2024-04-16 14:26:14 +00:00

149 lines
5.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20221129",
"Version": "oval:org.altlinux.errata:def:20221129",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-1129: package `clamav` update to version 0.103.5-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-1129",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-1129",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-00587",
"RefURL": "https://bdu.fstec.ru/vul/2022-00587",
"Source": "BDU"
},
{
"RefID": "CVE-2022-20698",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-20698",
"Source": "CVE"
}
],
"Description": "This update upgrades clamav to version 0.103.5-alt1. \nSecurity Fix(es):\n\n * BDU:2022-00587: Уязвимость пакета антивирусного ПО Clam AntiVirus, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю выполнить отказ в обслуживании\n\n * CVE-2022-20698: A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-01-25"
},
"Updated": {
"Date": "2022-01-25"
},
"BDUs": [
{
"ID": "BDU:2022-00587",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2022-00587",
"Impact": "Low",
"Public": "20220119"
}
],
"CVEs": [
{
"ID": "CVE-2022-20698",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-20698",
"Impact": "High",
"Public": "20220114"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20221129001",
"Comment": "clamav is earlier than 0:0.103.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221129002",
"Comment": "clamav-clamonacc is earlier than 0:0.103.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221129003",
"Comment": "clamav-freshclam is earlier than 0:0.103.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221129004",
"Comment": "clamav-manual is earlier than 0:0.103.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221129005",
"Comment": "clamav-milter is earlier than 0:0.103.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221129006",
"Comment": "libclamav-devel is earlier than 0:0.103.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221129007",
"Comment": "libclamav9 is earlier than 0:0.103.5-alt1"
}
]
}
]
}
}
]
}