pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
965bfc23c8
vuln-list-alt/oval/c9f2/ALT-PU-2019-1131/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

237 lines
10 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20191131",
"Version": "oval:org.altlinux.errata:def:20191131",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-1131: package `perl` update to version 5.28.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-1131",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-1131",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-00435",
"RefURL": "https://bdu.fstec.ru/vul/2019-00435",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00880",
"RefURL": "https://bdu.fstec.ru/vul/2019-00880",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00881",
"RefURL": "https://bdu.fstec.ru/vul/2019-00881",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00882",
"RefURL": "https://bdu.fstec.ru/vul/2019-00882",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00883",
"RefURL": "https://bdu.fstec.ru/vul/2019-00883",
"Source": "BDU"
},
{
"RefID": "CVE-2018-12015",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-12015",
"Source": "CVE"
},
{
"RefID": "CVE-2018-18311",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18311",
"Source": "CVE"
},
{
"RefID": "CVE-2018-18312",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18312",
"Source": "CVE"
},
{
"RefID": "CVE-2018-18313",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18313",
"Source": "CVE"
},
{
"RefID": "CVE-2018-18314",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18314",
"Source": "CVE"
}
],
"Description": "This update upgrades perl to version 5.28.1-alt1. \nSecurity Fix(es):\n\n * BDU:2019-00435: Уязвимость модуля Archive::Tar интерпретатора языка программирования Perl, позволяющая нарушителю обойти установленный контроль доступа и нарушить целостность информации\n\n * BDU:2019-00880: Уязвимость функции Perl_my_setenv интерпретатора языка программирования Perl, связанная с ошибками при обработке регулярных выражений, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * BDU:2019-00881: Уязвимость интерпретатора языка программирования Perl, связанная с ошибками при обработке регулярных выражений, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-00882: Уязвимость интерпретатора языка программирования Perl, связанная с ошибками при обработке регулярных выражений, позволяющая нарушителю получить несанкционированный доступ к информации\n\n * BDU:2019-00883: Уязвимость интерпретатора языка программирования Perl, связанная с ошибками при обработке регулярных выражений, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2018-12015: In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.\n\n * CVE-2018-18311: Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.\n\n * CVE-2018-18312: Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.\n\n * CVE-2018-18313: Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.\n\n * CVE-2018-18314: Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-01-29"
},
"Updated": {
"Date": "2019-01-29"
},
"BDUs": [
{
"ID": "BDU:2019-00435",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-22",
"Href": "https://bdu.fstec.ru/vul/2019-00435",
"Impact": "High",
"Public": "20180607"
},
{
"ID": "BDU:2019-00880",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-00880",
"Impact": "Critical",
"Public": "20180515"
},
{
"ID": "BDU:2019-00881",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122",
"Href": "https://bdu.fstec.ru/vul/2019-00881",
"Impact": "Critical",
"Public": "20180804"
},
{
"ID": "BDU:2019-00882",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-00882",
"Impact": "Critical",
"Public": "20180511"
},
{
"ID": "BDU:2019-00883",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122",
"Href": "https://bdu.fstec.ru/vul/2019-00883",
"Impact": "Critical",
"Public": "20170624"
}
],
"CVEs": [
{
"ID": "CVE-2018-12015",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-59",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-12015",
"Impact": "High",
"Public": "20180607"
},
{
"ID": "CVE-2018-18311",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18311",
"Impact": "Critical",
"Public": "20181207"
},
{
"ID": "CVE-2018-18312",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18312",
"Impact": "Critical",
"Public": "20181205"
},
{
"ID": "CVE-2018-18313",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18313",
"Impact": "Critical",
"Public": "20181207"
},
{
"ID": "CVE-2018-18314",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18314",
"Impact": "Critical",
"Public": "20181207"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20191131001",
"Comment": "perl-DBM is earlier than 1:5.28.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191131002",
"Comment": "perl-Unicode-Normalize is earlier than 1:5.28.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191131003",
"Comment": "perl-base is earlier than 1:5.28.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191131004",
"Comment": "perl-devel is earlier than 1:5.28.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191131005",
"Comment": "perl-pod is earlier than 1:5.28.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191131006",
"Comment": "perl-threads is earlier than 1:5.28.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191131007",
"Comment": "perl-unicore is earlier than 1:5.28.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink