pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d5472b7d22
vuln-list-alt/oval/p10/ALT-PU-2017-1920/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

277 lines
12 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20171920",
"Version": "oval:org.altlinux.errata:def:20171920",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2017-1920: package `wireshark` update to version 2.2.8-alt1.S1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit",
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2017-1920",
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-1920",
"Source": "ALTPU"
},
{
"RefID": "CVE-2017-11406",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11406",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11407",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11407",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11408",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11408",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11410",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11411",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11411",
"Source": "CVE"
},
{
"RefID": "CVE-2017-13766",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-13766",
"Source": "CVE"
},
{
"RefID": "CVE-2017-13767",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-13767",
"Source": "CVE"
},
{
"RefID": "CVE-2017-7702",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-7702",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9350",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9350",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9616",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9616",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9617",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9617",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9766",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9766",
"Source": "CVE"
}
],
"Description": "This update upgrades wireshark to version 2.2.8-alt1.S1. \nSecurity Fix(es):\n\n * CVE-2017-11406: In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.\n\n * CVE-2017-11407: In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt.\n\n * CVE-2017-11408: In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.\n\n * CVE-2017-11410: In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702.\n\n * CVE-2017-11411: In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350.\n\n * CVE-2017-13766: In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation.\n\n * CVE-2017-13767: In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation.\n\n * CVE-2017-7702: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.\n\n * CVE-2017-9350: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.\n\n * CVE-2017-9616: In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c.\n\n * CVE-2017-9617: In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.\n\n * CVE-2017-9766: In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2017-07-21"
},
"Updated": {
"Date": "2017-07-21"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2017-11406",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11406",
"Impact": "High",
"Public": "20170718"
},
{
"ID": "CVE-2017-11407",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11407",
"Impact": "High",
"Public": "20170718"
},
{
"ID": "CVE-2017-11408",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11408",
"Impact": "High",
"Public": "20170718"
},
{
"ID": "CVE-2017-11410",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11410",
"Impact": "High",
"Public": "20170718"
},
{
"ID": "CVE-2017-11411",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11411",
"Impact": "High",
"Public": "20170718"
},
{
"ID": "CVE-2017-13766",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-13766",
"Impact": "High",
"Public": "20170830"
},
{
"ID": "CVE-2017-13767",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-13767",
"Impact": "High",
"Public": "20170830"
},
{
"ID": "CVE-2017-7702",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-7702",
"Impact": "High",
"Public": "20170412"
},
{
"ID": "CVE-2017-9350",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9350",
"Impact": "High",
"Public": "20170602"
},
{
"ID": "CVE-2017-9616",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9616",
"Impact": "Low",
"Public": "20170614"
},
{
"ID": "CVE-2017-9617",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9617",
"Impact": "Low",
"Public": "20170614"
},
{
"ID": "CVE-2017-9766",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9766",
"Impact": "High",
"Public": "20170621"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:container:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20171920001",
"Comment": "libwiretap is earlier than 0:2.2.8-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171920002",
"Comment": "libwiretap-devel is earlier than 0:2.2.8-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171920003",
"Comment": "tshark is earlier than 0:2.2.8-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171920004",
"Comment": "wireshark-base is earlier than 0:2.2.8-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171920005",
"Comment": "wireshark-doc is earlier than 0:2.2.8-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171920006",
"Comment": "wireshark-gtk+ is earlier than 0:2.2.8-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171920007",
"Comment": "wireshark-qt5 is earlier than 0:2.2.8-alt1.S1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink