pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e0dc501afd
vuln-list-alt/oval/p10/ALT-PU-2024-9331/definitions.json
pepelyaevip 29f3b9524e ALT Vulnerability
2024-11-26 09:05:25 +00:00

486 lines
23 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20249331",
"Version": "oval:org.altlinux.errata:def:20249331",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-9331: package `binutils` update to version 2.35.2-alt3",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-9331",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-9331",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-00594",
"RefURL": "https://bdu.fstec.ru/vul/2022-00594",
"Source": "BDU"
},
{
"RefID": "BDU:2023-00576",
"RefURL": "https://bdu.fstec.ru/vul/2023-00576",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03853",
"RefURL": "https://bdu.fstec.ru/vul/2023-03853",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05785",
"RefURL": "https://bdu.fstec.ru/vul/2023-05785",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05786",
"RefURL": "https://bdu.fstec.ru/vul/2023-05786",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05798",
"RefURL": "https://bdu.fstec.ru/vul/2023-05798",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05799",
"RefURL": "https://bdu.fstec.ru/vul/2023-05799",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05852",
"RefURL": "https://bdu.fstec.ru/vul/2023-05852",
"Source": "BDU"
},
{
"RefID": "BDU:2023-06829",
"RefURL": "https://bdu.fstec.ru/vul/2023-06829",
"Source": "BDU"
},
{
"RefID": "BDU:2023-06830",
"RefURL": "https://bdu.fstec.ru/vul/2023-06830",
"Source": "BDU"
},
{
"RefID": "BDU:2023-06831",
"RefURL": "https://bdu.fstec.ru/vul/2023-06831",
"Source": "BDU"
},
{
"RefID": "BDU:2023-06832",
"RefURL": "https://bdu.fstec.ru/vul/2023-06832",
"Source": "BDU"
},
{
"RefID": "BDU:2023-06833",
"RefURL": "https://bdu.fstec.ru/vul/2023-06833",
"Source": "BDU"
},
{
"RefID": "CVE-2021-45078",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-45078",
"Source": "CVE"
},
{
"RefID": "CVE-2021-46174",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-46174",
"Source": "CVE"
},
{
"RefID": "CVE-2022-38533",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-38533",
"Source": "CVE"
},
{
"RefID": "CVE-2022-4285",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-4285",
"Source": "CVE"
},
{
"RefID": "CVE-2022-44840",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-44840",
"Source": "CVE"
},
{
"RefID": "CVE-2022-47007",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-47007",
"Source": "CVE"
},
{
"RefID": "CVE-2022-47008",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-47008",
"Source": "CVE"
},
{
"RefID": "CVE-2022-47010",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-47010",
"Source": "CVE"
},
{
"RefID": "CVE-2022-47011",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-47011",
"Source": "CVE"
},
{
"RefID": "CVE-2022-47673",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-47673",
"Source": "CVE"
},
{
"RefID": "CVE-2022-47695",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-47695",
"Source": "CVE"
},
{
"RefID": "CVE-2022-47696",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-47696",
"Source": "CVE"
},
{
"RefID": "CVE-2022-48063",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-48063",
"Source": "CVE"
},
{
"RefID": "CVE-2022-48064",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-48064",
"Source": "CVE"
},
{
"RefID": "CVE-2023-1972",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-1972",
"Source": "CVE"
}
],
"Description": "This update upgrades binutils to version 2.35.2-alt3. \nSecurity Fix(es):\n\n * BDU:2022-00594: Уязвимость функции stab_xcoff_builtin_type (stabs.c) набора инструментального программного обеспечения GNU Binary Utilities, связанная с записью за границами буфера, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-00576: Уязвимость программного средства разработки GNU Binutils, связанная с разыменованием нулевого указателя, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании» (DoS)\n\n * BDU:2023-03853: Уязвимость утилиты strip программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05785: Уязвимость функции parse_stab_struct_fields программного средства разработки GNU Binutils, связанная с ошибкой освобождения памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05786: Уязвимость функции parse_module программного средства разработки GNU Binutils, связанная с чтением за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании или оказать иное воздействие\n\n * BDU:2023-05798: Уязвимость функции bfd_mach_o_get_synthetic_symtab (match-o.c) программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании или оказать иное воздействие\n\n * BDU:2023-05799: Уязвимость функции compare_symbols() (objdump.c) программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании или оказать иное воздействие\n\n * BDU:2023-05852: Уязвимость функции find_section_in_set() (readelf.c) программного средства разработки GNU Binutils, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2023-06829: Уязвимость функции stab_demangle_v3_arg (stabs.c) программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-06830: Уязвимость функций make_tempdir и make_tempname (bucomm.c) программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-06831: Уязвимость функции pr_function_type (prdbg.c) программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-06832: Уязвимость функции load_separate_debug_files (dwarf2.c) программного средства разработки GNU Binutils, позволяющая нарушителю вызвать DNS-атаку\n\n * BDU:2023-06833: Уязвимость функции bfd_dwarf2_find_nearest_line_with_alt (dwarf2.c) программного средства разработки GNU Binutils, позволяющая нарушителю вызвать DNS-атаку\n\n * CVE-2021-45078: stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.\n\n * CVE-2021-46174: Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.\n\n * CVE-2022-38533: In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.\n\n * CVE-2022-4285: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.\n\n * CVE-2022-44840: Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.\n\n * CVE-2022-47007: An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.\n\n * CVE-2022-47008: An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.\n\n * CVE-2022-47010: An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.\n\n * CVE-2022-47011: An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.\n\n * CVE-2022-47673: An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.\n\n * CVE-2022-47695: An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.\n\n * CVE-2022-47696: An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.\n\n * CVE-2022-48063: GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.\n\n * CVE-2022-48064: GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.\n\n * CVE-2023-1972: A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-06-28"
},
"Updated": {
"Date": "2024-06-28"
},
"BDUs": [
{
"ID": "BDU:2022-00594",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-00594",
"Impact": "High",
"Public": "20220107"
},
{
"ID": "BDU:2023-00576",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2023-00576",
"Impact": "Low",
"Public": "20230127"
},
{
"ID": "BDU:2023-03853",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2023-03853",
"Impact": "Low",
"Public": "20220813"
},
{
"ID": "BDU:2023-05785",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://bdu.fstec.ru/vul/2023-05785",
"Impact": "Low",
"Public": "20230822"
},
{
"ID": "BDU:2023-05786",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2023-05786",
"Impact": "High",
"Public": "20230822"
},
{
"ID": "BDU:2023-05798",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2023-05798",
"Impact": "High",
"Public": "20230822"
},
{
"ID": "BDU:2023-05799",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2023-05799",
"Impact": "High",
"Public": "20230822"
},
{
"ID": "BDU:2023-05852",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2023-05852",
"Impact": "High",
"Public": "20221030"
},
{
"ID": "BDU:2023-06829",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://bdu.fstec.ru/vul/2023-06829",
"Impact": "Low",
"Public": "20230822"
},
{
"ID": "BDU:2023-06830",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://bdu.fstec.ru/vul/2023-06830",
"Impact": "Low",
"Public": "20230822"
},
{
"ID": "BDU:2023-06831",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://bdu.fstec.ru/vul/2023-06831",
"Impact": "Low",
"Public": "20230822"
},
{
"ID": "BDU:2023-06832",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2023-06832",
"Impact": "Low",
"Public": "20230822"
},
{
"ID": "BDU:2023-06833",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2023-06833",
"Impact": "Low",
"Public": "20230822"
}
],
"CVEs": [
{
"ID": "CVE-2021-45078",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-45078",
"Impact": "High",
"Public": "20211215"
},
{
"ID": "CVE-2021-46174",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-46174",
"Impact": "High",
"Public": "20230822"
},
{
"ID": "CVE-2022-38533",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-38533",
"Impact": "Low",
"Public": "20220826"
},
{
"ID": "CVE-2022-4285",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-4285",
"Impact": "Low",
"Public": "20230127"
},
{
"ID": "CVE-2022-44840",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-44840",
"Impact": "High",
"Public": "20230822"
},
{
"ID": "CVE-2022-47007",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-47007",
"Impact": "Low",
"Public": "20230822"
},
{
"ID": "CVE-2022-47008",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-47008",
"Impact": "Low",
"Public": "20230822"
},
{
"ID": "CVE-2022-47010",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-47010",
"Impact": "Low",
"Public": "20230822"
},
{
"ID": "CVE-2022-47011",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-47011",
"Impact": "Low",
"Public": "20230822"
},
{
"ID": "CVE-2022-47673",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-47673",
"Impact": "High",
"Public": "20230822"
},
{
"ID": "CVE-2022-47695",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-47695",
"Impact": "High",
"Public": "20230822"
},
{
"ID": "CVE-2022-47696",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-47696",
"Impact": "High",
"Public": "20230822"
},
{
"ID": "CVE-2022-48063",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-48063",
"Impact": "Low",
"Public": "20230822"
},
{
"ID": "CVE-2022-48064",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-48064",
"Impact": "Low",
"Public": "20230822"
},
{
"ID": "CVE-2023-1972",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-1972",
"Impact": "Low",
"Public": "20230517"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20249331001",
"Comment": "binutils is earlier than 1:2.35.2-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20249331002",
"Comment": "binutils-devel is earlier than 1:2.35.2-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20249331003",
"Comment": "binutils-source is earlier than 1:2.35.2-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20249331004",
"Comment": "libctf-nobfd0 is earlier than 1:2.35.2-alt3"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink