pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2017-1685/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

504 lines
23 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20171685",
"Version": "oval:org.altlinux.errata:def:20171685",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2017-1685: package `vlc` update to version 3.0.0-alt1.git7b57ce6",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2017-1685",
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-1685",
"Source": "ALTPU"
},
{
"RefID": "BDU:2017-01634",
"RefURL": "https://bdu.fstec.ru/vul/2017-01634",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04176",
"RefURL": "https://bdu.fstec.ru/vul/2019-04176",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04182",
"RefURL": "https://bdu.fstec.ru/vul/2019-04182",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04247",
"RefURL": "https://bdu.fstec.ru/vul/2019-04247",
"Source": "BDU"
},
{
"RefID": "CVE-2017-10699",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10699",
"Source": "CVE"
},
{
"RefID": "CVE-2017-17670",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-17670",
"Source": "CVE"
},
{
"RefID": "CVE-2017-8310",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8310",
"Source": "CVE"
},
{
"RefID": "CVE-2017-8311",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8311",
"Source": "CVE"
},
{
"RefID": "CVE-2017-8312",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8312",
"Source": "CVE"
},
{
"RefID": "CVE-2017-8313",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8313",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9300",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9300",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9301",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9301",
"Source": "CVE"
},
{
"RefID": "CVE-2018-11529",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-11529",
"Source": "CVE"
}
],
"Description": "This update upgrades vlc to version 3.0.0-alt1.git7b57ce6. \nSecurity Fix(es):\n\n * BDU:2017-01634: Уязвимость кодека avcodec медиаплеера VideoLAN Media Player, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2019-04176: Уязвимость компонента ParseJSS программы-медиапроигрывателя VideoLAN VLC, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2019-04182: Уязвимость библиотеки plugins\\codec\\libflac_plugin.dll программы-медиапроигрывателя VideoLAN VLC, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2019-04247: Уязвимость программы-медиапроигрывателя VideoLAN VLC, связанная с использованием памяти после ее освобождения, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2017-10699: avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.\n\n * CVE-2017-17670: In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.\n\n * CVE-2017-8310: Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.\n\n * CVE-2017-8311: Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.\n\n * CVE-2017-8312: Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.\n\n * CVE-2017-8313: Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.\n\n * CVE-2017-9300: plugins\\codec\\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.\n\n * CVE-2017-9301: plugins\\audio_filter\\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.\n\n * CVE-2018-11529: VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2017-06-02"
},
"Updated": {
"Date": "2017-06-02"
},
"BDUs": [
{
"ID": "BDU:2017-01634",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-125, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2017-01634",
"Impact": "High",
"Public": "20170630"
},
{
"ID": "BDU:2019-04176",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-04176",
"Impact": "Low",
"Public": "20170523"
},
{
"ID": "BDU:2019-04182",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-04182",
"Impact": "High",
"Public": "20170529"
},
{
"ID": "BDU:2019-04247",
"CVSS": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2019-04247",
"Impact": "High",
"Public": "20180711"
}
],
"CVEs": [
{
"ID": "CVE-2017-10699",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10699",
"Impact": "Critical",
"Public": "20170630"
},
{
"ID": "CVE-2017-17670",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-17670",
"Impact": "High",
"Public": "20171215"
},
{
"ID": "CVE-2017-8310",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-8310",
"Impact": "Low",
"Public": "20170523"
},
{
"ID": "CVE-2017-8311",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-8311",
"Impact": "High",
"Public": "20170523"
},
{
"ID": "CVE-2017-8312",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-8312",
"Impact": "Low",
"Public": "20170523"
},
{
"ID": "CVE-2017-8313",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-8313",
"Impact": "Low",
"Public": "20170523"
},
{
"ID": "CVE-2017-9300",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9300",
"Impact": "High",
"Public": "20170529"
},
{
"ID": "CVE-2017-9301",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9301",
"Impact": "High",
"Public": "20170529"
},
{
"ID": "CVE-2018-11529",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-11529",
"Impact": "High",
"Public": "20180711"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20171685001",
"Comment": "fortunes-vlc is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685002",
"Comment": "libvlc is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685003",
"Comment": "libvlc-devel is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685004",
"Comment": "vim-plugin-vlc-syntax is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685005",
"Comment": "vlc is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685006",
"Comment": "vlc-interface-lirc is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685007",
"Comment": "vlc-interface-ncurses is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685008",
"Comment": "vlc-interface-qt is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685009",
"Comment": "vlc-interface-skins2 is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685010",
"Comment": "vlc-maxi is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685011",
"Comment": "vlc-mini is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685012",
"Comment": "vlc-plugin-aa is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685013",
"Comment": "vlc-plugin-ass is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685014",
"Comment": "vlc-plugin-audiocd is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685015",
"Comment": "vlc-plugin-bluray is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685016",
"Comment": "vlc-plugin-caca is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685017",
"Comment": "vlc-plugin-chromaprint is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685018",
"Comment": "vlc-plugin-dbus is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685019",
"Comment": "vlc-plugin-dv is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685020",
"Comment": "vlc-plugin-dvdnav is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685021",
"Comment": "vlc-plugin-dvdread is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685022",
"Comment": "vlc-plugin-ffmpeg is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685023",
"Comment": "vlc-plugin-flac is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685024",
"Comment": "vlc-plugin-fluidsynth is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685025",
"Comment": "vlc-plugin-framebuffer is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685026",
"Comment": "vlc-plugin-freetype is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685027",
"Comment": "vlc-plugin-globalhotkeys is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685028",
"Comment": "vlc-plugin-gnutls is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685029",
"Comment": "vlc-plugin-goom is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685030",
"Comment": "vlc-plugin-h264 is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685031",
"Comment": "vlc-plugin-h265 is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685032",
"Comment": "vlc-plugin-jack is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685033",
"Comment": "vlc-plugin-linsys is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685034",
"Comment": "vlc-plugin-live555 is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685035",
"Comment": "vlc-plugin-matroska is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685036",
"Comment": "vlc-plugin-modplug is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685037",
"Comment": "vlc-plugin-mpeg2 is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685038",
"Comment": "vlc-plugin-mtp is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685039",
"Comment": "vlc-plugin-musepack is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685040",
"Comment": "vlc-plugin-notify is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685041",
"Comment": "vlc-plugin-ogg is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685042",
"Comment": "vlc-plugin-opus is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685043",
"Comment": "vlc-plugin-png is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685044",
"Comment": "vlc-plugin-podcast is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685045",
"Comment": "vlc-plugin-projectm is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685046",
"Comment": "vlc-plugin-pulseaudio is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685047",
"Comment": "vlc-plugin-realrtsp is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685048",
"Comment": "vlc-plugin-schroedinger is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685049",
"Comment": "vlc-plugin-shout is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685050",
"Comment": "vlc-plugin-smb is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685051",
"Comment": "vlc-plugin-speex is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685052",
"Comment": "vlc-plugin-svg is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685053",
"Comment": "vlc-plugin-taglib is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685054",
"Comment": "vlc-plugin-theora is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685055",
"Comment": "vlc-plugin-twolame is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685056",
"Comment": "vlc-plugin-upnp is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685057",
"Comment": "vlc-plugin-v4l is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685058",
"Comment": "vlc-plugin-videocd is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685059",
"Comment": "vlc-plugin-vpx is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685060",
"Comment": "vlc-plugin-xcb is earlier than 0:3.0.0-alt1.git7b57ce6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171685061",
"Comment": "vlc-plugin-xml is earlier than 0:3.0.0-alt1.git7b57ce6"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink