pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c9f2/ALT-PU-2018-1840/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

233 lines
10 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20181840",
"Version": "oval:org.altlinux.errata:def:20181840",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-1840: package `python` update to version 2.7.14-alt4",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-1840",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-1840",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-00417",
"RefURL": "https://bdu.fstec.ru/vul/2020-00417",
"Source": "BDU"
},
{
"RefID": "CVE-2018-1000030",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000030",
"Source": "CVE"
}
],
"Description": "This update upgrades python to version 2.7.14-alt4. \nSecurity Fix(es):\n\n * BDU:2020-00417: Уязвимость интерпретатора языка программирования Python, связанная с выходом операции за границы буфера в памяти и использованием памяти после ее освобождения, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * CVE-2018-1000030: Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-06-04"
},
"Updated": {
"Date": "2018-06-04"
},
"BDUs": [
{
"ID": "BDU:2020-00417",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00417",
"Impact": "High",
"Public": "20180208"
}
],
"CVEs": [
{
"ID": "CVE-2018-1000030",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000030",
"Impact": "Low",
"Public": "20180208"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20181840001",
"Comment": "libpython is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840002",
"Comment": "python is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840003",
"Comment": "python-base is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840004",
"Comment": "python-dev is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840005",
"Comment": "python-devel-static is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840006",
"Comment": "python-modules is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840007",
"Comment": "python-modules-bsddb is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840008",
"Comment": "python-modules-compiler is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840009",
"Comment": "python-modules-ctypes is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840010",
"Comment": "python-modules-curses is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840011",
"Comment": "python-modules-email is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840012",
"Comment": "python-modules-encodings is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840013",
"Comment": "python-modules-ensurepip is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840014",
"Comment": "python-modules-hotshot is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840015",
"Comment": "python-modules-json is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840016",
"Comment": "python-modules-logging is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840017",
"Comment": "python-modules-multiprocessing is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840018",
"Comment": "python-modules-nis is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840019",
"Comment": "python-modules-sqlite3 is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840020",
"Comment": "python-modules-tkinter is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840021",
"Comment": "python-modules-unittest is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840022",
"Comment": "python-modules-wsgiref is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840023",
"Comment": "python-modules-xml is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840024",
"Comment": "python-relaxed is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840025",
"Comment": "python-strict is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840026",
"Comment": "python-test is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840027",
"Comment": "python-tools-2to3 is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840028",
"Comment": "python-tools-i18n is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840029",
"Comment": "python-tools-idle is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840030",
"Comment": "python-tools-pynche is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840031",
"Comment": "python-tools-scripts is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840032",
"Comment": "python-tools-smtpd is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840033",
"Comment": "python-tools-webchecker is earlier than 0:2.7.14-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181840034",
"Comment": "python-user-scripts is earlier than 0:2.7.14-alt4"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink