pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a538f1e924
vuln-list-alt/oval/p11/ALT-PU-2019-2558/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

398 lines
18 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20192558",
"Version": "oval:org.altlinux.errata:def:20192558",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-2558: package `qt4` update to version 4.8.7-alt17",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-2558",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-2558",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-00921",
"RefURL": "https://bdu.fstec.ru/vul/2019-00921",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00922",
"RefURL": "https://bdu.fstec.ru/vul/2019-00922",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00951",
"RefURL": "https://bdu.fstec.ru/vul/2019-00951",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03456",
"RefURL": "https://bdu.fstec.ru/vul/2021-03456",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03457",
"RefURL": "https://bdu.fstec.ru/vul/2021-03457",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03458",
"RefURL": "https://bdu.fstec.ru/vul/2021-03458",
"Source": "BDU"
},
{
"RefID": "CVE-2018-15518",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-15518",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19869",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19869",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19870",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19870",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19871",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19871",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19872",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19872",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19873",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19873",
"Source": "CVE"
}
],
"Description": "This update upgrades qt4 to version 4.8.7-alt17. \nSecurity Fix(es):\n\n * BDU:2019-00921: Уязвимость функции QGifHandler кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-00922: Уязвимость функции QXMLStreamReader компонента QXmlStream кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании или получить несанкционированный доступ к информации\n\n * BDU:2019-00951: Уязвимость класса QBmpHandler кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании или получить несанкционированный доступ к информации\n\n * BDU:2021-03456: Уязвимость компонента qsvghandler.cpp кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с недостатком механизма проверки вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-03457: Уязвимость компонента QTgaFile кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибкой механизма контроля расходуемых ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-03458: Уязвимость компонента qppmhandler.cpp кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с делением на ноль, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2018-15518: QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.\n\n * CVE-2018-19869: An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.\n\n * CVE-2018-19870: An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.\n\n * CVE-2018-19871: An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.\n\n * CVE-2018-19872: An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.\n\n * CVE-2018-19873: An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-08-28"
},
"Updated": {
"Date": "2019-08-28"
},
"BDUs": [
{
"ID": "BDU:2019-00921",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2019-00921",
"Impact": "High",
"Public": "20190222"
},
{
"ID": "BDU:2019-00922",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-415",
"Href": "https://bdu.fstec.ru/vul/2019-00922",
"Impact": "High",
"Public": "20181226"
},
{
"ID": "BDU:2019-00951",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-00951",
"Impact": "High",
"Public": "20190222"
},
{
"ID": "BDU:2021-03456",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2021-03456",
"Impact": "Low",
"Public": "20180709"
},
{
"ID": "BDU:2021-03457",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2021-03457",
"Impact": "Low",
"Public": "20180824"
},
{
"ID": "BDU:2021-03458",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2021-03458",
"Impact": "Low",
"Public": "20180713"
}
],
"CVEs": [
{
"ID": "CVE-2018-15518",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-415",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-15518",
"Impact": "High",
"Public": "20181226"
},
{
"ID": "CVE-2018-19869",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19869",
"Impact": "Low",
"Public": "20181226"
},
{
"ID": "CVE-2018-19870",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19870",
"Impact": "High",
"Public": "20181226"
},
{
"ID": "CVE-2018-19871",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19871",
"Impact": "Low",
"Public": "20181226"
},
{
"ID": "CVE-2018-19872",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19872",
"Impact": "Low",
"Public": "20190321"
},
{
"ID": "CVE-2018-19873",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19873",
"Impact": "Critical",
"Public": "20181226"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20192558001",
"Comment": "libqt4 is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558002",
"Comment": "libqt4-clucene is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558003",
"Comment": "libqt4-core is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558004",
"Comment": "libqt4-dbus is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558005",
"Comment": "libqt4-declarative is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558006",
"Comment": "libqt4-designer is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558007",
"Comment": "libqt4-devel is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558008",
"Comment": "libqt4-gui is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558009",
"Comment": "libqt4-help is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558010",
"Comment": "libqt4-multimedia is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558011",
"Comment": "libqt4-network is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558012",
"Comment": "libqt4-opengl is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558013",
"Comment": "libqt4-qt3support is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558014",
"Comment": "libqt4-script is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558015",
"Comment": "libqt4-scripttools is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558016",
"Comment": "libqt4-sql is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558017",
"Comment": "libqt4-sql-interbase is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558018",
"Comment": "libqt4-sql-mysql is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558019",
"Comment": "libqt4-sql-odbc is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558020",
"Comment": "libqt4-sql-postgresql is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558021",
"Comment": "libqt4-sql-sqlite is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558022",
"Comment": "libqt4-sql-sqlite2 is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558023",
"Comment": "libqt4-svg is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558024",
"Comment": "libqt4-test is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558025",
"Comment": "libqt4-uitools is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558026",
"Comment": "libqt4-xml is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558027",
"Comment": "libqt4-xmlpatterns is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558028",
"Comment": "qt4 is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558029",
"Comment": "qt4-assistant is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558030",
"Comment": "qt4-common is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558031",
"Comment": "qt4-dbus is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558032",
"Comment": "qt4-designer is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558033",
"Comment": "qt4-devel is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558034",
"Comment": "qt4-doc is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558035",
"Comment": "qt4-doc-examples is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558036",
"Comment": "qt4-doc-examples-bin is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558037",
"Comment": "qt4-doc-examples-src is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558038",
"Comment": "qt4-doc-html is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558039",
"Comment": "qt4-qvfb is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558040",
"Comment": "qt4-sql is earlier than 0:4.8.7-alt17"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192558041",
"Comment": "rpm-macros-qt4 is earlier than 0:4.8.7-alt17"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink