pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b1153fc0bf
vuln-list-alt/oval/c10f1/ALT-PU-2022-2324/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

193 lines
8.0 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20222324",
"Version": "oval:org.altlinux.errata:def:20222324",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-2324: package `connman` update to version 1.41-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-2324",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-2324",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-06407",
"RefURL": "https://bdu.fstec.ru/vul/2021-06407",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03145",
"RefURL": "https://bdu.fstec.ru/vul/2022-03145",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03146",
"RefURL": "https://bdu.fstec.ru/vul/2022-03146",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03147",
"RefURL": "https://bdu.fstec.ru/vul/2022-03147",
"Source": "BDU"
},
{
"RefID": "CVE-2021-33833",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-33833",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23096",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23096",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23097",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23097",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23098",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23098",
"Source": "CVE"
}
],
"Description": "This update upgrades connman to version 1.41-alt1. \nSecurity Fix(es):\n\n * BDU:2021-06407: Уязвимость пакета dnsproxy диспетчера соединений Connman, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-03145: Уязвимость пакета dnsproxy диспетчера соединений Connman, позволяющая нарушителю вызвать отказ в обслуживании или раскрыть защищаемую информацию\n\n * BDU:2022-03146: Уязвимость пакета dnsproxy диспетчера соединений Connman, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании\n\n * BDU:2022-03147: Уязвимость пакета dnsproxy диспетчера соединений Connman, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2021-33833: ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA).\n\n * CVE-2022-23096: An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.\n\n * CVE-2022-23097: An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.\n\n * CVE-2022-23098: An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-08-01"
},
"Updated": {
"Date": "2022-08-01"
},
"BDUs": [
{
"ID": "BDU:2021-06407",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-06407",
"Impact": "Critical",
"Public": "20210609"
},
{
"ID": "BDU:2022-03145",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2022-03145",
"Impact": "Critical",
"Public": "20220128"
},
{
"ID": "BDU:2022-03146",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2022-03146",
"Impact": "Critical",
"Public": "20220128"
},
{
"ID": "BDU:2022-03147",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2022-03147",
"Impact": "High",
"Public": "20220128"
}
],
"CVEs": [
{
"ID": "CVE-2021-33833",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-33833",
"Impact": "Critical",
"Public": "20210609"
},
{
"ID": "CVE-2022-23096",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23096",
"Impact": "Critical",
"Public": "20220128"
},
{
"ID": "CVE-2022-23097",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23097",
"Impact": "Critical",
"Public": "20220128"
},
{
"ID": "CVE-2022-23098",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23098",
"Impact": "High",
"Public": "20220128"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20222324001",
"Comment": "connman is earlier than 0:1.41-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222324002",
"Comment": "connman-devel is earlier than 0:1.41-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222324003",
"Comment": "connman-docs is earlier than 0:1.41-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink