pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
965bfc23c8
vuln-list-alt/oval/c9f2/ALT-PU-2018-1872/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

227 lines
10 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20181872",
"Version": "oval:org.altlinux.errata:def:20181872",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-1872: package `patch` update to version 2.7.6.0.15.369d-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-1872",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-1872",
"Source": "ALTPU"
},
{
"RefID": "BDU:2018-01502",
"RefURL": "https://bdu.fstec.ru/vul/2018-01502",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01794",
"RefURL": "https://bdu.fstec.ru/vul/2020-01794",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01649",
"RefURL": "https://bdu.fstec.ru/vul/2023-01649",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01652",
"RefURL": "https://bdu.fstec.ru/vul/2023-01652",
"Source": "BDU"
},
{
"RefID": "CVE-2016-10713",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10713",
"Source": "CVE"
},
{
"RefID": "CVE-2018-1000156",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000156",
"Source": "CVE"
},
{
"RefID": "CVE-2018-20969",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20969",
"Source": "CVE"
},
{
"RefID": "CVE-2018-6951",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6951",
"Source": "CVE"
},
{
"RefID": "CVE-2018-6952",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6952",
"Source": "CVE"
},
{
"RefID": "CVE-2019-13636",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-13636",
"Source": "CVE"
},
{
"RefID": "CVE-2019-20633",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-20633",
"Source": "CVE"
}
],
"Description": "This update upgrades patch to version 2.7.6.0.15.369d-alt1. \nSecurity Fix(es):\n\n * BDU:2018-01502: Уязвимость программной Unix-утилиты GNU Patch, связанная с недостаточной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании, получить доступ к конфиденциальным данным или нарушить их целостность\n\n * BDU:2020-01794: Уязвимость утилиты для применения изменений между разными версиями текстовых файлов GNU patch (inp.c и util.c), связанная с неправильным определением ссылки перед доступом к файлу, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-01649: Уязвимость функции another_hunk() компонента pch.c программы переноса правок Patch, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-01652: Уязвимость функции intuit_diff_type() компонента pch.c программы переноса правок Patch, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2016-10713: An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.\n\n * CVE-2018-1000156: GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.\n\n * CVE-2018-20969: do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.\n\n * CVE-2018-6951: An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a \"mangled rename\" issue.\n\n * CVE-2018-6952: A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.\n\n * CVE-2019-13636: In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.\n\n * CVE-2019-20633: GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-06-08"
},
"Updated": {
"Date": "2018-06-08"
},
"BDUs": [
{
"ID": "BDU:2018-01502",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2018-01502",
"Impact": "High",
"Public": "20180405"
},
{
"ID": "BDU:2020-01794",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-59",
"Href": "https://bdu.fstec.ru/vul/2020-01794",
"Impact": "Low",
"Public": "20190715"
},
{
"ID": "BDU:2023-01649",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-415",
"Href": "https://bdu.fstec.ru/vul/2023-01649",
"Impact": "High",
"Public": "20180212"
},
{
"ID": "BDU:2023-01652",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2023-01652",
"Impact": "High",
"Public": "20180212"
}
],
"CVEs": [
{
"ID": "CVE-2016-10713",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10713",
"Impact": "Low",
"Public": "20180213"
},
{
"ID": "CVE-2018-1000156",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000156",
"Impact": "High",
"Public": "20180406"
},
{
"ID": "CVE-2018-20969",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-78",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20969",
"Impact": "High",
"Public": "20190816"
},
{
"ID": "CVE-2018-6951",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6951",
"Impact": "High",
"Public": "20180213"
},
{
"ID": "CVE-2018-6952",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-415",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6952",
"Impact": "High",
"Public": "20180213"
},
{
"ID": "CVE-2019-13636",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-59",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-13636",
"Impact": "Low",
"Public": "20190717"
},
{
"ID": "CVE-2019-20633",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-415",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-20633",
"Impact": "Low",
"Public": "20200325"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20181872001",
"Comment": "patch is earlier than 0:2.7.6.0.15.369d-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink