pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e0dc501afd
vuln-list-alt/oval/p10/ALT-PU-2020-2894/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

467 lines
24 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20202894",
"Version": "oval:org.altlinux.errata:def:20202894",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-2894: package `GraphicsMagick` update to version 1.3.35-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-2894",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-2894",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-01594",
"RefURL": "https://bdu.fstec.ru/vul/2020-01594",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01869",
"RefURL": "https://bdu.fstec.ru/vul/2020-01869",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01875",
"RefURL": "https://bdu.fstec.ru/vul/2020-01875",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01905",
"RefURL": "https://bdu.fstec.ru/vul/2020-01905",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01906",
"RefURL": "https://bdu.fstec.ru/vul/2020-01906",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02026",
"RefURL": "https://bdu.fstec.ru/vul/2020-02026",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02027",
"RefURL": "https://bdu.fstec.ru/vul/2020-02027",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02028",
"RefURL": "https://bdu.fstec.ru/vul/2020-02028",
"Source": "BDU"
},
{
"RefID": "BDU:2020-03283",
"RefURL": "https://bdu.fstec.ru/vul/2020-03283",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03545",
"RefURL": "https://bdu.fstec.ru/vul/2021-03545",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03601",
"RefURL": "https://bdu.fstec.ru/vul/2021-03601",
"Source": "BDU"
},
{
"RefID": "CVE-2018-18544",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-18544",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11005",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11005",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11006",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11006",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11007",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11007",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11008",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11008",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11009",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11009",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11010",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11010",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11505",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11505",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11506",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11506",
"Source": "CVE"
},
{
"RefID": "CVE-2019-12921",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-12921",
"Source": "CVE"
},
{
"RefID": "CVE-2019-7397",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-7397",
"Source": "CVE"
},
{
"RefID": "CVE-2020-10938",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-10938",
"Source": "CVE"
}
],
"Description": "This update upgrades GraphicsMagick to version 1.3.35-alt1. \nSecurity Fix(es):\n\n * BDU:2020-01594: Уязвимость функции WriteMATLABImage графического редактора GraphicsMagick, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие\n\n * BDU:2020-01869: Уязвимость функции WritePDBImage графического редактора GraphicsMagick, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании\n\n * BDU:2020-01875: Уязвимость функции WriteXWDImage графического редактора GraphicsMagick, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании\n\n * BDU:2020-01905: Уязвимость функции ReadMIFFImage графического редактора GraphicsMagick, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность\n\n * BDU:2020-01906: Уязвимость функции SVGStartElement графического редактора GraphicsMagick, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность\n\n * BDU:2020-02026: Уязвимость функции ReadMNGImage графического редактора GraphicsMagick, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее доступность\n\n * BDU:2020-02027: Уязвимость функции ReadXWDImage графического редактора GraphicsMagick, связанная с чтением за границами буфера в памяти, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность\n\n * BDU:2020-02028: Уязвимость функции ReadMPCImage графического редактора GraphicsMagick, связанная с ошибками управления ресурсом, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-03283: Уязвимость реализации функции WritePDFImage графических редакторов ImageMagick и GraphicsMagick, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2021-03545: Уязвимость набора приложений командной строки для обработки файлов изображений GraphicsMagick, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * BDU:2021-03601: Уязвимость функции HuffmanDecodeImage набора приложений командной строки для обработки файлов изображений GraphicsMagick, связанная с целочисленным переполнением, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2018-18544: There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.\n\n * CVE-2019-11005: In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.\n\n * CVE-2019-11006: In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.\n\n * CVE-2019-11007: In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.\n\n * CVE-2019-11008: In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.\n\n * CVE-2019-11009: In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.\n\n * CVE-2019-11010: In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.\n\n * CVE-2019-11505: In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.\n\n * CVE-2019-11506: In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.\n\n * CVE-2019-12921: In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.\n\n * CVE-2019-7397: In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.\n\n * CVE-2020-10938: GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-09-30"
},
"Updated": {
"Date": "2020-09-30"
},
"BDUs": [
{
"ID": "BDU:2020-01594",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-01594",
"Impact": "High",
"Public": "20190424"
},
{
"ID": "BDU:2020-01869",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-01869",
"Impact": "High",
"Public": "20190424"
},
{
"ID": "BDU:2020-01875",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-01875",
"Impact": "High",
"Public": "20190413"
},
{
"ID": "BDU:2020-01905",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-119, CWE-125",
"Href": "https://bdu.fstec.ru/vul/2020-01905",
"Impact": "Critical",
"Public": "20190413"
},
{
"ID": "BDU:2020-01906",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-01906",
"Impact": "Critical",
"Public": "20190413"
},
{
"ID": "BDU:2020-02026",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-119, CWE-125",
"Href": "https://bdu.fstec.ru/vul/2020-02026",
"Impact": "High",
"Public": "20190413"
},
{
"ID": "BDU:2020-02027",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2020-02027",
"Impact": "High",
"Public": "20190413"
},
{
"ID": "BDU:2020-02028",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-399, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2020-02028",
"Impact": "Low",
"Public": "20190413"
},
{
"ID": "BDU:2020-03283",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-399",
"Href": "https://bdu.fstec.ru/vul/2020-03283",
"Impact": "High",
"Public": "20190111"
},
{
"ID": "BDU:2021-03545",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2021-03545",
"Impact": "Low",
"Public": "20200318"
},
{
"ID": "BDU:2021-03601",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-03601",
"Impact": "Critical",
"Public": "20200324"
}
],
"CVEs": [
{
"ID": "CVE-2018-18544",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-772",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-18544",
"Impact": "Low",
"Public": "20181021"
},
{
"ID": "CVE-2019-11005",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11005",
"Impact": "Critical",
"Public": "20190408"
},
{
"ID": "CVE-2019-11006",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11006",
"Impact": "Critical",
"Public": "20190408"
},
{
"ID": "CVE-2019-11007",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11007",
"Impact": "High",
"Public": "20190408"
},
{
"ID": "CVE-2019-11008",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11008",
"Impact": "High",
"Public": "20190408"
},
{
"ID": "CVE-2019-11009",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11009",
"Impact": "High",
"Public": "20190408"
},
{
"ID": "CVE-2019-11010",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11010",
"Impact": "Low",
"Public": "20190408"
},
{
"ID": "CVE-2019-11505",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11505",
"Impact": "High",
"Public": "20190424"
},
{
"ID": "CVE-2019-11506",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11506",
"Impact": "High",
"Public": "20190424"
},
{
"ID": "CVE-2019-12921",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-77",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-12921",
"Impact": "Low",
"Public": "20200318"
},
{
"ID": "CVE-2019-7397",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-7397",
"Impact": "High",
"Public": "20190205"
},
{
"ID": "CVE-2020-10938",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-10938",
"Impact": "Critical",
"Public": "20200324"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20202894001",
"Comment": "GraphicsMagick is earlier than 0:1.3.35-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202894002",
"Comment": "GraphicsMagick-ImageMagick-compat is earlier than 0:1.3.35-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202894003",
"Comment": "GraphicsMagick-common is earlier than 0:1.3.35-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202894004",
"Comment": "GraphicsMagick-doc is earlier than 0:1.3.35-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202894005",
"Comment": "GraphicsMagick-nox is earlier than 0:1.3.35-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202894006",
"Comment": "libGraphicsMagick is earlier than 0:1.3.35-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202894007",
"Comment": "libGraphicsMagick-c++ is earlier than 0:1.3.35-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202894008",
"Comment": "libGraphicsMagick-c++-devel is earlier than 0:1.3.35-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202894009",
"Comment": "libGraphicsMagick-c++-devel-static is earlier than 0:1.3.35-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202894010",
"Comment": "libGraphicsMagick-devel is earlier than 0:1.3.35-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202894011",
"Comment": "libGraphicsMagick-devel-static is earlier than 0:1.3.35-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202894012",
"Comment": "perl-GraphicsMagick is earlier than 0:1.3.35-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202894013",
"Comment": "perl-GraphicsMagick-demo is earlier than 0:1.3.35-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink