pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d5472b7d22
vuln-list-alt/oval/p10/ALT-PU-2021-1230/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

361 lines
18 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20211230",
"Version": "oval:org.altlinux.errata:def:20211230",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-1230: package `arm-none-eabi-binutils` update to version 2.35-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit",
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-1230",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1230",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-00981",
"RefURL": "https://bdu.fstec.ru/vul/2019-00981",
"Source": "BDU"
},
{
"RefID": "BDU:2020-04872",
"RefURL": "https://bdu.fstec.ru/vul/2020-04872",
"Source": "BDU"
},
{
"RefID": "CVE-2019-12972",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-12972",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14250",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14250",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14444",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14444",
"Source": "CVE"
},
{
"RefID": "CVE-2019-17450",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-17450",
"Source": "CVE"
},
{
"RefID": "CVE-2019-17451",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-17451",
"Source": "CVE"
},
{
"RefID": "CVE-2019-9070",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9070",
"Source": "CVE"
},
{
"RefID": "CVE-2019-9071",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9071",
"Source": "CVE"
},
{
"RefID": "CVE-2019-9072",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9072",
"Source": "CVE"
},
{
"RefID": "CVE-2019-9073",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9073",
"Source": "CVE"
},
{
"RefID": "CVE-2019-9074",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9074",
"Source": "CVE"
},
{
"RefID": "CVE-2019-9075",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9075",
"Source": "CVE"
},
{
"RefID": "CVE-2019-9076",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9076",
"Source": "CVE"
},
{
"RefID": "CVE-2019-9077",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9077",
"Source": "CVE"
},
{
"RefID": "CVE-2020-35493",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-35493",
"Source": "CVE"
},
{
"RefID": "CVE-2020-35494",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-35494",
"Source": "CVE"
},
{
"RefID": "CVE-2020-35495",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-35495",
"Source": "CVE"
},
{
"RefID": "CVE-2020-35496",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-35496",
"Source": "CVE"
},
{
"RefID": "CVE-2020-35507",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-35507",
"Source": "CVE"
}
],
"Description": "This update upgrades arm-none-eabi-binutils to version 2.35-alt1. \nSecurity Fix(es):\n\n * BDU:2019-00981: Уязвимость функции _bfd_archive_64_bit_slurp_armap программного средства разработки GNU Binutils, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2020-04872: Уязвимость библиотеки libbfd программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2019-12972: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\\0' character.\n\n * CVE-2019-14250: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.\n\n * CVE-2019-14444: apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.\n\n * CVE-2019-17450: find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.\n\n * CVE-2019-17451: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.\n\n * CVE-2019-9070: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.\n\n * CVE-2019-9071: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.\n\n * CVE-2019-9072: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c.\n\n * CVE-2019-9073: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.\n\n * CVE-2019-9074: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.\n\n * CVE-2019-9075: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.\n\n * CVE-2019-9076: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.\n\n * CVE-2019-9077: An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.\n\n * CVE-2020-35493: A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -\u003e out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.\n\n * CVE-2020-35494: There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.\n\n * CVE-2020-35495: There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.\n\n * CVE-2020-35496: There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.\n\n * CVE-2020-35507: There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-02-07"
},
"Updated": {
"Date": "2021-02-07"
},
"BDUs": [
{
"ID": "BDU:2019-00981",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-00981",
"Impact": "Low",
"Public": "20190219"
},
{
"ID": "BDU:2020-04872",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-770",
"Href": "https://bdu.fstec.ru/vul/2020-04872",
"Impact": "Low",
"Public": "20190219"
}
],
"CVEs": [
{
"ID": "CVE-2019-12972",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-12972",
"Impact": "Low",
"Public": "20190626"
},
{
"ID": "CVE-2019-14250",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14250",
"Impact": "Low",
"Public": "20190724"
},
{
"ID": "CVE-2019-14444",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14444",
"Impact": "Low",
"Public": "20190730"
},
{
"ID": "CVE-2019-17450",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-17450",
"Impact": "Low",
"Public": "20191010"
},
{
"ID": "CVE-2019-17451",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-17451",
"Impact": "Low",
"Public": "20191010"
},
{
"ID": "CVE-2019-9070",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9070",
"Impact": "High",
"Public": "20190224"
},
{
"ID": "CVE-2019-9071",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9071",
"Impact": "Low",
"Public": "20190224"
},
{
"ID": "CVE-2019-9072",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9072",
"Impact": "Low",
"Public": "20190224"
},
{
"ID": "CVE-2019-9073",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9073",
"Impact": "Low",
"Public": "20190224"
},
{
"ID": "CVE-2019-9074",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9074",
"Impact": "Low",
"Public": "20190224"
},
{
"ID": "CVE-2019-9075",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9075",
"Impact": "High",
"Public": "20190224"
},
{
"ID": "CVE-2019-9076",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9076",
"Impact": "Low",
"Public": "20190224"
},
{
"ID": "CVE-2019-9077",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9077",
"Impact": "High",
"Public": "20190224"
},
{
"ID": "CVE-2020-35493",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-35493",
"Impact": "Low",
"Public": "20210104"
},
{
"ID": "CVE-2020-35494",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-35494",
"Impact": "Low",
"Public": "20210104"
},
{
"ID": "CVE-2020-35495",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-35495",
"Impact": "Low",
"Public": "20210104"
},
{
"ID": "CVE-2020-35496",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-35496",
"Impact": "Low",
"Public": "20210104"
},
{
"ID": "CVE-2020-35507",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-35507",
"Impact": "Low",
"Public": "20210104"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:container:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20211230001",
"Comment": "arm-none-eabi-binutils is earlier than 0:2.35-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink