pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c9f2/ALT-PU-2019-2751/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

176 lines
7.2 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20192751",
"Version": "oval:org.altlinux.errata:def:20192751",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-2751: package `poco` update to version 1.9.4-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-2751",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-2751",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-03643",
"RefURL": "https://bdu.fstec.ru/vul/2019-03643",
"Source": "BDU"
},
{
"RefID": "CVE-2017-1000472",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000472",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15903",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15903",
"Source": "CVE"
},
{
"RefID": "CVE-2023-52389",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-52389",
"Source": "CVE"
}
],
"Description": "This update upgrades poco to version 1.9.4-alt1. \nSecurity Fix(es):\n\n * BDU:2019-03643: Уязвимость библиотеки для анализа XML-файлов libexpat, связанная с неверным ограничением xml-ссылок на внешние объекты, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2017-1000472: The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a \"file path injection vulnerability\".\n\n * CVE-2019-15903: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.\n\n * CVE-2023-52389: UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-09-20"
},
"Updated": {
"Date": "2024-04-05"
},
"BDUs": [
{
"ID": "BDU:2019-03643",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-611",
"Href": "https://bdu.fstec.ru/vul/2019-03643",
"Impact": "High",
"Public": "20190828"
}
],
"CVEs": [
{
"ID": "CVE-2017-1000472",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"CWE": "CWE-22",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000472",
"Impact": "Low",
"Public": "20180103"
},
{
"ID": "CVE-2019-15903",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15903",
"Impact": "High",
"Public": "20190904"
},
{
"ID": "CVE-2023-52389",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-52389",
"Impact": "Critical",
"Public": "20240127"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20192751001",
"Comment": "libpoco is earlier than 0:1.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192751002",
"Comment": "libpoco-crypto is earlier than 0:1.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192751003",
"Comment": "libpoco-data is earlier than 0:1.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192751004",
"Comment": "libpoco-devel is earlier than 0:1.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192751005",
"Comment": "libpoco-mongodb is earlier than 0:1.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192751006",
"Comment": "libpoco-mysql is earlier than 0:1.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192751007",
"Comment": "libpoco-net is earlier than 0:1.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192751008",
"Comment": "libpoco-odbc is earlier than 0:1.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192751009",
"Comment": "libpoco-redis is earlier than 0:1.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192751010",
"Comment": "libpoco-sqlite is earlier than 0:1.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192751011",
"Comment": "libpoco-ssl is earlier than 0:1.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192751012",
"Comment": "libpoco-util is earlier than 0:1.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192751013",
"Comment": "libpoco-zip is earlier than 0:1.9.4-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink