity Fix(es):\n\n * BDU:2022-03253: Уязвимость реализации протокола DHCPv6 DNS-сервера Dnsmasq, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-01666: Уязвимость функции answer_request компонента fuzz_rfc1035.c DNS-сервера Dnsmasq, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2023-01684: Уязвимость функции resize_packet компонента fuzz_rfc1035.c DNS-сервера Dnsmasq, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2023-01685: Уязвимость функции check_bad_address DNS-сервера Dnsmasq, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2023-01689: Уязвимость функции print_mac DNS-сервера Dnsmasq, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2023-01693: Уязвимость функции extract_name компонента fuzz_util.c DNS-сервера Dnsmasq, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2023-01702: Уязвимость функции extract_name DNS-сервера Dnsmasq, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2023-01703: Уязвимость функции dhcp_reply DNS-сервера Dnsmasq, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2021-45951: Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWildcard). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 \"do not represent real vulnerabilities, to the best of our knowledge.\n\n * CVE-2021-45952: Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 \"do not represent real vulnerabilities, to the best of our knowledge.\n\n * CVE-2021-45953: Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 \"do not represent real vulnerabilities, to the best of our knowledge.\n\n * CVE-2021-45954: Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 \"do not represent real vulnerabilities, to the best of our knowledge.\n\n * CVE-2021-45955: Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the lack of a proper bounds check upon pseudo header re-insertion. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 \"do not represent real vulnerabilities, to the best of our knowledge.\" However, a contributor states that a security patch (mentioned in 016162.html) is needed\n\n * CVE-2021-45956: Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 \"do not represent real vulnerabilities, to the best of our knowledge.\n\n * CVE-2021-45957: Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 \"do not represent real vulnerabilities, to the best of our knowledge.\n\n * CVE-2022-0934: A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.\n\n * #39812: dnsmasq cannot start",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-10-13"
},
"Updated": {
"Date": "2022-10-13"
},
"BDUs": [
{
"ID": "BDU:2022-03253",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-03253",
"Impact": "High",
"Public": "20220222"
},
{
"ID": "BDU:2023-01666",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2023-01666",
"Impact": "Critical",
"Public": "20210708"
},
{
"ID": "BDU:2023-01684",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2023-01684",
"Impact": "Critical",
"Public": "20210707"
},
{
"ID": "BDU:2023-01685",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2023-01685",
"Impact": "Critical",
"Public": "20210706"
},
{
"ID": "BDU:2023-01689",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2023-01689",
"Impact": "Critical",
"Public": "20210707"
},
{
"ID": "BDU:2023-01693",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2023-01693",
"Impact": "Critical",
"Public": "20210706"
},
{
"ID": "BDU:2023-01702",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2023-01702",
"Impact": "Critical",
"Public": "20210706"
},
{
"ID": "BDU:2023-01703",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2023-01703",
"Impact": "Critical",
"Public": "20210706"
}
],
"CVEs": [
{
"ID": "CVE-2021-45951",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-45951",
"Impact": "Critical",
"Public": "20220101"
},
{
"ID": "CVE-2021-45952",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-45952",
"Impact": "Critical",
"Public": "20220101"
},
{
"ID": "CVE-2021-45953",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-45953",
"Impact": "Critical",
"Public": "20220101"
},
{
"ID": "CVE-2021-45954",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-45954",
"Impact": "Critical",
"Public": "20220101"
},
{
"ID": "CVE-2021-45955",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-45955",
"Impact": "Critical",
"Public": "20220101"
},
{
"ID": "CVE-2021-45956",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-45956",
"Impact": "Critical",
"Public": "20220101"
},
{
"ID": "CVE-2021-45957",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-45957",
"Impact": "Critical",
"Public": "20220101"
},
{
"ID": "CVE-2022-0934",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-0934",
"Impact": "High",
"Public": "20220829"
}
],
"Bugzilla": [
{
"ID": "39812",
"Href": "https://bugzilla.altlinux.org/39812",
"Data": "dnsmasq cannot start"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20222830001",
"Comment": "dnsmasq is earlier than 0:2.87-alt2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222830002",
"Comment": "dnsmasq-utils is earlier than 0:2.87-alt2.1"
}
]
}
]
}
}
]
}