pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ce6c2829e2
vuln-list-alt/oval/p9/ALT-PU-2018-2652/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

341 lines
16 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20182652",
"Version": "oval:org.altlinux.errata:def:20182652",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-2652: package `GraphicsMagick` update to version 1.3.30-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-2652",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-2652",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-00424",
"RefURL": "https://bdu.fstec.ru/vul/2019-00424",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04037",
"RefURL": "https://bdu.fstec.ru/vul/2019-04037",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04038",
"RefURL": "https://bdu.fstec.ru/vul/2019-04038",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04173",
"RefURL": "https://bdu.fstec.ru/vul/2019-04173",
"Source": "BDU"
},
{
"RefID": "CVE-2016-5118",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5118",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5240",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5240",
"Source": "CVE"
},
{
"RefID": "CVE-2016-5241",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5241",
"Source": "CVE"
},
{
"RefID": "CVE-2016-7447",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7447",
"Source": "CVE"
},
{
"RefID": "CVE-2016-7448",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7448",
"Source": "CVE"
},
{
"RefID": "CVE-2016-7800",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7800",
"Source": "CVE"
},
{
"RefID": "CVE-2016-7996",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7996",
"Source": "CVE"
},
{
"RefID": "CVE-2016-7997",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7997",
"Source": "CVE"
},
{
"RefID": "CVE-2017-6335",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-6335",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9098",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9098",
"Source": "CVE"
},
{
"RefID": "CVE-2018-6799",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6799",
"Source": "CVE"
}
],
"Description": "This update upgrades GraphicsMagick to version 1.3.30-alt1. \nSecurity Fix(es):\n\n * BDU:2019-00424: Уязвимость кроссплатформенной библиотеки для работы с графикой GraphicsMagick, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * BDU:2019-04037: Уязвимость функции parse8BIM (coders/meta.c) кроссплатформенной библиотеки для работы с графикой GraphicsMagick, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04038: Уязвимость модуля чтения WPG кроссплатформенной библиотеки для работы с графикой GraphicsMagick, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04173: Уязвимость функции QuantumTransferMode (coders/tiff.c) кроссплатформенной библиотеки для работы с графикой GraphicsMagick, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2016-5118: The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.\n\n * CVE-2016-5240: The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.\n\n * CVE-2016-5241: magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.\n\n * CVE-2016-7447: Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.\n\n * CVE-2016-7448: The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.\n\n * CVE-2016-7800: Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.\n\n * CVE-2016-7996: Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.\n\n * CVE-2016-7997: The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.\n\n * CVE-2017-6335: The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.\n\n * CVE-2017-9098: ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.\n\n * CVE-2018-6799: The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-11-16"
},
"Updated": {
"Date": "2018-11-16"
},
"BDUs": [
{
"ID": "BDU:2019-00424",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-00424",
"Impact": "Critical",
"Public": "20161007"
},
{
"ID": "BDU:2019-04037",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-119, CWE-191",
"Href": "https://bdu.fstec.ru/vul/2019-04037",
"Impact": "High",
"Public": "20170704"
},
{
"ID": "BDU:2019-04038",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2019-04038",
"Impact": "High",
"Public": "20170704"
},
{
"ID": "BDU:2019-04173",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-04173",
"Impact": "Low",
"Public": "20170314"
}
],
"CVEs": [
{
"ID": "CVE-2016-5118",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5118",
"Impact": "Critical",
"Public": "20160610"
},
{
"ID": "CVE-2016-5240",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5240",
"Impact": "Low",
"Public": "20170227"
},
{
"ID": "CVE-2016-5241",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-189",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5241",
"Impact": "Low",
"Public": "20170203"
},
{
"ID": "CVE-2016-7447",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7447",
"Impact": "Critical",
"Public": "20170206"
},
{
"ID": "CVE-2016-7448",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7448",
"Impact": "High",
"Public": "20170206"
},
{
"ID": "CVE-2016-7800",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7800",
"Impact": "High",
"Public": "20170206"
},
{
"ID": "CVE-2016-7996",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7996",
"Impact": "Critical",
"Public": "20170118"
},
{
"ID": "CVE-2016-7997",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7997",
"Impact": "High",
"Public": "20170118"
},
{
"ID": "CVE-2017-6335",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-6335",
"Impact": "Low",
"Public": "20170314"
},
{
"ID": "CVE-2017-9098",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-908",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9098",
"Impact": "High",
"Public": "20170519"
},
{
"ID": "CVE-2018-6799",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-6799",
"Impact": "High",
"Public": "20180207"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20182652001",
"Comment": "GraphicsMagick is earlier than 0:1.3.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182652002",
"Comment": "GraphicsMagick-ImageMagick-compat is earlier than 0:1.3.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182652003",
"Comment": "GraphicsMagick-common is earlier than 0:1.3.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182652004",
"Comment": "GraphicsMagick-doc is earlier than 0:1.3.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182652005",
"Comment": "GraphicsMagick-nox is earlier than 0:1.3.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182652006",
"Comment": "libGraphicsMagick is earlier than 0:1.3.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182652007",
"Comment": "libGraphicsMagick-c++ is earlier than 0:1.3.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182652008",
"Comment": "libGraphicsMagick-c++-devel is earlier than 0:1.3.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182652009",
"Comment": "libGraphicsMagick-c++-devel-static is earlier than 0:1.3.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182652010",
"Comment": "libGraphicsMagick-devel is earlier than 0:1.3.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182652011",
"Comment": "libGraphicsMagick-devel-static is earlier than 0:1.3.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182652012",
"Comment": "perl-GraphicsMagick is earlier than 0:1.3.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182652013",
"Comment": "perl-GraphicsMagick-demo is earlier than 0:1.3.30-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink