vuln-list-alt/oval/c9f2/ALT-PU-2018-2984/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20182984",
      "Version": "oval:org.altlinux.errata:def:20182984",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2018-2984: package `zstd` update to version 1.3.8-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c9f2"
            ],
            "Products": [
              "ALT SPWorkstation",
              "ALT SPServer"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2018-2984",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2018-2984",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2019-03229",
            "RefURL": "https://bdu.fstec.ru/vul/2019-03229",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2019-11922",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11922",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades zstd to version 1.3.8-alt1. \nSecurity Fix(es):\n\n * BDU:2019-03229: Уязвимость функции сжатия библиотеки для сжатия данных Zstandard, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2019-11922: A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2018-12-29"
          },
          "Updated": {
            "Date": "2018-12-29"
          },
          "BDUs": [
            {
              "ID": "BDU:2019-03229",
              "CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
              "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-362",
              "Href": "https://bdu.fstec.ru/vul/2019-03229",
              "Impact": "High",
              "Public": "20190725"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2019-11922",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-362",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11922",
              "Impact": "High",
              "Public": "20190725"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:8.4",
              "cpe:/o:alt:spserver:8.4"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182984001",
                "Comment": "libzstd is earlier than 0:1.3.8-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182984002",
                "Comment": "libzstd-devel is earlier than 0:1.3.8-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182984003",
                "Comment": "pzstd is earlier than 0:1.3.8-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182984004",
                "Comment": "zstd is earlier than 0:1.3.8-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}