pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2019-1966/definitions.json
pepelyaevip 9e8a5a2bb2 ALT Vulnerability
2024-02-14 09:47:22 +00:00

181 lines
8.0 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20191966",
"Version": "oval:org.altlinux.errata:def:20191966",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-1966: package `php7-xsl` update to version 7.2.19-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-1966",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-1966",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-01416",
"RefURL": "https://bdu.fstec.ru/vul/2020-01416",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01419",
"RefURL": "https://bdu.fstec.ru/vul/2020-01419",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01676",
"RefURL": "https://bdu.fstec.ru/vul/2020-01676",
"Source": "BDU"
},
{
"RefID": "CVE-2019-11038",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11038",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11039",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11039",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11040",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11040",
"Source": "CVE"
}
],
"Description": "This update upgrades php7-xsl to version 7.2.19-alt1. \nSecurity Fix(es):\n\n * BDU:2020-01416: Уязвимость функции exif_iif_add_value интерпретатора языка программирования PHP, связанная с чтением данных за допустимыми границами, позволяющая нарушителю получить несанкционированный доступ к информации или вызвать отказ в обслуживании\n\n * BDU:2020-01419: Уязвимость функции exif_read_data интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к информации или вызвать отказ в обслуживании\n\n * BDU:2020-01676: Уязвимость функции gdImageCreateFromXbm графической библиотеке GD интерпретатора языка программирования PHP, связанная с недостатком механизма проверки вводимых данных, позволяющая нарушителю получить несанкционированный доступ к информации\n\n * CVE-2019-11038: When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.\n\n * CVE-2019-11039: Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.\n\n * CVE-2019-11040: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-06-02"
},
"Updated": {
"Date": "2019-06-02"
},
"bdu": [
{
"Cvss": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"Cwe": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2020-01416",
"Impact": "Critical",
"Public": "20190526",
"CveID": "BDU:2020-01416"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"Cwe": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2020-01419",
"Impact": "Critical",
"Public": "20190507",
"CveID": "BDU:2020-01419"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"Cwe": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2020-01676",
"Impact": "High",
"Public": "20190505",
"CveID": "BDU:2020-01676"
}
],
"Cves": [
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"Cwe": "CWE-908",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11038",
"Impact": "Low",
"Public": "20190619",
"CveID": "CVE-2019-11038"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"Cwe": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11039",
"Impact": "Critical",
"Public": "20190619",
"CveID": "CVE-2019-11039"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"Cwe": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11040",
"Impact": "Critical",
"Public": "20190619",
"CveID": "CVE-2019-11040"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20191966001",
"Comment": "php7-xsl is earlier than 0:7.2.19-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink