pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6943922b37
vuln-list-alt/oval/c9f2/ALT-PU-2023-4581/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

292 lines
13 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20234581",
"Version": "oval:org.altlinux.errata:def:20234581",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-4581: package `python` update to version 2.7.18-alt0.MC9.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-4581",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-4581",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-02302",
"RefURL": "https://bdu.fstec.ru/vul/2022-02302",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02303",
"RefURL": "https://bdu.fstec.ru/vul/2022-02303",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03962",
"RefURL": "https://bdu.fstec.ru/vul/2022-03962",
"Source": "BDU"
},
{
"RefID": "CVE-2015-20107",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-20107",
"Source": "CVE"
},
{
"RefID": "CVE-2021-4189",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-4189",
"Source": "CVE"
},
{
"RefID": "CVE-2022-0391",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-0391",
"Source": "CVE"
}
],
"Description": "This update upgrades python to version 2.7.18-alt0.MC9.1. \nSecurity Fix(es):\n\n * BDU:2022-02302: Уязвимость модуля urllib.parse интерпретатора языка программирования Python, позволяющая нарушителю внедрить произвольные данные в ответ сервера\n\n * BDU:2022-02303: Уязвимость клиентской библиотеки FTP (File Transfer Protocol) интерпретатора языка программирования Python, позволяющая нарушителю выполнять SSRF-атаки\n\n * BDU:2022-03962: Уязвимость модуля mailcap интерпретатора языка программирования Python, позволяющая нарушителю выполнить произвольную команду\n\n * CVE-2015-20107: In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9\n\n * CVE-2021-4189: A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.\n\n * CVE-2022-0391: A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-08-12"
},
"Updated": {
"Date": "2023-08-12"
},
"BDUs": [
{
"ID": "BDU:2022-02302",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-74, CWE-93",
"Href": "https://bdu.fstec.ru/vul/2022-02302",
"Impact": "High",
"Public": "20220209"
},
{
"ID": "BDU:2022-02303",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-918",
"Href": "https://bdu.fstec.ru/vul/2022-02303",
"Impact": "Low",
"Public": "20220209"
},
{
"ID": "BDU:2022-03962",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-77",
"Href": "https://bdu.fstec.ru/vul/2022-03962",
"Impact": "Critical",
"Public": "20220413"
}
],
"CVEs": [
{
"ID": "CVE-2015-20107",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:C/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"CWE": "CWE-77",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-20107",
"Impact": "High",
"Public": "20220413"
},
{
"ID": "CVE-2021-4189",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-252",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-4189",
"Impact": "Low",
"Public": "20220824"
},
{
"ID": "CVE-2022-0391",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-74",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-0391",
"Impact": "High",
"Public": "20220209"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20234581001",
"Comment": "libpython is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581002",
"Comment": "python is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581003",
"Comment": "python-base is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581004",
"Comment": "python-dev is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581005",
"Comment": "python-devel-static is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581006",
"Comment": "python-modules is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581007",
"Comment": "python-modules-bsddb is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581008",
"Comment": "python-modules-compiler is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581009",
"Comment": "python-modules-ctypes is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581010",
"Comment": "python-modules-curses is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581011",
"Comment": "python-modules-distutils is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581012",
"Comment": "python-modules-email is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581013",
"Comment": "python-modules-encodings is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581014",
"Comment": "python-modules-ensurepip is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581015",
"Comment": "python-modules-hotshot is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581016",
"Comment": "python-modules-json is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581017",
"Comment": "python-modules-logging is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581018",
"Comment": "python-modules-multiprocessing is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581019",
"Comment": "python-modules-nis is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581020",
"Comment": "python-modules-sqlite3 is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581021",
"Comment": "python-modules-tkinter is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581022",
"Comment": "python-modules-unittest is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581023",
"Comment": "python-modules-wsgiref is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581024",
"Comment": "python-modules-xml is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581025",
"Comment": "python-relaxed is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581026",
"Comment": "python-strict is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581027",
"Comment": "python-test is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581028",
"Comment": "python-tools-2to3 is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581029",
"Comment": "python-tools-i18n is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581030",
"Comment": "python-tools-idle is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581031",
"Comment": "python-tools-pynche is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581032",
"Comment": "python-tools-scripts is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581033",
"Comment": "python-tools-smtpd is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581034",
"Comment": "python-tools-webchecker is earlier than 0:2.7.18-alt0.MC9.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234581035",
"Comment": "python-user-scripts is earlier than 0:2.7.18-alt0.MC9.1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink