pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2020-1218/definitions.json
pepelyaevip 9e8a5a2bb2 ALT Vulnerability
2024-02-14 09:47:22 +00:00

279 lines
14 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20201218",
"Version": "oval:org.altlinux.errata:def:20201218",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-1218: package `php7-tidy` update to version 7.3.14-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-1218",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-1218",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-01278",
"RefURL": "https://bdu.fstec.ru/vul/2020-01278",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01291",
"RefURL": "https://bdu.fstec.ru/vul/2020-01291",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01391",
"RefURL": "https://bdu.fstec.ru/vul/2020-01391",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01446",
"RefURL": "https://bdu.fstec.ru/vul/2020-01446",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01688",
"RefURL": "https://bdu.fstec.ru/vul/2020-01688",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01689",
"RefURL": "https://bdu.fstec.ru/vul/2020-01689",
"Source": "BDU"
},
{
"RefID": "BDU:2020-05769",
"RefURL": "https://bdu.fstec.ru/vul/2020-05769",
"Source": "BDU"
},
{
"RefID": "CVE-2019-11044",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11044",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11045",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11045",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11046",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11046",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11050",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11050",
"Source": "CVE"
},
{
"RefID": "CVE-2020-7059",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-7059",
"Source": "CVE"
},
{
"RefID": "CVE-2020-7060",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-7060",
"Source": "CVE"
}
],
"Description": "This update upgrades php7-tidy to version 7.3.14-alt1. \nSecurity Fix(es):\n\n * BDU:2020-01278: Уязвимость реализации класса PHP DirectoryIterator интерпретатора языка программирования PHP, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2020-01291: Уязвимость функции exif_read_data интерпретатора языка программирования PHP, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании\n\n * BDU:2020-01391: Уязвимость функции mbstring() интерпретатора языка программирования PHP, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * BDU:2020-01446: Уязвимость функции fgetss() языка сценариев общего назначения с открытым исходным кодом PHP, связанная с чтением за границами буфера памяти, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * BDU:2020-01688: Уязвимость функции link интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к информации\n\n * BDU:2020-01689: Уязвимость интерпретатора языка программирования PHP, связанная с чтение за границами буфера памяти, позволяющая нарушителю получить несанкционированный доступ к информации\n\n * BDU:2020-05769: Уязвимость функции mbfl_filt_conv_big5_wchar интерпретатора PHP, позволяющая нарушителю получить доступ к защищаемой информации или вызвать отказ в обслуживании\n\n * CVE-2019-11044: In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.\n\n * CVE-2019-11045: In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.\n\n * CVE-2019-11046: In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.\n\n * CVE-2019-11050: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.\n\n * CVE-2020-7059: When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.\n\n * CVE-2020-7060: When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-02-13"
},
"Updated": {
"Date": "2020-02-13"
},
"bdu": [
{
"Cvss": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"Cvss3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"Cwe": "CWE-20, CWE-170",
"Href": "https://bdu.fstec.ru/vul/2020-01278",
"Impact": "Low",
"Public": "20191222",
"CveID": "BDU:2020-01278"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"Cwe": "CWE-125, CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-01291",
"Impact": "Low",
"Public": "20191222",
"CveID": "BDU:2020-01291"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"Cwe": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2020-01391",
"Impact": "Critical",
"Public": "20200210",
"CveID": "BDU:2020-01391"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"Cwe": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2020-01446",
"Impact": "Critical",
"Public": "20200116",
"CveID": "BDU:2020-01446"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"Cwe": "CWE-170",
"Href": "https://bdu.fstec.ru/vul/2020-01688",
"Impact": "High",
"Public": "20191222",
"CveID": "BDU:2020-01688"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"Cwe": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2020-01689",
"Impact": "High",
"Public": "20191222",
"CveID": "BDU:2020-01689"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"Cwe": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2020-05769",
"Impact": "Low",
"Public": "20191226",
"CveID": "BDU:2020-05769"
}
],
"Cves": [
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"Cwe": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11044",
"Impact": "High",
"Public": "20191223",
"CveID": "CVE-2019-11044"
},
{
"Cvss": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"Cvss3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"Cwe": "CWE-74",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11045",
"Impact": "Low",
"Public": "20191223",
"CveID": "CVE-2019-11045"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"Cwe": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11046",
"Impact": "Low",
"Public": "20191223",
"CveID": "CVE-2019-11046"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"Cwe": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11050",
"Impact": "Low",
"Public": "20191223",
"CveID": "CVE-2019-11050"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"Cwe": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-7059",
"Impact": "Critical",
"Public": "20200210",
"CveID": "CVE-2020-7059"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"Cwe": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-7060",
"Impact": "Critical",
"Public": "20200210",
"CveID": "CVE-2020-7060"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20201218001",
"Comment": "php7-tidy is earlier than 0:7.3.14-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink