pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c8da5a637e
vuln-list-alt/oval/p10/ALT-PU-2018-2665/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

147 lines
5.4 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20182665",
"Version": "oval:org.altlinux.errata:def:20182665",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-2665: package `binutils` update to version 2.31.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-2665",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-2665",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-00676",
"RefURL": "https://bdu.fstec.ru/vul/2019-00676",
"Source": "BDU"
},
{
"RefID": "CVE-2018-19931",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19931",
"Source": "CVE"
},
{
"RefID": "CVE-2018-19932",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19932",
"Source": "CVE"
}
],
"Description": "This update upgrades binutils to version 2.31.1-alt1. \nSecurity Fix(es):\n\n * BDU:2019-00676: Уязвимость функции bfd_elf32_swap_phdr_in программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2018-19931: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.\n\n * CVE-2018-19932: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-11-20"
},
"Updated": {
"Date": "2018-11-20"
},
"BDUs": [
{
"ID": "BDU:2019-00676",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-00676",
"Impact": "High",
"Public": "20181207"
}
],
"CVEs": [
{
"ID": "CVE-2018-19931",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19931",
"Impact": "High",
"Public": "20181207"
},
{
"ID": "CVE-2018-19932",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19932",
"Impact": "Low",
"Public": "20181207"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20182665001",
"Comment": "binutils is earlier than 1:2.31.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182665002",
"Comment": "binutils-devel is earlier than 1:2.31.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182665003",
"Comment": "binutils-source is earlier than 1:2.31.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink