pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c9f2/ALT-PU-2020-3317/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

141 lines
5.3 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20203317",
"Version": "oval:org.altlinux.errata:def:20203317",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-3317: package `bzip2` update to version 1.0.8-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-3317",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-3317",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-02881",
"RefURL": "https://bdu.fstec.ru/vul/2019-02881",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01720",
"RefURL": "https://bdu.fstec.ru/vul/2021-01720",
"Source": "BDU"
},
{
"RefID": "CVE-2016-3189",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-3189",
"Source": "CVE"
},
{
"RefID": "CVE-2019-12900",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-12900",
"Source": "CVE"
}
],
"Description": "This update upgrades bzip2 to version 1.0.8-alt1. \nSecurity Fix(es):\n\n * BDU:2019-02881: Уязвимость функции BZ2_decompress утилиты для сжатия данных bzip2, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2021-01720: Уязвимость функции bzip2recover программного обеспечения для сжатия данных Bzip2, связанная с использованием после освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2016-3189: Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.\n\n * CVE-2019-12900: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-11-16"
},
"Updated": {
"Date": "2020-11-16"
},
"BDUs": [
{
"ID": "BDU:2019-02881",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2019-02881",
"Impact": "High",
"Public": "20190606"
},
{
"ID": "BDU:2021-01720",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-01720",
"Impact": "Low",
"Public": "20160630"
}
],
"CVEs": [
{
"ID": "CVE-2016-3189",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-3189",
"Impact": "Low",
"Public": "20160630"
},
{
"ID": "CVE-2019-12900",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-12900",
"Impact": "Critical",
"Public": "20190619"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20203317001",
"Comment": "bzip2 is earlier than 1:1.0.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203317002",
"Comment": "bzlib is earlier than 1:1.0.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203317003",
"Comment": "bzlib-devel is earlier than 1:1.0.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203317004",
"Comment": "bzlib-devel-static is earlier than 1:1.0.8-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink