pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e0dc501afd
vuln-list-alt/oval/p10/ALT-PU-2016-2474/definitions.json
pepelyaevip 83c40c9d64 ALT Vulnerability
2024-07-06 03:04:52 +00:00

749 lines
39 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20162474",
"Version": "oval:org.altlinux.errata:def:20162474",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2016-2474: package `libjasper` update to version 1.900.13-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2016-2474",
"RefURL": "https://errata.altlinux.org/ALT-PU-2016-2474",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-06432",
"RefURL": "https://bdu.fstec.ru/vul/2015-06432",
"Source": "BDU"
},
{
"RefID": "BDU:2015-06433",
"RefURL": "https://bdu.fstec.ru/vul/2015-06433",
"Source": "BDU"
},
{
"RefID": "BDU:2015-06434",
"RefURL": "https://bdu.fstec.ru/vul/2015-06434",
"Source": "BDU"
},
{
"RefID": "BDU:2015-06435",
"RefURL": "https://bdu.fstec.ru/vul/2015-06435",
"Source": "BDU"
},
{
"RefID": "BDU:2015-06436",
"RefURL": "https://bdu.fstec.ru/vul/2015-06436",
"Source": "BDU"
},
{
"RefID": "BDU:2015-06437",
"RefURL": "https://bdu.fstec.ru/vul/2015-06437",
"Source": "BDU"
},
{
"RefID": "BDU:2015-06438",
"RefURL": "https://bdu.fstec.ru/vul/2015-06438",
"Source": "BDU"
},
{
"RefID": "BDU:2015-06439",
"RefURL": "https://bdu.fstec.ru/vul/2015-06439",
"Source": "BDU"
},
{
"RefID": "BDU:2015-06440",
"RefURL": "https://bdu.fstec.ru/vul/2015-06440",
"Source": "BDU"
},
{
"RefID": "BDU:2015-08357",
"RefURL": "https://bdu.fstec.ru/vul/2015-08357",
"Source": "BDU"
},
{
"RefID": "BDU:2015-08358",
"RefURL": "https://bdu.fstec.ru/vul/2015-08358",
"Source": "BDU"
},
{
"RefID": "BDU:2015-08359",
"RefURL": "https://bdu.fstec.ru/vul/2015-08359",
"Source": "BDU"
},
{
"RefID": "BDU:2015-08360",
"RefURL": "https://bdu.fstec.ru/vul/2015-08360",
"Source": "BDU"
},
{
"RefID": "BDU:2015-08361",
"RefURL": "https://bdu.fstec.ru/vul/2015-08361",
"Source": "BDU"
},
{
"RefID": "BDU:2015-08362",
"RefURL": "https://bdu.fstec.ru/vul/2015-08362",
"Source": "BDU"
},
{
"RefID": "BDU:2015-08581",
"RefURL": "https://bdu.fstec.ru/vul/2015-08581",
"Source": "BDU"
},
{
"RefID": "BDU:2015-08582",
"RefURL": "https://bdu.fstec.ru/vul/2015-08582",
"Source": "BDU"
},
{
"RefID": "BDU:2015-08583",
"RefURL": "https://bdu.fstec.ru/vul/2015-08583",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09350",
"RefURL": "https://bdu.fstec.ru/vul/2015-09350",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09443",
"RefURL": "https://bdu.fstec.ru/vul/2015-09443",
"Source": "BDU"
},
{
"RefID": "BDU:2019-02458",
"RefURL": "https://bdu.fstec.ru/vul/2019-02458",
"Source": "BDU"
},
{
"RefID": "CVE-2008-3520",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2008-3520",
"Source": "CVE"
},
{
"RefID": "CVE-2008-3521",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2008-3521",
"Source": "CVE"
},
{
"RefID": "CVE-2008-3522",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2008-3522",
"Source": "CVE"
},
{
"RefID": "CVE-2011-4516",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2011-4516",
"Source": "CVE"
},
{
"RefID": "CVE-2011-4517",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2011-4517",
"Source": "CVE"
},
{
"RefID": "CVE-2014-8137",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-8137",
"Source": "CVE"
},
{
"RefID": "CVE-2014-8138",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-8138",
"Source": "CVE"
},
{
"RefID": "CVE-2014-8157",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-8157",
"Source": "CVE"
},
{
"RefID": "CVE-2014-8158",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-8158",
"Source": "CVE"
},
{
"RefID": "CVE-2014-9029",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-9029",
"Source": "CVE"
},
{
"RefID": "CVE-2015-5221",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-5221",
"Source": "CVE"
},
{
"RefID": "CVE-2016-10248",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10248",
"Source": "CVE"
},
{
"RefID": "CVE-2016-10249",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10249",
"Source": "CVE"
},
{
"RefID": "CVE-2016-10250",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10250",
"Source": "CVE"
},
{
"RefID": "CVE-2016-1577",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-1577",
"Source": "CVE"
},
{
"RefID": "CVE-2016-1867",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-1867",
"Source": "CVE"
},
{
"RefID": "CVE-2016-2089",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2089",
"Source": "CVE"
},
{
"RefID": "CVE-2016-2116",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2116",
"Source": "CVE"
},
{
"RefID": "CVE-2016-8691",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8691",
"Source": "CVE"
},
{
"RefID": "CVE-2016-8692",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8692",
"Source": "CVE"
},
{
"RefID": "CVE-2016-8693",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8693",
"Source": "CVE"
},
{
"RefID": "CVE-2016-8882",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8882",
"Source": "CVE"
},
{
"RefID": "CVE-2016-8883",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8883",
"Source": "CVE"
},
{
"RefID": "CVE-2016-8885",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8885",
"Source": "CVE"
},
{
"RefID": "CVE-2016-8886",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8886",
"Source": "CVE"
},
{
"RefID": "CVE-2016-8887",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8887",
"Source": "CVE"
},
{
"RefID": "CVE-2016-9387",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9387",
"Source": "CVE"
},
{
"RefID": "CVE-2016-9396",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9396",
"Source": "CVE"
}
],
"Description": "This update upgrades libjasper to version 1.900.13-alt1. \nSecurity Fix(es):\n\n * BDU:2015-06432: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-06433: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-06434: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-06435: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-06436: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-06437: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-06438: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-06439: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-06440: Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08357: Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08358: Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08359: Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08360: Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08361: Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08362: Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08581: Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08582: Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08583: Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09350: Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09443: Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2019-02458: Уязвимость функции JPC_NOMINALGAIN набора библиотек JasPer, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2008-3520: Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.\n\n * CVE-2008-3521: Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.\n\n * CVE-2008-3522: Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.\n\n * CVE-2011-4516: Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.\n\n * CVE-2011-4517: The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.\n\n * CVE-2014-8137: Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.\n\n * CVE-2014-8138: Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.\n\n * CVE-2014-8157: Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.\n\n * CVE-2014-8158: Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.\n\n * CVE-2014-9029: Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.\n\n * CVE-2015-5221: Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.\n\n * CVE-2016-10248: The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.\n\n * CVE-2016-10249: Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.\n\n * CVE-2016-10250: The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.\n\n * CVE-2016-1577: Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.\n\n * CVE-2016-1867: The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.\n\n * CVE-2016-2089: The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.\n\n * CVE-2016-2116: Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.\n\n * CVE-2016-8691: The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.\n\n * CVE-2016-8692: The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.\n\n * CVE-2016-8693: Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.\n\n * CVE-2016-8882: The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.\n\n * CVE-2016-8883: The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.\n\n * CVE-2016-8885: The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.\n\n * CVE-2016-8886: The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.\n\n * CVE-2016-8887: The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).\n\n * CVE-2016-9387: Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.\n\n * CVE-2016-9396: The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2016-12-21"
},
"Updated": {
"Date": "2016-12-21"
},
"BDUs": [
{
"ID": "BDU:2015-06432",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-06432",
"Impact": "Critical",
"Public": "20090211"
},
{
"ID": "BDU:2015-06433",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-06433",
"Impact": "Critical",
"Public": "20090211"
},
{
"ID": "BDU:2015-06434",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-06434",
"Impact": "High",
"Public": "20111212"
},
{
"ID": "BDU:2015-06435",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-06435",
"Impact": "Critical",
"Public": "20090211"
},
{
"ID": "BDU:2015-06436",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-06436",
"Impact": "Critical",
"Public": "20090211"
},
{
"ID": "BDU:2015-06437",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-06437",
"Impact": "High",
"Public": "20111212"
},
{
"ID": "BDU:2015-06438",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-06438",
"Impact": "Critical",
"Public": "20090211"
},
{
"ID": "BDU:2015-06439",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-06439",
"Impact": "Critical",
"Public": "20090211"
},
{
"ID": "BDU:2015-06440",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-06440",
"Impact": "High",
"Public": "20111212"
},
{
"ID": "BDU:2015-08357",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-08357",
"Impact": "Critical",
"Public": "20090211"
},
{
"ID": "BDU:2015-08358",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-08358",
"Impact": "Critical",
"Public": "20090211"
},
{
"ID": "BDU:2015-08359",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-08359",
"Impact": "Critical",
"Public": "20090211"
},
{
"ID": "BDU:2015-08360",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-08360",
"Impact": "Critical",
"Public": "20090211"
},
{
"ID": "BDU:2015-08361",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-08361",
"Impact": "Critical",
"Public": "20090211"
},
{
"ID": "BDU:2015-08362",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-08362",
"Impact": "Critical",
"Public": "20090211"
},
{
"ID": "BDU:2015-08581",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-08581",
"Impact": "High",
"Public": "20111212"
},
{
"ID": "BDU:2015-08582",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-08582",
"Impact": "High",
"Public": "20111212"
},
{
"ID": "BDU:2015-08583",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-08583",
"Impact": "High",
"Public": "20111212"
},
{
"ID": "BDU:2015-09350",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-189",
"Href": "https://bdu.fstec.ru/vul/2015-09350",
"Impact": "Critical",
"Public": "20081216"
},
{
"ID": "BDU:2015-09443",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2015-09443",
"Impact": "Low",
"Public": "20120123"
},
{
"ID": "BDU:2019-02458",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://bdu.fstec.ru/vul/2019-02458",
"Impact": "High",
"Public": "20170825"
}
],
"CVEs": [
{
"ID": "CVE-2008-3520",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CWE": "CWE-189",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2008-3520",
"Impact": "Critical",
"Public": "20081002"
},
{
"ID": "CVE-2008-3521",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-59",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2008-3521",
"Impact": "High",
"Public": "20081002"
},
{
"ID": "CVE-2008-3522",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2008-3522",
"Impact": "Critical",
"Public": "20081002"
},
{
"ID": "CVE-2011-4516",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2011-4516",
"Impact": "Low",
"Public": "20111215"
},
{
"ID": "CVE-2011-4517",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2011-4517",
"Impact": "Low",
"Public": "20111215"
},
{
"ID": "CVE-2014-8137",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-8137",
"Impact": "Low",
"Public": "20141224"
},
{
"ID": "CVE-2014-8138",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-8138",
"Impact": "High",
"Public": "20141224"
},
{
"ID": "CVE-2014-8157",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-189",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-8157",
"Impact": "High",
"Public": "20150126"
},
{
"ID": "CVE-2014-8158",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-8158",
"Impact": "Low",
"Public": "20150126"
},
{
"ID": "CVE-2014-9029",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-189",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-9029",
"Impact": "High",
"Public": "20141208"
},
{
"ID": "CVE-2015-5221",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-5221",
"Impact": "Low",
"Public": "20170725"
},
{
"ID": "CVE-2016-10248",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10248",
"Impact": "High",
"Public": "20170315"
},
{
"ID": "CVE-2016-10249",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10249",
"Impact": "High",
"Public": "20170315"
},
{
"ID": "CVE-2016-10250",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10250",
"Impact": "High",
"Public": "20170315"
},
{
"ID": "CVE-2016-1577",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-1577",
"Impact": "High",
"Public": "20160413"
},
{
"ID": "CVE-2016-1867",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-1867",
"Impact": "Low",
"Public": "20160120"
},
{
"ID": "CVE-2016-2089",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2089",
"Impact": "Low",
"Public": "20160208"
},
{
"ID": "CVE-2016-2116",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2116",
"Impact": "Low",
"Public": "20160413"
},
{
"ID": "CVE-2016-8691",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-8691",
"Impact": "Low",
"Public": "20170215"
},
{
"ID": "CVE-2016-8692",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-8692",
"Impact": "Low",
"Public": "20170215"
},
{
"ID": "CVE-2016-8693",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-415",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-8693",
"Impact": "High",
"Public": "20170215"
},
{
"ID": "CVE-2016-8882",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-8882",
"Impact": "Low",
"Public": "20170113"
},
{
"ID": "CVE-2016-8883",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-8883",
"Impact": "Low",
"Public": "20170113"
},
{
"ID": "CVE-2016-8885",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-8885",
"Impact": "Low",
"Public": "20170323"
},
{
"ID": "CVE-2016-8886",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-8886",
"Impact": "High",
"Public": "20170323"
},
{
"ID": "CVE-2016-8887",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-8887",
"Impact": "Low",
"Public": "20170323"
},
{
"ID": "CVE-2016-9387",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9387",
"Impact": "High",
"Public": "20170323"
},
{
"ID": "CVE-2016-9396",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9396",
"Impact": "High",
"Public": "20170323"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20162474001",
"Comment": "jasper is earlier than 0:1.900.13-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20162474002",
"Comment": "libjasper is earlier than 0:1.900.13-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20162474003",
"Comment": "libjasper-devel is earlier than 0:1.900.13-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink