pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2023-1178/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

207 lines
9.5 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20231178",
"Version": "oval:org.altlinux.errata:def:20231178",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-1178: package `arm-none-eabi-binutils` update to version 2.39-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-1178",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-1178",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-00594",
"RefURL": "https://bdu.fstec.ru/vul/2022-00594",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05843",
"RefURL": "https://bdu.fstec.ru/vul/2022-05843",
"Source": "BDU"
},
{
"RefID": "CVE-2020-16590",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-16590",
"Source": "CVE"
},
{
"RefID": "CVE-2020-16591",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-16591",
"Source": "CVE"
},
{
"RefID": "CVE-2020-16593",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-16593",
"Source": "CVE"
},
{
"RefID": "CVE-2020-16599",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-16599",
"Source": "CVE"
},
{
"RefID": "CVE-2021-20197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20197",
"Source": "CVE"
},
{
"RefID": "CVE-2021-20294",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20294",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3487",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3487",
"Source": "CVE"
},
{
"RefID": "CVE-2021-45078",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-45078",
"Source": "CVE"
}
],
"Description": "This update upgrades arm-none-eabi-binutils to version 2.39-alt1. \nSecurity Fix(es):\n\n * BDU:2022-00594: Уязвимость функции stab_xcoff_builtin_type (stabs.c) набора инструментального программного обеспечения GNU Binary Utilities, связанная с записью за границами буфера, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-05843: Уязвимость функции read_section() компонента dwarf2.c программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2020-16590: A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.\n\n * CVE-2020-16591: A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.\n\n * CVE-2020-16593: A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.\n\n * CVE-2020-16599: A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.\n\n * CVE-2021-20197: There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.\n\n * CVE-2021-20294: A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.\n\n * CVE-2021-3487: Rejected reason: Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt\n\n * CVE-2021-45078: stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-02-04"
},
"Updated": {
"Date": "2023-02-04"
},
"BDUs": [
{
"ID": "BDU:2022-00594",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-00594",
"Impact": "High",
"Public": "20220107"
},
{
"ID": "BDU:2022-05843",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2022-05843",
"Impact": "Low",
"Public": "20201125"
}
],
"CVEs": [
{
"ID": "CVE-2020-16590",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-415",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-16590",
"Impact": "Low",
"Public": "20201209"
},
{
"ID": "CVE-2020-16591",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-16591",
"Impact": "Low",
"Public": "20201209"
},
{
"ID": "CVE-2020-16593",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-16593",
"Impact": "Low",
"Public": "20201209"
},
{
"ID": "CVE-2020-16599",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-16599",
"Impact": "Low",
"Public": "20201209"
},
{
"ID": "CVE-2021-20197",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20197",
"Impact": "Low",
"Public": "20210326"
},
{
"ID": "CVE-2021-20294",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20294",
"Impact": "High",
"Public": "20210429"
},
{
"ID": "CVE-2021-3487",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3487",
"Impact": "None",
"Public": "20210415"
},
{
"ID": "CVE-2021-45078",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-45078",
"Impact": "High",
"Public": "20211215"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20231178001",
"Comment": "arm-none-eabi-binutils is earlier than 0:2.39-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink