pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c9f2/ALT-PU-2020-3281/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

266 lines
12 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20203281",
"Version": "oval:org.altlinux.errata:def:20203281",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-3281: package `unzip` update to version 6.0-alt4",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-3281",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-3281",
"Source": "ALTPU"
},
{
"RefID": "BDU:2018-00031",
"RefURL": "https://bdu.fstec.ru/vul/2018-00031",
"Source": "BDU"
},
{
"RefID": "BDU:2018-00032",
"RefURL": "https://bdu.fstec.ru/vul/2018-00032",
"Source": "BDU"
},
{
"RefID": "BDU:2018-01516",
"RefURL": "https://bdu.fstec.ru/vul/2018-01516",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03340",
"RefURL": "https://bdu.fstec.ru/vul/2019-03340",
"Source": "BDU"
},
{
"RefID": "CVE-2014-8139",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-8139",
"Source": "CVE"
},
{
"RefID": "CVE-2014-8140",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-8140",
"Source": "CVE"
},
{
"RefID": "CVE-2014-8141",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-8141",
"Source": "CVE"
},
{
"RefID": "CVE-2014-9636",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-9636",
"Source": "CVE"
},
{
"RefID": "CVE-2014-9913",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-9913",
"Source": "CVE"
},
{
"RefID": "CVE-2015-7696",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-7696",
"Source": "CVE"
},
{
"RefID": "CVE-2015-7697",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-7697",
"Source": "CVE"
},
{
"RefID": "CVE-2016-9844",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9844",
"Source": "CVE"
},
{
"RefID": "CVE-2018-1000035",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000035",
"Source": "CVE"
},
{
"RefID": "CVE-2018-18384",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18384",
"Source": "CVE"
}
],
"Description": "This update upgrades unzip to version 6.0-alt4. \nSecurity Fix(es):\n\n * BDU:2018-00031: Уязвимость функции list_files (list.c) файлового архиватора Info-ZIP Unzip, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2018-00032: Уязвимость функции zi_short в (zipinfo.c) файлового архиватора Info-ZIP Unzip, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2018-01516: Уязвимость файла list.c архиватора Info-ZIP UnZip, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-03340: Уязвимость файлового архиватора Info-ZIP Unzip, связанная с переполнением буфера на основе кучи, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2014-8139: Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n\n * CVE-2014-8140: Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n\n * CVE-2014-8141: Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.\n\n * CVE-2014-9636: unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.\n\n * CVE-2014-9913: Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.\n\n * CVE-2015-7696: Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.\n\n * CVE-2015-7697: Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.\n\n * CVE-2016-9844: Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.\n\n * CVE-2018-1000035: A heap-based buffer overflow exists in Info-Zip UnZip version \u003c= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.\n\n * CVE-2018-18384: Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-11-13"
},
"Updated": {
"Date": "2020-11-13"
},
"BDUs": [
{
"ID": "BDU:2018-00031",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2018-00031",
"Impact": "Low",
"Public": "20161103"
},
{
"ID": "BDU:2018-00032",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2018-00032",
"Impact": "Low",
"Public": "20161122"
},
{
"ID": "BDU:2018-01516",
"CVSS": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"CVSS3": "AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2018-01516",
"Impact": "Low",
"Public": "20180928"
},
{
"ID": "BDU:2019-03340",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-03340",
"Impact": "High",
"Public": "20180209"
}
],
"CVEs": [
{
"ID": "CVE-2014-8139",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-8139",
"Impact": "High",
"Public": "20200131"
},
{
"ID": "CVE-2014-8140",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-8140",
"Impact": "High",
"Public": "20200131"
},
{
"ID": "CVE-2014-8141",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-8141",
"Impact": "High",
"Public": "20200131"
},
{
"ID": "CVE-2014-9636",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-9636",
"Impact": "Low",
"Public": "20150206"
},
{
"ID": "CVE-2014-9913",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-9913",
"Impact": "Low",
"Public": "20170118"
},
{
"ID": "CVE-2015-7696",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-7696",
"Impact": "Low",
"Public": "20151106"
},
{
"ID": "CVE-2015-7697",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-7697",
"Impact": "Low",
"Public": "20151106"
},
{
"ID": "CVE-2016-9844",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9844",
"Impact": "Low",
"Public": "20170118"
},
{
"ID": "CVE-2018-1000035",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000035",
"Impact": "High",
"Public": "20180209"
},
{
"ID": "CVE-2018-18384",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18384",
"Impact": "Low",
"Public": "20181016"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20203281001",
"Comment": "unzip is earlier than 0:6.0-alt4"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink