vuln-list-alt/oval/c9f2/ALT-PU-2019-2042/definitions.json
2024-06-28 13:17:52 +00:00

180 lines
7.4 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20192042",
"Version": "oval:org.altlinux.errata:def:20192042",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-2042: package `vim` update to version 8.1.1517-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-2042",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-2042",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-03251",
"RefURL": "https://bdu.fstec.ru/vul/2019-03251",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05913",
"RefURL": "https://bdu.fstec.ru/vul/2022-05913",
"Source": "BDU"
},
{
"RefID": "CVE-2019-12735",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-12735",
"Source": "CVE"
},
{
"RefID": "CVE-2019-20807",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-20807",
"Source": "CVE"
}
],
"Description": "This update upgrades vim to version 8.1.1517-alt1. \nSecurity Fix(es):\n\n * BDU:2019-03251: Уязвимость библиотеки getchar.c текстового редактора Vim, связанная с отсутствием мер по нейтрализации специальных элементов, используемых в команде операционной системы, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-05913: Уязвимость команды OS текстового редактора Vim, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2019-12735: getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.\n\n * CVE-2019-20807: In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).\n\n * #36882: CVE-2019-12735: Modelines allow arbitrary code execution",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-06-11"
},
"Updated": {
"Date": "2019-06-11"
},
"BDUs": [
{
"ID": "BDU:2019-03251",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"CWE": "CWE-78",
"Href": "https://bdu.fstec.ru/vul/2019-03251",
"Impact": "High",
"Public": "20190605"
},
{
"ID": "BDU:2022-05913",
"CVSS": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-78",
"Href": "https://bdu.fstec.ru/vul/2022-05913",
"Impact": "Low",
"Public": "20190208"
}
],
"CVEs": [
{
"ID": "CVE-2019-12735",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"CWE": "CWE-78",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-12735",
"Impact": "High",
"Public": "20190605"
},
{
"ID": "CVE-2019-20807",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-78",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-20807",
"Impact": "Low",
"Public": "20200528"
}
],
"Bugzilla": [
{
"ID": "36882",
"Href": "https://bugzilla.altlinux.org/36882",
"Data": "CVE-2019-12735: Modelines allow arbitrary code execution"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20192042001",
"Comment": "rpm-build-vim is earlier than 4:8.1.1517-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192042002",
"Comment": "vim-X11 is earlier than 4:8.1.1517-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192042003",
"Comment": "vim-X11-gnome2 is earlier than 4:8.1.1517-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192042004",
"Comment": "vim-X11-gtk2 is earlier than 4:8.1.1517-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192042005",
"Comment": "vim-X11-neXtaw is earlier than 4:8.1.1517-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192042006",
"Comment": "vim-common is earlier than 4:8.1.1517-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192042007",
"Comment": "vim-console is earlier than 4:8.1.1517-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192042008",
"Comment": "vim-enhanced is earlier than 4:8.1.1517-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192042009",
"Comment": "vim-minimal is earlier than 4:8.1.1517-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192042010",
"Comment": "vim-spell-source is earlier than 4:8.1.1517-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192042011",
"Comment": "vimtutor is earlier than 4:8.1.1517-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192042012",
"Comment": "xxd is earlier than 4:8.1.1517-alt1"
}
]
}
]
}
}
]
}