pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2018-1970/definitions.json
pepelyaevip 79e81ecc31 ALT Vulnerability
2024-07-23 15:04:31 +00:00

240 lines
11 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20181970",
"Version": "oval:org.altlinux.errata:def:20181970",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-1970: package `lynx` update to version 2.8.9-alt1.pre.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-1970",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-1970",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-02648",
"RefURL": "https://bdu.fstec.ru/vul/2015-02648",
"Source": "BDU"
},
{
"RefID": "BDU:2015-04083",
"RefURL": "https://bdu.fstec.ru/vul/2015-04083",
"Source": "BDU"
},
{
"RefID": "BDU:2015-04084",
"RefURL": "https://bdu.fstec.ru/vul/2015-04084",
"Source": "BDU"
},
{
"RefID": "BDU:2015-06413",
"RefURL": "https://bdu.fstec.ru/vul/2015-06413",
"Source": "BDU"
},
{
"RefID": "BDU:2015-06414",
"RefURL": "https://bdu.fstec.ru/vul/2015-06414",
"Source": "BDU"
},
{
"RefID": "BDU:2015-08355",
"RefURL": "https://bdu.fstec.ru/vul/2015-08355",
"Source": "BDU"
},
{
"RefID": "BDU:2015-08356",
"RefURL": "https://bdu.fstec.ru/vul/2015-08356",
"Source": "BDU"
},
{
"RefID": "CVE-2005-2929",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2005-2929",
"Source": "CVE"
},
{
"RefID": "CVE-2005-3120",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2005-3120",
"Source": "CVE"
},
{
"RefID": "CVE-2006-7234",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2006-7234",
"Source": "CVE"
},
{
"RefID": "CVE-2008-4690",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2008-4690",
"Source": "CVE"
}
],
"Description": "This update upgrades lynx to version 2.8.9-alt1.pre.1. \nSecurity Fix(es):\n\n * BDU:2015-02648: Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-04083: Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-04084: Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-06413: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-06414: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08355: Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08356: Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2005-2929: Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.\n\n * CVE-2005-3120: Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.\n\n * CVE-2006-7234: Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.\n\n * CVE-2008-4690: lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-07-03"
},
"Updated": {
"Date": "2018-07-03"
},
"BDUs": [
{
"ID": "BDU:2015-02648",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-131",
"Href": "https://bdu.fstec.ru/vul/2015-02648",
"Impact": "High",
"Public": "20051017"
},
{
"ID": "BDU:2015-04083",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2015-04083",
"Impact": "High",
"Public": "20041018"
},
{
"ID": "BDU:2015-04084",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2015-04084",
"Impact": "High"
},
{
"ID": "BDU:2015-06413",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-06413",
"Impact": "Critical",
"Public": "20081027"
},
{
"ID": "BDU:2015-06414",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-06414",
"Impact": "Critical",
"Public": "20081027"
},
{
"ID": "BDU:2015-08355",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-08355",
"Impact": "Critical",
"Public": "20081027"
},
{
"ID": "BDU:2015-08356",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-08356",
"Impact": "Critical",
"Public": "20081027"
}
],
"CVEs": [
{
"ID": "CVE-2005-2929",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2005-2929",
"Impact": "High",
"Public": "20051118"
},
{
"ID": "CVE-2005-3120",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-131",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2005-3120",
"Impact": "Critical",
"Public": "20051017"
},
{
"ID": "CVE-2006-7234",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2006-7234",
"Impact": "Low",
"Public": "20081027"
},
{
"ID": "CVE-2008-4690",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2008-4690",
"Impact": "Critical",
"Public": "20081022"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20181970001",
"Comment": "lynx is earlier than 0:2.8.9-alt1.pre.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181970002",
"Comment": "lynx-data is earlier than 0:2.8.9-alt1.pre.1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink