pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a538f1e924
vuln-list-alt/oval/p11/ALT-PU-2017-2438/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

280 lines
12 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20172438",
"Version": "oval:org.altlinux.errata:def:20172438",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2017-2438: package `xorg-server` update to version 1.19.5-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2017-2438",
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-2438",
"Source": "ALTPU"
},
{
"RefID": "CVE-2017-12176",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12176",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12177",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12177",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12178",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12178",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12179",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12179",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12180",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12180",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12181",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12181",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12182",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12182",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12183",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12183",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12184",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12184",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12185",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12185",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12186",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12186",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12187",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12187",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2624",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2624",
"Source": "CVE"
}
],
"Description": "This update upgrades xorg-server to version 1.19.5-alt1. \nSecurity Fix(es):\n\n * CVE-2017-12176: xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.\n\n * CVE-2017-12177: xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.\n\n * CVE-2017-12178: xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.\n\n * CVE-2017-12179: xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.\n\n * CVE-2017-12180: xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.\n\n * CVE-2017-12181: xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.\n\n * CVE-2017-12182: xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.\n\n * CVE-2017-12183: xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.\n\n * CVE-2017-12184: xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.\n\n * CVE-2017-12185: xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.\n\n * CVE-2017-12186: xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.\n\n * CVE-2017-12187: xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.\n\n * CVE-2017-2624: It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2017-10-16"
},
"Updated": {
"Date": "2017-10-16"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2017-12176",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12176",
"Impact": "Critical",
"Public": "20180124"
},
{
"ID": "CVE-2017-12177",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12177",
"Impact": "Critical",
"Public": "20180124"
},
{
"ID": "CVE-2017-12178",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12178",
"Impact": "Critical",
"Public": "20180124"
},
{
"ID": "CVE-2017-12179",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12179",
"Impact": "Critical",
"Public": "20180124"
},
{
"ID": "CVE-2017-12180",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12180",
"Impact": "Critical",
"Public": "20180124"
},
{
"ID": "CVE-2017-12181",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12181",
"Impact": "Critical",
"Public": "20180124"
},
{
"ID": "CVE-2017-12182",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12182",
"Impact": "Critical",
"Public": "20180124"
},
{
"ID": "CVE-2017-12183",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12183",
"Impact": "Critical",
"Public": "20180124"
},
{
"ID": "CVE-2017-12184",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12184",
"Impact": "Critical",
"Public": "20180124"
},
{
"ID": "CVE-2017-12185",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12185",
"Impact": "Critical",
"Public": "20180124"
},
{
"ID": "CVE-2017-12186",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12186",
"Impact": "Critical",
"Public": "20180124"
},
{
"ID": "CVE-2017-12187",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12187",
"Impact": "Critical",
"Public": "20180124"
},
{
"ID": "CVE-2017-2624",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2624",
"Impact": "High",
"Public": "20180727"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20172438001",
"Comment": "xorg-sdk is earlier than 2:1.19.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172438002",
"Comment": "xorg-server is earlier than 2:1.19.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172438003",
"Comment": "xorg-server-common is earlier than 2:1.19.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172438004",
"Comment": "xorg-xdmx is earlier than 2:1.19.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172438005",
"Comment": "xorg-xephyr is earlier than 2:1.19.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172438006",
"Comment": "xorg-xnest is earlier than 2:1.19.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172438007",
"Comment": "xorg-xvfb is earlier than 2:1.19.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172438008",
"Comment": "xorg-xwayland is earlier than 2:1.19.5-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink