99 lines
3.4 KiB
JSON
99 lines
3.4 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20151845",
|
|
"Version": "oval:org.altlinux.errata:def:20151845",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2015-1845: package `tar` update to version 1.28.0.32.cdf41c-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p11"
|
|
],
|
|
"Products": [
|
|
"ALT Container"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2015-1845",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2015-1845",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2019-03749",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2019-03749",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2016-6321",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-6321",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades tar to version 1.28.0.32.cdf41c-alt1. \nSecurity Fix(es):\n\n * BDU:2019-03749: Уязвимость функции safer_name_suffix архиватора GNU Tar, позволяющая нарушителю обойти предполагаемый механизм защиты и произвести запись в произвольные файлы\n\n * CVE-2016-6321: Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2015-10-09"
|
|
},
|
|
"Updated": {
|
|
"Date": "2015-10-09"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2019-03749",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
|
|
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
|
"CWE": "CWE-22",
|
|
"Href": "https://bdu.fstec.ru/vul/2019-03749",
|
|
"Impact": "High",
|
|
"Public": "20160912"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2016-6321",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
|
"CWE": "CWE-22",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-6321",
|
|
"Impact": "High",
|
|
"Public": "20161209"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:container:11"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151845001",
|
|
"Comment": "tar is earlier than 0:1.28.0.32.cdf41c-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |