pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
af2f8b3981
vuln-list-alt/oval/p10/ALT-PU-2021-1491/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

237 lines
10 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20211491",
"Version": "oval:org.altlinux.errata:def:20211491",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-1491: package `python3-module-Pillow` update to version 8.1.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-1491",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1491",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-05182",
"RefURL": "https://bdu.fstec.ru/vul/2021-05182",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02667",
"RefURL": "https://bdu.fstec.ru/vul/2022-02667",
"Source": "BDU"
},
{
"RefID": "CVE-2021-25289",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-25289",
"Source": "CVE"
},
{
"RefID": "CVE-2021-25290",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-25290",
"Source": "CVE"
},
{
"RefID": "CVE-2021-25291",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-25291",
"Source": "CVE"
},
{
"RefID": "CVE-2021-25292",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-25292",
"Source": "CVE"
},
{
"RefID": "CVE-2021-25293",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-25293",
"Source": "CVE"
},
{
"RefID": "CVE-2021-27921",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-27921",
"Source": "CVE"
},
{
"RefID": "CVE-2021-27922",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-27922",
"Source": "CVE"
},
{
"RefID": "CVE-2021-27923",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-27923",
"Source": "CVE"
}
],
"Description": "This update upgrades python3-module-Pillow to version 8.1.1-alt1. \nSecurity Fix(es):\n\n * BDU:2021-05182: Уязвимость компонента TiffDecode.c библиотеки для работы с изображениями Pillow, связанная с записью за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02667: Уязвимость библиотеки для работы с изображениями Pillow, вызванная переполнением буфера в динамической памяти, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации\n\n * CVE-2021-25289: An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.\n\n * CVE-2021-25290: An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.\n\n * CVE-2021-25291: An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.\n\n * CVE-2021-25292: An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.\n\n * CVE-2021-25293: An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.\n\n * CVE-2021-27921: Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.\n\n * CVE-2021-27922: Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.\n\n * CVE-2021-27923: Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-03-16"
},
"Updated": {
"Date": "2021-03-16"
},
"BDUs": [
{
"ID": "BDU:2021-05182",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-05182",
"Impact": "High",
"Public": "20210301"
},
{
"ID": "BDU:2022-02667",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-02667",
"Impact": "Critical",
"Public": "20210714"
}
],
"CVEs": [
{
"ID": "CVE-2021-25289",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-25289",
"Impact": "Critical",
"Public": "20210319"
},
{
"ID": "CVE-2021-25290",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-25290",
"Impact": "High",
"Public": "20210319"
},
{
"ID": "CVE-2021-25291",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-25291",
"Impact": "High",
"Public": "20210319"
},
{
"ID": "CVE-2021-25292",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-1333",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-25292",
"Impact": "Low",
"Public": "20210319"
},
{
"ID": "CVE-2021-25293",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-25293",
"Impact": "High",
"Public": "20210319"
},
{
"ID": "CVE-2021-27921",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-27921",
"Impact": "High",
"Public": "20210303"
},
{
"ID": "CVE-2021-27922",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-27922",
"Impact": "High",
"Public": "20210303"
},
{
"ID": "CVE-2021-27923",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-27923",
"Impact": "High",
"Public": "20210303"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20211491001",
"Comment": "python3-module-Pillow is earlier than 0:8.1.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink