pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b1153fc0bf
vuln-list-alt/oval/c9f2/ALT-PU-2021-2149/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

459 lines
23 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20212149",
"Version": "oval:org.altlinux.errata:def:20212149",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-2149: package `libsndfile` update to version 1.0.30-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-2149",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-2149",
"Source": "ALTPU"
},
{
"RefID": "BDU:2018-00012",
"RefURL": "https://bdu.fstec.ru/vul/2018-00012",
"Source": "BDU"
},
{
"RefID": "BDU:2018-00013",
"RefURL": "https://bdu.fstec.ru/vul/2018-00013",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01624",
"RefURL": "https://bdu.fstec.ru/vul/2019-01624",
"Source": "BDU"
},
{
"RefID": "BDU:2020-04529",
"RefURL": "https://bdu.fstec.ru/vul/2020-04529",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03598",
"RefURL": "https://bdu.fstec.ru/vul/2021-03598",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03755",
"RefURL": "https://bdu.fstec.ru/vul/2021-03755",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03756",
"RefURL": "https://bdu.fstec.ru/vul/2021-03756",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03758",
"RefURL": "https://bdu.fstec.ru/vul/2021-03758",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03761",
"RefURL": "https://bdu.fstec.ru/vul/2021-03761",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03767",
"RefURL": "https://bdu.fstec.ru/vul/2021-03767",
"Source": "BDU"
},
{
"RefID": "BDU:2021-04131",
"RefURL": "https://bdu.fstec.ru/vul/2021-04131",
"Source": "BDU"
},
{
"RefID": "CVE-2017-12562",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12562",
"Source": "CVE"
},
{
"RefID": "CVE-2017-14245",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-14245",
"Source": "CVE"
},
{
"RefID": "CVE-2017-14246",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-14246",
"Source": "CVE"
},
{
"RefID": "CVE-2017-14634",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-14634",
"Source": "CVE"
},
{
"RefID": "CVE-2017-6892",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-6892",
"Source": "CVE"
},
{
"RefID": "CVE-2017-8361",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8361",
"Source": "CVE"
},
{
"RefID": "CVE-2017-8362",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8362",
"Source": "CVE"
},
{
"RefID": "CVE-2017-8363",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8363",
"Source": "CVE"
},
{
"RefID": "CVE-2017-8365",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8365",
"Source": "CVE"
},
{
"RefID": "CVE-2018-13139",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-13139",
"Source": "CVE"
},
{
"RefID": "CVE-2018-13419",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-13419",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19432",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19432",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19661",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19661",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19662",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19662",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19758",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19758",
"Source": "CVE"
},
{
"RefID": "CVE-2019-3832",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-3832",
"Source": "CVE"
}
],
"Description": "This update upgrades libsndfile to version 1.0.30-alt2. \nSecurity Fix(es):\n\n * BDU:2018-00012: Уязвимость функции aiff_read_chanmap (aaiff.c) библиотеки libsndfile, позволяющая нарушителю нарушить конфиденциальность, целостность и доступность данных\n\n * BDU:2018-00013: Уязвимость функции psf_binheader_writef (common.c) библиотеки libsndfile операционной системы Astra Linux, позволяющая нарушителю нарушить конфиденциальность, целостность и доступность данных или вызвать отказ в обслуживании\n\n * BDU:2019-01624: Уязвимость библиотеки libsndfile, связанная с переполнением буфера данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-04529: Уязвимость функции sf_write_int библиотеки libsndfile, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-03598: Уязвимость функции wav_write_header () библиотеки для чтения и записи аудиофайлов Libsndfile, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-03755: Уязвимость функции double64_init() библиотеки libsndfile, связанная с отсутствием проверки деления на ноль, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-03756: Уязвимость функции wav_write_header библиотеки libsndfile, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-03758: Уязвимость функции d2alaw_array() библиотеки СИ libsndfile, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании\n\n * BDU:2021-03761: Уязвимость функции i2ulaw_array библиотеки libsndfile, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-03767: Уязвимость функции i2ulaw_array библиотеки libsndfile, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании\n\n * BDU:2021-04131: Уязвимость функции d2alaw_array() библиотеки СИ libsndfile, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * CVE-2017-12562: Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.\n\n * CVE-2017-14245: An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.\n\n * CVE-2017-14246: An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.\n\n * CVE-2017-14634: In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.\n\n * CVE-2017-6892: In libsndfile version 1.0.28, an error in the \"aiff_read_chanmap()\" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.\n\n * CVE-2017-8361: The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.\n\n * CVE-2017-8362: The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.\n\n * CVE-2017-8363: The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.\n\n * CVE-2017-8365: The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.\n\n * CVE-2018-13139: A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.\n\n * CVE-2018-13419: An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue\n\n * CVE-2018-19432: An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.\n\n * CVE-2018-19661: An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service.\n\n * CVE-2018-19662: An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.\n\n * CVE-2018-19758: There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.\n\n * CVE-2019-3832: It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-07-05"
},
"Updated": {
"Date": "2021-07-05"
},
"BDUs": [
{
"ID": "BDU:2018-00012",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2018-00012",
"Impact": "High",
"Public": "20170613"
},
{
"ID": "BDU:2018-00013",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2018-00013",
"Impact": "Critical",
"Public": "20170614"
},
{
"ID": "BDU:2019-01624",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-01624",
"Impact": "High",
"Public": "20180703"
},
{
"ID": "BDU:2020-04529",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2020-04529",
"Impact": "Low",
"Public": "20181121"
},
{
"ID": "BDU:2021-03598",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-03598",
"Impact": "Low",
"Public": "20190215"
},
{
"ID": "BDU:2021-03755",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2021-03755",
"Impact": "Low",
"Public": "20170925"
},
{
"ID": "BDU:2021-03756",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-03756",
"Impact": "Low",
"Public": "20181227"
},
{
"ID": "BDU:2021-03758",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-03758",
"Impact": "High",
"Public": "20170924"
},
{
"ID": "BDU:2021-03761",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-03761",
"Impact": "Low",
"Public": "20181129"
},
{
"ID": "BDU:2021-03767",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-03767",
"Impact": "High",
"Public": "20181129"
},
{
"ID": "BDU:2021-04131",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-04131",
"Impact": "High",
"Public": "20170924"
}
],
"CVEs": [
{
"ID": "CVE-2017-12562",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12562",
"Impact": "Critical",
"Public": "20170805"
},
{
"ID": "CVE-2017-14245",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-14245",
"Impact": "High",
"Public": "20170921"
},
{
"ID": "CVE-2017-14246",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-14246",
"Impact": "High",
"Public": "20170921"
},
{
"ID": "CVE-2017-14634",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-14634",
"Impact": "Low",
"Public": "20170921"
},
{
"ID": "CVE-2017-6892",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-6892",
"Impact": "High",
"Public": "20170612"
},
{
"ID": "CVE-2017-8361",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-8361",
"Impact": "High",
"Public": "20170430"
},
{
"ID": "CVE-2017-8362",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-8362",
"Impact": "Low",
"Public": "20170430"
},
{
"ID": "CVE-2017-8363",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-8363",
"Impact": "Low",
"Public": "20170430"
},
{
"ID": "CVE-2017-8365",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-8365",
"Impact": "Low",
"Public": "20170430"
},
{
"ID": "CVE-2018-13139",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-13139",
"Impact": "High",
"Public": "20180704"
},
{
"ID": "CVE-2018-13419",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-772",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-13419",
"Impact": "Low",
"Public": "20180707"
},
{
"ID": "CVE-2018-19432",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19432",
"Impact": "Low",
"Public": "20181122"
},
{
"ID": "CVE-2018-19661",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19661",
"Impact": "Low",
"Public": "20181129"
},
{
"ID": "CVE-2018-19662",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19662",
"Impact": "High",
"Public": "20181129"
},
{
"ID": "CVE-2018-19758",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19758",
"Impact": "Low",
"Public": "20181130"
},
{
"ID": "CVE-2019-3832",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3832",
"Impact": "Low",
"Public": "20190321"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20212149001",
"Comment": "libsndfile is earlier than 0:1.0.30-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212149002",
"Comment": "libsndfile-devel is earlier than 0:1.0.30-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212149003",
"Comment": "libsndfile-utils is earlier than 0:1.0.30-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink