145 lines
5.7 KiB
JSON
145 lines
5.7 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20181123",
|
||
"Version": "oval:org.altlinux.errata:def:20181123",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2018-1123: package `php5` update to version 5.6.33-alt1.S1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch c9f2"
|
||
],
|
||
"Products": [
|
||
"ALT SPWorkstation",
|
||
"ALT SPServer"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2018-1123",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-1123",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2018-01489",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2018-01489",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2019-04386",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2019-04386",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2018-5711",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5711",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2018-5712",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5712",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades php5 to version 5.6.33-alt1.S1. \nSecurity Fix(es):\n\n * BDU:2018-01489: Уязвимость функции gdImageCreateFromGifCtx библиотеки для создания и работы с программируемой графикой libgd2, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04386: Уязвимость на странице ошибки PHAR 404 интерпретатора языка программирования PHP, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)\n\n * CVE-2018-5711: gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.\n\n * CVE-2018-5712: An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "Low",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2018-02-03"
|
||
},
|
||
"Updated": {
|
||
"Date": "2018-02-03"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2018-01489",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-400",
|
||
"Href": "https://bdu.fstec.ru/vul/2018-01489",
|
||
"Impact": "Low",
|
||
"Public": "20180116"
|
||
},
|
||
{
|
||
"ID": "BDU:2019-04386",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||
"CWE": "CWE-79",
|
||
"Href": "https://bdu.fstec.ru/vul/2019-04386",
|
||
"Impact": "Low",
|
||
"Public": "20180426"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2018-5711",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-681",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5711",
|
||
"Impact": "Low",
|
||
"Public": "20180116"
|
||
},
|
||
{
|
||
"ID": "CVE-2018-5712",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||
"CWE": "CWE-79",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5712",
|
||
"Impact": "Low",
|
||
"Public": "20180116"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:spworkstation:8.4",
|
||
"cpe:/o:alt:spserver:8.4"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181123001",
|
||
"Comment": "php5 is earlier than 0:5.6.33-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181123002",
|
||
"Comment": "php5-devel is earlier than 0:5.6.33-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181123003",
|
||
"Comment": "php5-libs is earlier than 0:5.6.33-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181123004",
|
||
"Comment": "php5-mysqlnd is earlier than 0:5.6.33-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181123005",
|
||
"Comment": "rpm-build-php-version is earlier than 0:5.6.33-alt1.S1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |