pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2022-2917/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

239 lines
10 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20222917",
"Version": "oval:org.altlinux.errata:def:20222917",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-2917: package `glibc` update to version 2.32-alt5",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-2917",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-2917",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-04132",
"RefURL": "https://bdu.fstec.ru/vul/2021-04132",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01632",
"RefURL": "https://bdu.fstec.ru/vul/2022-01632",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01633",
"RefURL": "https://bdu.fstec.ru/vul/2022-01633",
"Source": "BDU"
},
{
"RefID": "CVE-2020-29562",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-29562",
"Source": "CVE"
},
{
"RefID": "CVE-2021-38604",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-38604",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23218",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23218",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23219",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23219",
"Source": "CVE"
}
],
"Description": "This update upgrades glibc to version 2.32-alt5. \nSecurity Fix(es):\n\n * BDU:2021-04132: Уязвимость компонента sysdeps/unix/sysv/linux/mq_notify.c библиотеки glibc, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01632: Уязвимость модуля sunrpc ib glibc системной библиотеки glibc, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01633: Уязвимость модуля sunrpc системной библиотеки glibc, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2020-29562: The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.\n\n * CVE-2021-38604: In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.\n\n * CVE-2022-23218: The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.\n\n * CVE-2022-23219: The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-10-25"
},
"Updated": {
"Date": "2022-10-25"
},
"BDUs": [
{
"ID": "BDU:2021-04132",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2021-04132",
"Impact": "Low",
"Public": "20210809"
},
{
"ID": "BDU:2022-01632",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2022-01632",
"Impact": "Critical",
"Public": "20220314"
},
{
"ID": "BDU:2022-01633",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2022-01633",
"Impact": "Critical",
"Public": "20220314"
}
],
"CVEs": [
{
"ID": "CVE-2020-29562",
"CVSS": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-29562",
"Impact": "Low",
"Public": "20201204"
},
{
"ID": "CVE-2021-38604",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-38604",
"Impact": "High",
"Public": "20210812"
},
{
"ID": "CVE-2022-23218",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23218",
"Impact": "Critical",
"Public": "20220114"
},
{
"ID": "CVE-2022-23219",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23219",
"Impact": "Critical",
"Public": "20220114"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20222917001",
"Comment": "glibc is earlier than 6:2.32-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222917002",
"Comment": "glibc-core is earlier than 6:2.32-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222917003",
"Comment": "glibc-debug is earlier than 6:2.32-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222917004",
"Comment": "glibc-devel is earlier than 6:2.32-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222917005",
"Comment": "glibc-devel-static is earlier than 6:2.32-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222917006",
"Comment": "glibc-doc is earlier than 6:2.32-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222917007",
"Comment": "glibc-gconv-modules is earlier than 6:2.32-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222917008",
"Comment": "glibc-i18ndata is earlier than 6:2.32-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222917009",
"Comment": "glibc-locales is earlier than 6:2.32-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222917010",
"Comment": "glibc-nss is earlier than 6:2.32-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222917011",
"Comment": "glibc-preinstall is earlier than 6:2.32-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222917012",
"Comment": "glibc-pthread is earlier than 6:2.32-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222917013",
"Comment": "glibc-source is earlier than 6:2.32-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222917014",
"Comment": "glibc-timezones is earlier than 6:2.32-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222917015",
"Comment": "glibc-utils is earlier than 6:2.32-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222917016",
"Comment": "iconv is earlier than 6:2.32-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222917017",
"Comment": "libnsl1 is earlier than 6:2.32-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222917018",
"Comment": "nscd is earlier than 6:2.32-alt5"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink