pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2019-3282/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

455 lines
23 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20193282",
"Version": "oval:org.altlinux.errata:def:20193282",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-3282: package `unbound` update to version 1.9.6-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-3282",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-3282",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-05799",
"RefURL": "https://bdu.fstec.ru/vul/2021-05799",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05838",
"RefURL": "https://bdu.fstec.ru/vul/2021-05838",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05865",
"RefURL": "https://bdu.fstec.ru/vul/2021-05865",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05875",
"RefURL": "https://bdu.fstec.ru/vul/2021-05875",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05909",
"RefURL": "https://bdu.fstec.ru/vul/2021-05909",
"Source": "BDU"
},
{
"RefID": "BDU:2021-06226",
"RefURL": "https://bdu.fstec.ru/vul/2021-06226",
"Source": "BDU"
},
{
"RefID": "BDU:2021-06245",
"RefURL": "https://bdu.fstec.ru/vul/2021-06245",
"Source": "BDU"
},
{
"RefID": "BDU:2021-06246",
"RefURL": "https://bdu.fstec.ru/vul/2021-06246",
"Source": "BDU"
},
{
"RefID": "BDU:2021-06248",
"RefURL": "https://bdu.fstec.ru/vul/2021-06248",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06879",
"RefURL": "https://bdu.fstec.ru/vul/2022-06879",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06882",
"RefURL": "https://bdu.fstec.ru/vul/2022-06882",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06885",
"RefURL": "https://bdu.fstec.ru/vul/2022-06885",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06886",
"RefURL": "https://bdu.fstec.ru/vul/2022-06886",
"Source": "BDU"
},
{
"RefID": "CVE-2019-18934",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-18934",
"Source": "CVE"
},
{
"RefID": "CVE-2019-25031",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25031",
"Source": "CVE"
},
{
"RefID": "CVE-2019-25032",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25032",
"Source": "CVE"
},
{
"RefID": "CVE-2019-25033",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25033",
"Source": "CVE"
},
{
"RefID": "CVE-2019-25034",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25034",
"Source": "CVE"
},
{
"RefID": "CVE-2019-25035",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25035",
"Source": "CVE"
},
{
"RefID": "CVE-2019-25036",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25036",
"Source": "CVE"
},
{
"RefID": "CVE-2019-25037",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25037",
"Source": "CVE"
},
{
"RefID": "CVE-2019-25038",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25038",
"Source": "CVE"
},
{
"RefID": "CVE-2019-25039",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25039",
"Source": "CVE"
},
{
"RefID": "CVE-2019-25040",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25040",
"Source": "CVE"
},
{
"RefID": "CVE-2019-25041",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25041",
"Source": "CVE"
},
{
"RefID": "CVE-2019-25042",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-25042",
"Source": "CVE"
}
],
"Description": "This update upgrades unbound to version 1.9.6-alt1. \nSecurity Fix(es):\n\n * BDU:2021-05799: Уязвимость функции sldns_str2wire_dname_buf_origin DNS-сервера Unbound, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-05838: Уязвимость функции rdata_copy DNS-сервера Unbound, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-05865: Уязвимость макроса ALIGN_UP DNS-сервера Unbound, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-05875: Уязвимость функции dname_pkt_copy DNS-сервера Unbound, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-05909: Уязвимость функции ub_packed_rrset_key DNS-сервера Unbound, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-06226: Уязвимость функции synth_cname() DNS-сервера Unbound, связанная с недостатком использования функции assert(), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-06245: Уязвимость функции dnsc_load_local_data DNS-сервера Unbound, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2021-06246: Уязвимость функции dname_pkt_copy DNS-сервера Unbound, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-06248: Уязвимость функции dname_pkt_copy DNS-сервера Unbound, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06879: Уязвимость модуля ipsec DNS-сервера Unbound, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-06882: Уязвимость компонента create_unbound_ad_servers.sh DNS-сервера Unbound, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2022-06885: Уязвимость функции sldns_bget_token_par DNS-сервера Unbound, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-06886: Уязвимость функции regional_alloc компонента util/regional.c DNS-сервера Unbound, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2019-18934: Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.\n\n * CVE-2019-25031: Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation\n\n * CVE-2019-25032: Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25033: Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25034: Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25035: Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25036: Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25037: Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25038: Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25039: Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25040: Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25041: Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited\n\n * CVE-2019-25042: Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-12-13"
},
"Updated": {
"Date": "2019-12-13"
},
"BDUs": [
{
"ID": "BDU:2021-05799",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-05799",
"Impact": "Critical",
"Public": "20191211"
},
{
"ID": "BDU:2021-05838",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-05838",
"Impact": "Critical",
"Public": "20191211"
},
{
"ID": "BDU:2021-05865",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-05865",
"Impact": "Critical",
"Public": "20191211"
},
{
"ID": "BDU:2021-05875",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://bdu.fstec.ru/vul/2021-05875",
"Impact": "High",
"Public": "20191211"
},
{
"ID": "BDU:2021-05909",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-05909",
"Impact": "Critical",
"Public": "20191211"
},
{
"ID": "BDU:2021-06226",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://bdu.fstec.ru/vul/2021-06226",
"Impact": "High",
"Public": "20191211"
},
{
"ID": "BDU:2021-06245",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-06245",
"Impact": "Critical",
"Public": "20191211"
},
{
"ID": "BDU:2021-06246",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://bdu.fstec.ru/vul/2021-06246",
"Impact": "High",
"Public": "20191211"
},
{
"ID": "BDU:2021-06248",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2021-06248",
"Impact": "High",
"Public": "20191211"
},
{
"ID": "BDU:2022-06879",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-78",
"Href": "https://bdu.fstec.ru/vul/2022-06879",
"Impact": "High",
"Public": "20191119"
},
{
"ID": "BDU:2022-06882",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-74",
"Href": "https://bdu.fstec.ru/vul/2022-06882",
"Impact": "Low",
"Public": "20190911"
},
{
"ID": "BDU:2022-06885",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-06885",
"Impact": "Critical",
"Public": "20190911"
},
{
"ID": "BDU:2022-06886",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-06886",
"Impact": "Critical",
"Public": "20190911"
}
],
"CVEs": [
{
"ID": "CVE-2019-18934",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-78",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-18934",
"Impact": "High",
"Public": "20191119"
},
{
"ID": "CVE-2019-25031",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-74",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25031",
"Impact": "Low",
"Public": "20210427"
},
{
"ID": "CVE-2019-25032",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25032",
"Impact": "Critical",
"Public": "20210427"
},
{
"ID": "CVE-2019-25033",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25033",
"Impact": "Critical",
"Public": "20210427"
},
{
"ID": "CVE-2019-25034",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25034",
"Impact": "Critical",
"Public": "20210427"
},
{
"ID": "CVE-2019-25035",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25035",
"Impact": "Critical",
"Public": "20210427"
},
{
"ID": "CVE-2019-25036",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25036",
"Impact": "High",
"Public": "20210427"
},
{
"ID": "CVE-2019-25037",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25037",
"Impact": "High",
"Public": "20210427"
},
{
"ID": "CVE-2019-25038",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25038",
"Impact": "Critical",
"Public": "20210427"
},
{
"ID": "CVE-2019-25039",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25039",
"Impact": "Critical",
"Public": "20210427"
},
{
"ID": "CVE-2019-25040",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25040",
"Impact": "High",
"Public": "20210427"
},
{
"ID": "CVE-2019-25041",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25041",
"Impact": "High",
"Public": "20210427"
},
{
"ID": "CVE-2019-25042",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-25042",
"Impact": "Critical",
"Public": "20210427"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20193282001",
"Comment": "libunbound is earlier than 0:1.9.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193282002",
"Comment": "libunbound-devel is earlier than 0:1.9.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193282003",
"Comment": "libunbound-devel-static is earlier than 0:1.9.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193282004",
"Comment": "python-module-unbound is earlier than 0:1.9.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193282005",
"Comment": "unbound is earlier than 0:1.9.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193282006",
"Comment": "unbound-control is earlier than 0:1.9.6-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink