vuln-list-alt/oval/p10/ALT-PU-2020-2972/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20202972",
      "Version": "oval:org.altlinux.errata:def:20202972",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2020-2972: package `libjasper` update to version 2.0.22-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p10"
            ],
            "Products": [
              "ALT Server",
              "ALT Virtualization Server",
              "ALT Workstation",
              "ALT Workstation K",
              "ALT Education",
              "Simply Linux",
              "Starterkit",
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2020-2972",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2020-2972",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2019-03830",
            "RefURL": "https://bdu.fstec.ru/vul/2019-03830",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2016-9398",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9398",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2018-19541",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-19541",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades libjasper to version 2.0.22-alt1. \nSecurity Fix(es):\n\n * BDU:2019-03830: Уязвимость функции function jas_image_depalettize (libjasper/base/jas_image.c) набора библиотек JasPer, позволяющая нарушителю оказать воздействие на целостность и конфиденциальность данных или вызвать отказ в обслуживании\n\n * CVE-2016-9398: The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.\n\n * CVE-2018-19541: An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2020-10-08"
          },
          "Updated": {
            "Date": "2020-10-08"
          },
          "BDUs": [
            {
              "ID": "BDU:2019-03830",
              "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
              "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "CWE": "CWE-125",
              "Href": "https://bdu.fstec.ru/vul/2019-03830",
              "Impact": "High",
              "Public": "20181125"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2016-9398",
              "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-617",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9398",
              "Impact": "High",
              "Public": "20170323"
            },
            {
              "ID": "CVE-2018-19541",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "CWE": "CWE-125",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-19541",
              "Impact": "High",
              "Public": "20181126"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:kworkstation:10",
              "cpe:/o:alt:workstation:10",
              "cpe:/o:alt:server:10",
              "cpe:/o:alt:server-v:10",
              "cpe:/o:alt:education:10",
              "cpe:/o:alt:slinux:10",
              "cpe:/o:alt:starterkit:10",
              "cpe:/o:alt:starterkit:p10",
              "cpe:/o:alt:container:10"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:2001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20202972001",
                "Comment": "jasper is earlier than 0:2.0.22-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20202972002",
                "Comment": "libjasper is earlier than 0:2.0.22-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20202972003",
                "Comment": "libjasper-devel is earlier than 0:2.0.22-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20202972004",
                "Comment": "libjasper-devel-doc is earlier than 0:2.0.22-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}