pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2024-12802/definitions.json
pepelyaevip 912b27fb15 ALT Vulnerability
2024-09-24 03:04:57 +00:00

199 lines
7.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202412802",
"Version": "oval:org.altlinux.errata:def:202412802",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-12802: package `ffmpeg` update to version 4.4.5-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-12802",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-12802",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-00245",
"RefURL": "https://bdu.fstec.ru/vul/2024-00245",
"Source": "BDU"
},
{
"RefID": "CVE-2023-47342",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-47342",
"Source": "CVE"
},
{
"RefID": "CVE-2024-7055",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-7055",
"Source": "CVE"
}
],
"Description": "This update upgrades ffmpeg to version 4.4.5-alt2. \nSecurity Fix(es):\n\n * BDU:2024-00245: Уязвимость мультимедийной библиотеки FFmpeg, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привелегии\n\n * CVE-2023-47342: description unavailable\n\n * CVE-2024-7055: A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-09-23"
},
"Updated": {
"Date": "2024-09-23"
},
"BDUs": [
{
"ID": "BDU:2024-00245",
"CVSS": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-269",
"Href": "https://bdu.fstec.ru/vul/2024-00245",
"Impact": "Low",
"Public": "20231106"
}
],
"CVEs": [
{
"ID": "CVE-2024-7055",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-7055",
"Impact": "None",
"Public": "20240806"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202412802001",
"Comment": "ffmpeg is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802002",
"Comment": "ffmpeg-doc is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802003",
"Comment": "ffplay is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802004",
"Comment": "ffplay-doc is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802005",
"Comment": "ffprobe is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802006",
"Comment": "ffprobe-doc is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802007",
"Comment": "ffserver-doc is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802008",
"Comment": "libavcodec-devel is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802009",
"Comment": "libavcodec58 is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802010",
"Comment": "libavdevice-devel is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802011",
"Comment": "libavdevice58 is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802012",
"Comment": "libavfilter-devel is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802013",
"Comment": "libavfilter7 is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802014",
"Comment": "libavformat-devel is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802015",
"Comment": "libavformat58 is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802016",
"Comment": "libavresample-devel is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802017",
"Comment": "libavresample4 is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802018",
"Comment": "libavutil-devel is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802019",
"Comment": "libavutil56 is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802020",
"Comment": "libpostproc-devel is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802021",
"Comment": "libpostproc55 is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802022",
"Comment": "libswresample-devel is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802023",
"Comment": "libswresample3 is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802024",
"Comment": "libswscale-devel is earlier than 2:4.4.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202412802025",
"Comment": "libswscale5 is earlier than 2:4.4.5-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink