pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2019-2337/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

385 lines
19 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20192337",
"Version": "oval:org.altlinux.errata:def:20192337",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-2337: package `libopenjpeg` update to version 1.5.2-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-2337",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-2337",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-06455",
"RefURL": "https://bdu.fstec.ru/vul/2015-06455",
"Source": "BDU"
},
{
"RefID": "BDU:2015-06456",
"RefURL": "https://bdu.fstec.ru/vul/2015-06456",
"Source": "BDU"
},
{
"RefID": "BDU:2015-06457",
"RefURL": "https://bdu.fstec.ru/vul/2015-06457",
"Source": "BDU"
},
{
"RefID": "BDU:2015-06458",
"RefURL": "https://bdu.fstec.ru/vul/2015-06458",
"Source": "BDU"
},
{
"RefID": "BDU:2015-08985",
"RefURL": "https://bdu.fstec.ru/vul/2015-08985",
"Source": "BDU"
},
{
"RefID": "BDU:2015-08986",
"RefURL": "https://bdu.fstec.ru/vul/2015-08986",
"Source": "BDU"
},
{
"RefID": "BDU:2015-08987",
"RefURL": "https://bdu.fstec.ru/vul/2015-08987",
"Source": "BDU"
},
{
"RefID": "BDU:2015-08988",
"RefURL": "https://bdu.fstec.ru/vul/2015-08988",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09665",
"RefURL": "https://bdu.fstec.ru/vul/2015-09665",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09686",
"RefURL": "https://bdu.fstec.ru/vul/2015-09686",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09772",
"RefURL": "https://bdu.fstec.ru/vul/2015-09772",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03505",
"RefURL": "https://bdu.fstec.ru/vul/2021-03505",
"Source": "BDU"
},
{
"RefID": "CVE-2009-5030",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2009-5030",
"Source": "CVE"
},
{
"RefID": "CVE-2012-1499",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2012-1499",
"Source": "CVE"
},
{
"RefID": "CVE-2012-3535",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2012-3535",
"Source": "CVE"
},
{
"RefID": "CVE-2013-1447",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1447",
"Source": "CVE"
},
{
"RefID": "CVE-2013-4289",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-4289",
"Source": "CVE"
},
{
"RefID": "CVE-2013-4290",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-4290",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6045",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6045",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6052",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6052",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6054",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6054",
"Source": "CVE"
},
{
"RefID": "CVE-2014-0158",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0158",
"Source": "CVE"
},
{
"RefID": "CVE-2016-9675",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9675",
"Source": "CVE"
},
{
"RefID": "CVE-2020-27814",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-27814",
"Source": "CVE"
}
],
"Description": "This update upgrades libopenjpeg to version 1.5.2-alt1. \nSecurity Fix(es):\n\n * BDU:2015-06455: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-06456: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-06457: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-06458: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08985: Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08986: Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08987: Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08988: Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09665: Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09686: Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09772: Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2021-03505: Уязвимость библиотеки для кодирования и декодирования изображений OpenJPEG, связанная с переполнением буфера кучи, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2009-5030: The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an \"invalid free.\"\n\n * CVE-2012-1499: The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka \"out-of heap-based buffer write.\"\n\n * CVE-2012-3535: Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.\n\n * CVE-2013-1447: OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors.\n\n * CVE-2013-4289: Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow.\n\n * CVE-2013-4290: Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c.\n\n * CVE-2013-6045: Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors.\n\n * CVE-2013-6052: OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.\n\n * CVE-2013-6054: Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045.\n\n * CVE-2014-0158: Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only \"null pointer dereferences, division by zero, and anything that would just fit as DoS.\"\n\n * CVE-2016-9675: openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.\n\n * CVE-2020-27814: A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-07-31"
},
"Updated": {
"Date": "2019-07-31"
},
"BDUs": [
{
"ID": "BDU:2015-06455",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-06455",
"Impact": "Critical",
"Public": "20131217"
},
{
"ID": "BDU:2015-06456",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-06456",
"Impact": "Critical",
"Public": "20131217"
},
{
"ID": "BDU:2015-06457",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-06457",
"Impact": "Critical",
"Public": "20131217"
},
{
"ID": "BDU:2015-06458",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-06458",
"Impact": "Critical",
"Public": "20131217"
},
{
"ID": "BDU:2015-08985",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-08985",
"Impact": "Critical",
"Public": "20131217"
},
{
"ID": "BDU:2015-08986",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-08986",
"Impact": "Critical",
"Public": "20131217"
},
{
"ID": "BDU:2015-08987",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-08987",
"Impact": "Critical",
"Public": "20131217"
},
{
"ID": "BDU:2015-08988",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-08988",
"Impact": "Critical",
"Public": "20131217"
},
{
"ID": "BDU:2015-09665",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-09665",
"Impact": "Critical",
"Public": "20120621"
},
{
"ID": "BDU:2015-09686",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-09686",
"Impact": "Critical",
"Public": "20131010"
},
{
"ID": "BDU:2015-09772",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-09772",
"Impact": "Critical",
"Public": "20141213"
},
{
"ID": "BDU:2021-03505",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-122",
"Href": "https://bdu.fstec.ru/vul/2021-03505",
"Impact": "High",
"Public": "20201123"
}
],
"CVEs": [
{
"ID": "CVE-2009-5030",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2009-5030",
"Impact": "Low",
"Public": "20120718"
},
{
"ID": "CVE-2012-1499",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2012-1499",
"Impact": "Critical",
"Public": "20120411"
},
{
"ID": "CVE-2012-3535",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2012-3535",
"Impact": "Low",
"Public": "20120905"
},
{
"ID": "CVE-2013-1447",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-1447",
"Impact": "Low",
"Public": "20131212"
},
{
"ID": "CVE-2013-4289",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-189",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-4289",
"Impact": "Critical",
"Public": "20140418"
},
{
"ID": "CVE-2013-4290",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-4290",
"Impact": "Critical",
"Public": "20140418"
},
{
"ID": "CVE-2013-6045",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6045",
"Impact": "High",
"Public": "20131212"
},
{
"ID": "CVE-2013-6052",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6052",
"Impact": "Low",
"Public": "20131212"
},
{
"ID": "CVE-2013-6054",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6054",
"Impact": "High",
"Public": "20131212"
},
{
"ID": "CVE-2014-0158",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0158",
"Impact": "High",
"Public": "20180410"
},
{
"ID": "CVE-2016-9675",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9675",
"Impact": "High",
"Public": "20161222"
},
{
"ID": "CVE-2020-27814",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-27814",
"Impact": "High",
"Public": "20210126"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20192337001",
"Comment": "libopenjpeg-devel is earlier than 0:1.5.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192337002",
"Comment": "libopenjpeg5 is earlier than 0:1.5.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192337003",
"Comment": "openjpeg-tools is earlier than 0:1.5.2-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink