pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9e3addb072
vuln-list-alt/oval/p9/ALT-PU-2020-2232/definitions.json
pepelyaevip 9e3addb072 ALT Vulnerability
2024-01-10 07:45:25 +00:00

390 lines
19 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20202232",
"Version": "oval:org.altlinux.errata:def:20202232",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-2232: package `freerdp` update to version 2.1.2-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-2232",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-2232",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-01323",
"RefURL": "https://bdu.fstec.ru/vul/2021-01323",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01324",
"RefURL": "https://bdu.fstec.ru/vul/2021-01324",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01330",
"RefURL": "https://bdu.fstec.ru/vul/2021-01330",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01331",
"RefURL": "https://bdu.fstec.ru/vul/2021-01331",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01349",
"RefURL": "https://bdu.fstec.ru/vul/2021-01349",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01350",
"RefURL": "https://bdu.fstec.ru/vul/2021-01350",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01354",
"RefURL": "https://bdu.fstec.ru/vul/2021-01354",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01355",
"RefURL": "https://bdu.fstec.ru/vul/2021-01355",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03602",
"RefURL": "https://bdu.fstec.ru/vul/2021-03602",
"Source": "BDU"
},
{
"RefID": "CVE-2020-11095",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-11095",
"Source": "CVE"
},
{
"RefID": "CVE-2020-11096",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-11096",
"Source": "CVE"
},
{
"RefID": "CVE-2020-11097",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-11097",
"Source": "CVE"
},
{
"RefID": "CVE-2020-11098",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-11098",
"Source": "CVE"
},
{
"RefID": "CVE-2020-11099",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-11099",
"Source": "CVE"
},
{
"RefID": "CVE-2020-4030",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-4030",
"Source": "CVE"
},
{
"RefID": "CVE-2020-4031",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-4031",
"Source": "CVE"
},
{
"RefID": "CVE-2020-4032",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-4032",
"Source": "CVE"
},
{
"RefID": "CVE-2020-4033",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-4033",
"Source": "CVE"
}
],
"Description": "This update upgrades freerdp to version 2.1.2-alt1. \nSecurity Fix(es):\n\n * BDU:2021-01323: Уязвимость компонента RLEDECOMPRESS реализации протокола удалённого рабочего стола FreeRDP, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * BDU:2021-01324: Уязвимость компонента gdi_SelectObject реализации протокола удалённого рабочего стола FreeRDP, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2021-01330: Уязвимость функций работы с массивом PRIMARY_DRAWING_ORDER_FIELD_BYTES реализации протокола удалённого рабочего стола FreeRDP, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * BDU:2021-01331: Уязвимость функций работы с массивом PRIMARY_DRAWING_ORDER_FIELD_BYTES реализации протокола удалённого рабочего стола FreeRDP, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * BDU:2021-01349: Уязвимость компонента gdi_SelectObject реализации протокола удалённого рабочего стола FreeRDP, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01350: Уязвимость компонента TrioParse реализации протокола удалённого рабочего стола FreeRDP, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * BDU:2021-01354: Уязвимость компонента glyph_cache_put реализации протокола удалённого рабочего стола FreeRDP, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * BDU:2021-01355: Уязвимость компонентов реализации протокола удалённого рабочего стола FreeRDP, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * BDU:2021-03602: Уязвимость компонента license_read_new_or_upgrade_license_packet реализации протокола удалённого рабочего стола FreeRDP, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * CVE-2020-11095: In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.\n\n * CVE-2020-11096: In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2.\n\n * CVE-2020-11097: In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.\n\n * CVE-2020-11098: In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2.\n\n * CVE-2020-11099: In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2.\n\n * CVE-2020-4030: In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.\n\n * CVE-2020-4031: In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2.\n\n * CVE-2020-4032: In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2.\n\n * CVE-2020-4033: In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth \u003c 32 are affected. This is fixed in version 2.1.2.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2020-06-25"
},
"Updated": {
"Date": "2020-06-25"
},
"bdu": [
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"Cwe": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-01323",
"Impact": "Low",
"Public": "20200622",
"CveID": "BDU:2021-01323"
},
{
"Cvss": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"Cvss3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"Cwe": "CWE-681",
"Href": "https://bdu.fstec.ru/vul/2021-01324",
"Impact": "Low",
"Public": "20200622",
"CveID": "BDU:2021-01324"
},
{
"Cvss": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"Cvss3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"Cwe": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-01330",
"Impact": "Low",
"Public": "20200622",
"CveID": "BDU:2021-01330"
},
{
"Cvss": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"Cvss3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"Cwe": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-01331",
"Impact": "Low",
"Public": "20200622",
"CveID": "BDU:2021-01331"
},
{
"Cvss": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"Cwe": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-01349",
"Impact": "Low",
"Public": "20200622",
"CveID": "BDU:2021-01349"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"Cwe": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-01350",
"Impact": "Low",
"Public": "20200622",
"CveID": "BDU:2021-01350"
},
{
"Cvss": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"Cwe": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-01354",
"Impact": "Low",
"Public": "20200622",
"CveID": "BDU:2021-01354"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"Cwe": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-01355",
"Impact": "Low",
"Public": "20200622",
"CveID": "BDU:2021-01355"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"Cwe": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-03602",
"Impact": "Low",
"Public": "20200622",
"CveID": "BDU:2021-03602"
}
],
"Cves": [
{
"Cvss": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"Cwe": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-11095",
"Impact": "Low",
"Public": "20200622",
"CveID": "CVE-2020-11095"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"Cwe": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-11096",
"Impact": "Low",
"Public": "20200622",
"CveID": "CVE-2020-11096"
},
{
"Cvss": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"Cwe": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-11097",
"Impact": "Low",
"Public": "20200622",
"CveID": "CVE-2020-11097"
},
{
"Cvss": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"Cwe": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-11098",
"Impact": "Low",
"Public": "20200622",
"CveID": "CVE-2020-11098"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"Cwe": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-11099",
"Impact": "Low",
"Public": "20200622",
"CveID": "CVE-2020-11099"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"Cwe": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-4030",
"Impact": "Low",
"Public": "20200622",
"CveID": "CVE-2020-4030"
},
{
"Cvss": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-4031",
"Impact": "High",
"Public": "20200622",
"CveID": "CVE-2020-4031"
},
{
"Cvss": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"Cwe": "CWE-681",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-4032",
"Impact": "Low",
"Public": "20200622",
"CveID": "CVE-2020-4032"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"Cwe": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-4033",
"Impact": "Low",
"Public": "20200622",
"CveID": "CVE-2020-4033"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20202232001",
"Comment": "freerdp is earlier than 0:2.1.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202232002",
"Comment": "freerdp-plugins-standard is earlier than 0:2.1.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202232003",
"Comment": "freerdp-server is earlier than 0:2.1.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202232004",
"Comment": "libfreerdp is earlier than 0:2.1.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202232005",
"Comment": "libfreerdp-devel is earlier than 0:2.1.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202232006",
"Comment": "libfreerdp-server is earlier than 0:2.1.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202232007",
"Comment": "libuwac is earlier than 0:2.1.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202232008",
"Comment": "libuwac-devel is earlier than 0:2.1.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202232009",
"Comment": "libwinpr is earlier than 0:2.1.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202232010",
"Comment": "libwinpr-devel is earlier than 0:2.1.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202232011",
"Comment": "wlfreerdp is earlier than 0:2.1.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202232012",
"Comment": "xfreerdp is earlier than 0:2.1.2-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink