218 lines
8.9 KiB
JSON
218 lines
8.9 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20181878",
|
||
"Version": "oval:org.altlinux.errata:def:20181878",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2018-1878: package `vim` update to version 8.1.26-alt1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch p10"
|
||
],
|
||
"Products": [
|
||
"ALT Server",
|
||
"ALT Virtualization Server",
|
||
"ALT Workstation",
|
||
"ALT Workstation K",
|
||
"ALT Education",
|
||
"Simply Linux",
|
||
"Starterkit"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2018-1878",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-1878",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2022-05951",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2022-05951",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2022-06483",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2022-06483",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2017-1000382",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000382",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2017-17087",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-17087",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2022-1897",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1897",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades vim to version 8.1.26-alt1. \nSecurity Fix(es):\n\n * BDU:2022-05951: Уязвимость компонентов fileio.c, /etc/shadow, /etc/.shadow.swp текстового редактора Vim, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * BDU:2022-06483: Уязвимость функции vim_regsub_both компонента regexp.c текстового редактора Vim, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2017-1000382: VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (\"[ORIGINAL_FILENAME].swp\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.\n\n * CVE-2017-17087: fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.\n\n * CVE-2022-1897: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.\n\n * #33359: не поддерживается юникод",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "High",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2018-06-08"
|
||
},
|
||
"Updated": {
|
||
"Date": "2018-06-08"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2022-05951",
|
||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
|
||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||
"CWE": "CWE-668",
|
||
"Href": "https://bdu.fstec.ru/vul/2022-05951",
|
||
"Impact": "Low",
|
||
"Public": "20171104"
|
||
},
|
||
{
|
||
"ID": "BDU:2022-06483",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-787",
|
||
"Href": "https://bdu.fstec.ru/vul/2022-06483",
|
||
"Impact": "High",
|
||
"Public": "20220525"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2017-1000382",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
||
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||
"CWE": "CWE-200",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000382",
|
||
"Impact": "Low",
|
||
"Public": "20171031"
|
||
},
|
||
{
|
||
"ID": "CVE-2017-17087",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||
"CWE": "CWE-668",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-17087",
|
||
"Impact": "Low",
|
||
"Public": "20171201"
|
||
},
|
||
{
|
||
"ID": "CVE-2022-1897",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-787",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1897",
|
||
"Impact": "High",
|
||
"Public": "20220527"
|
||
}
|
||
],
|
||
"Bugzilla": [
|
||
{
|
||
"ID": "33359",
|
||
"Href": "https://bugzilla.altlinux.org/33359",
|
||
"Data": "не поддерживается юникод"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:kworkstation:10",
|
||
"cpe:/o:alt:workstation:10",
|
||
"cpe:/o:alt:server:10",
|
||
"cpe:/o:alt:server-v:10",
|
||
"cpe:/o:alt:education:10",
|
||
"cpe:/o:alt:slinux:10",
|
||
"cpe:/o:alt:starterkit:p10",
|
||
"cpe:/o:alt:kworkstation:10.1",
|
||
"cpe:/o:alt:workstation:10.1",
|
||
"cpe:/o:alt:server:10.1",
|
||
"cpe:/o:alt:server-v:10.1",
|
||
"cpe:/o:alt:education:10.1",
|
||
"cpe:/o:alt:slinux:10.1",
|
||
"cpe:/o:alt:starterkit:10.1",
|
||
"cpe:/o:alt:kworkstation:10.2",
|
||
"cpe:/o:alt:workstation:10.2",
|
||
"cpe:/o:alt:server:10.2",
|
||
"cpe:/o:alt:server-v:10.2",
|
||
"cpe:/o:alt:education:10.2",
|
||
"cpe:/o:alt:slinux:10.2",
|
||
"cpe:/o:alt:starterkit:10.2"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:2001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181878001",
|
||
"Comment": "rpm-build-vim is earlier than 4:8.1.26-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181878002",
|
||
"Comment": "vim-X11 is earlier than 4:8.1.26-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181878003",
|
||
"Comment": "vim-X11-gnome2 is earlier than 4:8.1.26-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181878004",
|
||
"Comment": "vim-X11-gtk2 is earlier than 4:8.1.26-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181878005",
|
||
"Comment": "vim-X11-neXtaw is earlier than 4:8.1.26-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181878006",
|
||
"Comment": "vim-common is earlier than 4:8.1.26-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181878007",
|
||
"Comment": "vim-console is earlier than 4:8.1.26-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181878008",
|
||
"Comment": "vim-enhanced is earlier than 4:8.1.26-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181878009",
|
||
"Comment": "vim-minimal is earlier than 4:8.1.26-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181878010",
|
||
"Comment": "vim-spell-source is earlier than 4:8.1.26-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181878011",
|
||
"Comment": "vimtutor is earlier than 4:8.1.26-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20181878012",
|
||
"Comment": "xxd is earlier than 4:8.1.26-alt1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |