pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b1153fc0bf
vuln-list-alt/oval/p9/ALT-PU-2021-1933/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

433 lines
22 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20211933",
"Version": "oval:org.altlinux.errata:def:20211933",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-1933: package `ilmbase` update to version 2.5.6-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-1933",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1933",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-01975",
"RefURL": "https://bdu.fstec.ru/vul/2021-01975",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01976",
"RefURL": "https://bdu.fstec.ru/vul/2021-01976",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01977",
"RefURL": "https://bdu.fstec.ru/vul/2021-01977",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01978",
"RefURL": "https://bdu.fstec.ru/vul/2021-01978",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01983",
"RefURL": "https://bdu.fstec.ru/vul/2021-01983",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01984",
"RefURL": "https://bdu.fstec.ru/vul/2021-01984",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05210",
"RefURL": "https://bdu.fstec.ru/vul/2021-05210",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01678",
"RefURL": "https://bdu.fstec.ru/vul/2023-01678",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01692",
"RefURL": "https://bdu.fstec.ru/vul/2023-01692",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01699",
"RefURL": "https://bdu.fstec.ru/vul/2023-01699",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01701",
"RefURL": "https://bdu.fstec.ru/vul/2023-01701",
"Source": "BDU"
},
{
"RefID": "CVE-2021-20296",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20296",
"Source": "CVE"
},
{
"RefID": "CVE-2021-20299",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20299",
"Source": "CVE"
},
{
"RefID": "CVE-2021-20300",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20300",
"Source": "CVE"
},
{
"RefID": "CVE-2021-20302",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20302",
"Source": "CVE"
},
{
"RefID": "CVE-2021-20303",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20303",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3474",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3474",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3475",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3475",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3476",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3476",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3477",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3477",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3478",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3478",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3479",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3479",
"Source": "CVE"
}
],
"Description": "This update upgrades ilmbase to version 2.5.6-alt1. \nSecurity Fix(es):\n\n * BDU:2021-01975: Уязвимость интерфейса Scanline API библиотеки OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01976: Уязвимость реализации метода сжатия файла с использованием строки сканирования Zip (per scanline) (ImfScanLineInputFile.cpp) библиотеки OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01977: Уязвимость функции DeepTiledInputFile::initialize() (src/lib/OpenEXR/ImfDeepTiledInputFile.cpp) библиотеки OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * BDU:2021-01978: Уязвимость функции сжатия данных B44 (OpenEXR/IlmImf/ImfB44Compressor.cpp) библиотеки OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01983: Уязвимость функции calculateNumTiles()(OpenEXR/IlmImf/ImfTiledMisc.cpp) библиотеки OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01984: Уязвимость функции FastHufDecoder библиотеки OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-05210: Уязвимость функции декомпрессии Dwa библиотеки IlmImf программного обеспечения для хранения изображений с широкими динамическими диапазоном яркости OpenEXR, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-01678: Уязвимость функционала TiledInputFile программного обеспечения для хранения изображений с широкими динамическими диапазоном яркости OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-01692: Уязвимость функции hufUncompress компонента /IlmImf/ImfHuf.cpp программного обеспечения для хранения изображений с широкими динамическими диапазоном яркости OpenEXR, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-01699: Уязвимость функции dataWindowForTile() компонента IlmImf/ImfTiledMisc.cpp программного обеспечения для хранения изображений с широкими динамическими диапазоном яркости OpenEXR, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании\n\n * BDU:2023-01701: Уязвимость программного обеспечения для хранения изображений с широкими динамическими диапазоном яркости OpenEXR, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2021-20296: A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.\n\n * CVE-2021-20299: A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.\n\n * CVE-2021-20300: A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.\n\n * CVE-2021-20302: A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.\n\n * CVE-2021-20303: A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.\n\n * CVE-2021-3474: There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.\n\n * CVE-2021-3475: There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.\n\n * CVE-2021-3476: A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.\n\n * CVE-2021-3477: There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.\n\n * CVE-2021-3478: There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.\n\n * CVE-2021-3479: There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-06-04"
},
"Updated": {
"Date": "2021-06-04"
},
"BDUs": [
{
"ID": "BDU:2021-01975",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2021-01975",
"Impact": "Low",
"Public": "20200902"
},
{
"ID": "BDU:2021-01976",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2021-01976",
"Impact": "Low",
"Public": "20201111"
},
{
"ID": "BDU:2021-01977",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125, CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-01977",
"Impact": "Low",
"Public": "20201104"
},
{
"ID": "BDU:2021-01978",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-01978",
"Impact": "Low",
"Public": "20201006"
},
{
"ID": "BDU:2021-01983",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-01983",
"Impact": "Low",
"Public": "20200831"
},
{
"ID": "BDU:2021-01984",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-01984",
"Impact": "Low",
"Public": "20200817"
},
{
"ID": "BDU:2021-05210",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2021-05210",
"Impact": "Low",
"Public": "20200813"
},
{
"ID": "BDU:2023-01678",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2023-01678",
"Impact": "Low",
"Public": "20200923"
},
{
"ID": "BDU:2023-01692",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2023-01692",
"Impact": "Low",
"Public": "20200911"
},
{
"ID": "BDU:2023-01699",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2023-01699",
"Impact": "Low",
"Public": "20200909"
},
{
"ID": "BDU:2023-01701",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2023-01701",
"Impact": "Low",
"Public": "20200917"
}
],
"CVEs": [
{
"ID": "CVE-2021-20296",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20296",
"Impact": "Low",
"Public": "20210401"
},
{
"ID": "CVE-2021-20299",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20299",
"Impact": "High",
"Public": "20220316"
},
{
"ID": "CVE-2021-20300",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20300",
"Impact": "Low",
"Public": "20220304"
},
{
"ID": "CVE-2021-20302",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20302",
"Impact": "Low",
"Public": "20220304"
},
{
"ID": "CVE-2021-20303",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20303",
"Impact": "Low",
"Public": "20220304"
},
{
"ID": "CVE-2021-3474",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3474",
"Impact": "Low",
"Public": "20210330"
},
{
"ID": "CVE-2021-3475",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3475",
"Impact": "Low",
"Public": "20210330"
},
{
"ID": "CVE-2021-3476",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3476",
"Impact": "Low",
"Public": "20210330"
},
{
"ID": "CVE-2021-3477",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3477",
"Impact": "Low",
"Public": "20210331"
},
{
"ID": "CVE-2021-3478",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3478",
"Impact": "Low",
"Public": "20210331"
},
{
"ID": "CVE-2021-3479",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3479",
"Impact": "Low",
"Public": "20210331"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20211933001",
"Comment": "ilmbase is earlier than 0:2.5.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211933002",
"Comment": "ilmbase-devel is earlier than 0:2.5.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211933003",
"Comment": "ilmbase25-common is earlier than 0:2.5.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211933004",
"Comment": "libhalf25 is earlier than 0:2.5.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211933005",
"Comment": "libiex25 is earlier than 0:2.5.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211933006",
"Comment": "libiexmath25 is earlier than 0:2.5.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211933007",
"Comment": "libilmthread25 is earlier than 0:2.5.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211933008",
"Comment": "libimath25 is earlier than 0:2.5.6-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink