pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2018-1929/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

310 lines
13 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20181929",
"Version": "oval:org.altlinux.errata:def:20181929",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-1929: package `ffmpeg` update to version 4.0.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-1929",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-1929",
"Source": "ALTPU"
},
{
"RefID": "CVE-2018-10001",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-10001",
"Source": "CVE"
},
{
"RefID": "CVE-2018-1999010",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999010",
"Source": "CVE"
},
{
"RefID": "CVE-2018-6392",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6392",
"Source": "CVE"
},
{
"RefID": "CVE-2018-6912",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6912",
"Source": "CVE"
},
{
"RefID": "CVE-2018-7557",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7557",
"Source": "CVE"
},
{
"RefID": "CVE-2018-7751",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7751",
"Source": "CVE"
},
{
"RefID": "CVE-2018-9841",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-9841",
"Source": "CVE"
}
],
"Description": "This update upgrades ffmpeg to version 4.0.1-alt1. \nSecurity Fix(es):\n\n * CVE-2018-10001: The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file.\n\n * CVE-2018-1999010: FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later.\n\n * CVE-2018-6392: The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.\n\n * CVE-2018-6912: The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.\n\n * CVE-2018-7557: The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.\n\n * CVE-2018-7751: The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.\n\n * CVE-2018-9841: The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-06-25"
},
"Updated": {
"Date": "2018-06-25"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2018-10001",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-10001",
"Impact": "Low",
"Public": "20180411"
},
{
"ID": "CVE-2018-1999010",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999010",
"Impact": "Critical",
"Public": "20180723"
},
{
"ID": "CVE-2018-6392",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6392",
"Impact": "Low",
"Public": "20180129"
},
{
"ID": "CVE-2018-6912",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6912",
"Impact": "Low",
"Public": "20180212"
},
{
"ID": "CVE-2018-7557",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-7557",
"Impact": "Low",
"Public": "20180228"
},
{
"ID": "CVE-2018-7751",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-7751",
"Impact": "Low",
"Public": "20180424"
},
{
"ID": "CVE-2018-9841",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-9841",
"Impact": "High",
"Public": "20180407"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20181929001",
"Comment": "ffmpeg is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929002",
"Comment": "ffplay is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929003",
"Comment": "ffprobe is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929004",
"Comment": "libavcodec-devel is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929005",
"Comment": "libavcodec-devel-static is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929006",
"Comment": "libavcodec58 is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929007",
"Comment": "libavdevice-devel is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929008",
"Comment": "libavdevice-devel-static is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929009",
"Comment": "libavdevice58 is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929010",
"Comment": "libavfilter-devel is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929011",
"Comment": "libavfilter-devel-static is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929012",
"Comment": "libavfilter7 is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929013",
"Comment": "libavformat-devel is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929014",
"Comment": "libavformat-devel-static is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929015",
"Comment": "libavformat58 is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929016",
"Comment": "libavresample-devel is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929017",
"Comment": "libavresample-devel-static is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929018",
"Comment": "libavresample4 is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929019",
"Comment": "libavutil-devel is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929020",
"Comment": "libavutil-devel-static is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929021",
"Comment": "libavutil56 is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929022",
"Comment": "libpostproc-devel is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929023",
"Comment": "libpostproc-devel-static is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929024",
"Comment": "libpostproc55 is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929025",
"Comment": "libswresample-devel is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929026",
"Comment": "libswresample-devel-static is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929027",
"Comment": "libswresample3 is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929028",
"Comment": "libswscale-devel is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929029",
"Comment": "libswscale-devel-static is earlier than 2:4.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181929030",
"Comment": "libswscale5 is earlier than 2:4.0.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink