vuln-list-alt/oval/p11/ALT-PU-2020-3354/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20203354",
      "Version": "oval:org.altlinux.errata:def:20203354",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2020-3354: package `libgdk-pixbuf` update to version 2.42.0-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2020-3354",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2020-3354",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2021-04598",
            "RefURL": "https://bdu.fstec.ru/vul/2021-04598",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2021-20240",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20240",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades libgdk-pixbuf to version 2.42.0-alt1. \nSecurity Fix(es):\n\n * BDU:2021-04598: Уязвимость библиотеки загрузки изображений GdkPixbuf, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2021-20240: A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2020-11-18"
          },
          "Updated": {
            "Date": "2020-11-18"
          },
          "BDUs": [
            {
              "ID": "BDU:2021-04598",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
              "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "CWE": "CWE-787",
              "Href": "https://bdu.fstec.ru/vul/2021-04598",
              "Impact": "High",
              "Public": "20191006"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2021-20240",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20240",
              "Impact": "High",
              "Public": "20210528"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203354001",
                "Comment": "libgdk-pixbuf is earlier than 0:2.42.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203354002",
                "Comment": "libgdk-pixbuf-devel is earlier than 0:2.42.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203354003",
                "Comment": "libgdk-pixbuf-devel-doc is earlier than 0:2.42.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203354004",
                "Comment": "libgdk-pixbuf-gir is earlier than 0:2.42.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203354005",
                "Comment": "libgdk-pixbuf-gir-devel is earlier than 0:2.42.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203354006",
                "Comment": "libgdk-pixbuf-locales is earlier than 0:2.42.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203354007",
                "Comment": "libgdk-pixbuf-tests is earlier than 0:2.42.0-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}