pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a538f1e924
vuln-list-alt/oval/p11/ALT-PU-2024-8861/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

140 lines
6.2 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20248861",
"Version": "oval:org.altlinux.errata:def:20248861",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-8861: package `php8.3` update to version 8.3.8-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-8861",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-8861",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-04432",
"RefURL": "https://bdu.fstec.ru/vul/2024-04432",
"Source": "BDU"
},
{
"RefID": "CVE-2024-4577",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-4577",
"Source": "CVE"
},
{
"RefID": "CVE-2024-5458",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5458",
"Source": "CVE"
},
{
"RefID": "CVE-2024-5585",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5585",
"Source": "CVE"
}
],
"Description": "This update upgrades php8.3 to version 8.3.8-alt1. \nSecurity Fix(es):\n\n * BDU:2024-04432: Уязвимость интерпретатора языка программирования PHP, существующая из-за непринятия мер по нейтрализации специальных элементов, используемых в команде операционной системмы, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2024-4577: In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use \"Best-Fit\" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.\n\n * CVE-2024-5458: In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.\n\n * CVE-2024-5585: In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-06-13"
},
"Updated": {
"Date": "2024-06-13"
},
"BDUs": [
{
"ID": "BDU:2024-04432",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-78",
"Href": "https://bdu.fstec.ru/vul/2024-04432",
"Impact": "High",
"Public": "20240606"
}
],
"CVEs": [
{
"ID": "CVE-2024-4577",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-78",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4577",
"Impact": "Critical",
"Public": "20240609"
},
{
"ID": "CVE-2024-5458",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-345",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5458",
"Impact": "Low",
"Public": "20240609"
},
{
"ID": "CVE-2024-5585",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-116",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5585",
"Impact": "High",
"Public": "20240609"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20248861001",
"Comment": "php8.3 is earlier than 0:8.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248861002",
"Comment": "php8.3-devel is earlier than 0:8.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248861003",
"Comment": "php8.3-libs is earlier than 0:8.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248861004",
"Comment": "php8.3-mysqlnd is earlier than 0:8.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248861005",
"Comment": "rpm-build-php8.3-version is earlier than 0:8.3.8-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink