pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c9f2/ALT-PU-2016-1135/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

271 lines
13 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20161135",
"Version": "oval:org.altlinux.errata:def:20161135",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2016-1135: package `glibc` update to version 2.23-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2016-1135",
"RefURL": "https://errata.altlinux.org/ALT-PU-2016-1135",
"Source": "ALTPU"
},
{
"RefID": "BDU:2016-00434",
"RefURL": "https://bdu.fstec.ru/vul/2016-00434",
"Source": "BDU"
},
{
"RefID": "BDU:2017-00283",
"RefURL": "https://bdu.fstec.ru/vul/2017-00283",
"Source": "BDU"
},
{
"RefID": "CVE-2014-9761",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-9761",
"Source": "CVE"
},
{
"RefID": "CVE-2015-7547",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-7547",
"Source": "CVE"
},
{
"RefID": "CVE-2015-8776",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-8776",
"Source": "CVE"
},
{
"RefID": "CVE-2015-8777",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-8777",
"Source": "CVE"
},
{
"RefID": "CVE-2015-8778",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-8778",
"Source": "CVE"
},
{
"RefID": "CVE-2015-8779",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-8779",
"Source": "CVE"
},
{
"RefID": "CVE-2016-3706",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-3706",
"Source": "CVE"
},
{
"RefID": "CVE-2020-29573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-29573",
"Source": "CVE"
}
],
"Description": "This update upgrades glibc to version 2.23-alt1. \nSecurity Fix(es):\n\n * BDU:2016-00434: Уязвимость библиотеки glibc, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * BDU:2017-00283: Уязвимости библиотеки, обеспечивающей системные вызовы и основные функции, glibc, позволяющие нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * CVE-2014-9761: Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.\n\n * CVE-2015-7547: Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module.\n\n * CVE-2015-8776: The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.\n\n * CVE-2015-8777: The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.\n\n * CVE-2015-8778: Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.\n\n * CVE-2015-8779: Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.\n\n * CVE-2016-3706: Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.\n\n * CVE-2020-29573: sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of \"Fixed for glibc 2.33\" in the 26649 reference.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2016-02-19"
},
"Updated": {
"Date": "2016-02-19"
},
"BDUs": [
{
"ID": "BDU:2016-00434",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2016-00434",
"Impact": "Critical",
"Public": "20160218"
},
{
"ID": "BDU:2017-00283",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-00283",
"Impact": "Low",
"Public": "20160219"
}
],
"CVEs": [
{
"ID": "CVE-2014-9761",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-9761",
"Impact": "Critical",
"Public": "20160419"
},
{
"ID": "CVE-2015-7547",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-7547",
"Impact": "High",
"Public": "20160218"
},
{
"ID": "CVE-2015-8776",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-189",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-8776",
"Impact": "Critical",
"Public": "20160419"
},
{
"ID": "CVE-2015-8777",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-254",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-8777",
"Impact": "Low",
"Public": "20160120"
},
{
"ID": "CVE-2015-8778",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-8778",
"Impact": "Critical",
"Public": "20160419"
},
{
"ID": "CVE-2015-8779",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-8779",
"Impact": "Critical",
"Public": "20160419"
},
{
"ID": "CVE-2016-3706",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-3706",
"Impact": "High",
"Public": "20160610"
},
{
"ID": "CVE-2020-29573",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-29573",
"Impact": "High",
"Public": "20201206"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20161135001",
"Comment": "glibc is earlier than 6:2.23-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161135002",
"Comment": "glibc-core is earlier than 6:2.23-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161135003",
"Comment": "glibc-debug is earlier than 6:2.23-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161135004",
"Comment": "glibc-devel is earlier than 6:2.23-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161135005",
"Comment": "glibc-devel-static is earlier than 6:2.23-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161135006",
"Comment": "glibc-doc is earlier than 6:2.23-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161135007",
"Comment": "glibc-gconv-modules is earlier than 6:2.23-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161135008",
"Comment": "glibc-i18ndata is earlier than 6:2.23-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161135009",
"Comment": "glibc-locales is earlier than 6:2.23-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161135010",
"Comment": "glibc-nss is earlier than 6:2.23-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161135011",
"Comment": "glibc-preinstall is earlier than 6:2.23-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161135012",
"Comment": "glibc-pthread is earlier than 6:2.23-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161135013",
"Comment": "glibc-timezones is earlier than 6:2.23-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161135014",
"Comment": "glibc-utils is earlier than 6:2.23-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161135015",
"Comment": "iconv is earlier than 6:2.23-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161135016",
"Comment": "nscd is earlier than 6:2.23-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink