pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2017-1114/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

320 lines
15 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20171114",
"Version": "oval:org.altlinux.errata:def:20171114",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2017-1114: package `php7` update to version 7.1.1-alt1.S1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2017-1114",
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-1114",
"Source": "ALTPU"
},
{
"RefID": "BDU:2017-01601",
"RefURL": "https://bdu.fstec.ru/vul/2017-01601",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01655",
"RefURL": "https://bdu.fstec.ru/vul/2017-01655",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01662",
"RefURL": "https://bdu.fstec.ru/vul/2017-01662",
"Source": "BDU"
},
{
"RefID": "BDU:2018-00024",
"RefURL": "https://bdu.fstec.ru/vul/2018-00024",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02548",
"RefURL": "https://bdu.fstec.ru/vul/2022-02548",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02549",
"RefURL": "https://bdu.fstec.ru/vul/2022-02549",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02563",
"RefURL": "https://bdu.fstec.ru/vul/2022-02563",
"Source": "BDU"
},
{
"RefID": "CVE-2016-10158",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10158",
"Source": "CVE"
},
{
"RefID": "CVE-2016-10159",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10159",
"Source": "CVE"
},
{
"RefID": "CVE-2016-10160",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10160",
"Source": "CVE"
},
{
"RefID": "CVE-2016-10161",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10161",
"Source": "CVE"
},
{
"RefID": "CVE-2016-10162",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10162",
"Source": "CVE"
},
{
"RefID": "CVE-2016-7479",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7479",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11147",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11147",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5340",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5340",
"Source": "CVE"
}
],
"Description": "This update upgrades php7 to version 7.1.1-alt1.S1. \nSecurity Fix(es):\n\n * BDU:2017-01601: Уязвимость функции phar_parse_pharfile интерпретатора PHP, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * BDU:2017-01655: Уязвимость интерпретатора PHP, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2017-01662: Уязвимость компонентов каталога Zend/zend_hash.c интерпретатора PHP, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * BDU:2018-00024: Уязвимость функции phar_parse_pharfile (ext/phar/phar.c) обработчика архивов PHAR, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02548: Уязвимость функции object_common1 интерпретатора языка программирования PHP , связанная с чтением за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02549: Уязвимость функции phar_parse_pharfile интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02563: Уязвимость функции exif_convert_any_to_int интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2016-10158: The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.\n\n * CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.\n\n * CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.\n\n * CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.\n\n * CVE-2016-10162: The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.\n\n * CVE-2016-7479: In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.\n\n * CVE-2017-11147: In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.\n\n * CVE-2017-5340: Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2017-02-01"
},
"Updated": {
"Date": "2017-02-01"
},
"BDUs": [
{
"ID": "BDU:2017-01601",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-01601",
"Impact": "High",
"Public": "20170125"
},
{
"ID": "BDU:2017-01655",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2017-01655",
"Impact": "High",
"Public": "20170112"
},
{
"ID": "BDU:2017-01662",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2017-01662",
"Impact": "High",
"Public": "20170111"
},
{
"ID": "BDU:2018-00024",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2018-00024",
"Impact": "Critical",
"Public": "20161217"
},
{
"ID": "BDU:2022-02548",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2022-02548",
"Impact": "High",
"Public": "20170124"
},
{
"ID": "BDU:2022-02549",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-02549",
"Impact": "High",
"Public": "20170124"
},
{
"ID": "BDU:2022-02563",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-189",
"Href": "https://bdu.fstec.ru/vul/2022-02563",
"Impact": "High",
"Public": "20170124"
}
],
"CVEs": [
{
"ID": "CVE-2016-10158",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-189",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10158",
"Impact": "High",
"Public": "20170124"
},
{
"ID": "CVE-2016-10159",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10159",
"Impact": "High",
"Public": "20170124"
},
{
"ID": "CVE-2016-10160",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-193",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10160",
"Impact": "Critical",
"Public": "20170124"
},
{
"ID": "CVE-2016-10161",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10161",
"Impact": "High",
"Public": "20170124"
},
{
"ID": "CVE-2016-10162",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10162",
"Impact": "High",
"Public": "20170124"
},
{
"ID": "CVE-2016-7479",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7479",
"Impact": "Critical",
"Public": "20170112"
},
{
"ID": "CVE-2017-11147",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11147",
"Impact": "Critical",
"Public": "20170710"
},
{
"ID": "CVE-2017-5340",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5340",
"Impact": "Critical",
"Public": "20170111"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20171114001",
"Comment": "php7 is earlier than 0:7.1.1-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171114002",
"Comment": "php7-devel is earlier than 0:7.1.1-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171114003",
"Comment": "php7-libs is earlier than 0:7.1.1-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171114004",
"Comment": "php7-mysqlnd is earlier than 0:7.1.1-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171114005",
"Comment": "rpm-build-php7-version is earlier than 0:7.1.1-alt1.S1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink