100 lines
3.5 KiB
JSON
100 lines
3.5 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20142313",
|
|
"Version": "oval:org.altlinux.errata:def:20142313",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2014-2313: package `zsh` update to version 5.0.7-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c9f2"
|
|
],
|
|
"Products": [
|
|
"ALT SPWorkstation",
|
|
"ALT SPServer"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2014-2313",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-2313",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-10070",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-10070",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-10071",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-10071",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades zsh to version 5.0.7-alt1. \nSecurity Fix(es):\n\n * CVE-2014-10070: zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where \"env_reset\" has been disabled.\n\n * CVE-2014-10071: In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the \"\u003e\u0026 fd\" syntax.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Critical",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2014-10-30"
|
|
},
|
|
"Updated": {
|
|
"Date": "2014-10-30"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2014-10070",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
|
|
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-264",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-10070",
|
|
"Impact": "High",
|
|
"Public": "20180227"
|
|
},
|
|
{
|
|
"ID": "CVE-2014-10071",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-10071",
|
|
"Impact": "Critical",
|
|
"Public": "20180227"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:8.4",
|
|
"cpe:/o:alt:spserver:8.4"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142313001",
|
|
"Comment": "zsh is earlier than 1:5.0.7-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |