2024-06-28 13:17:52 +00:00

113 lines
3.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20192704",
"Version": "oval:org.altlinux.errata:def:20192704",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-2704: package `wireshark` update to version 3.0.4-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-2704",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-2704",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-00269",
"RefURL": "https://bdu.fstec.ru/vul/2022-00269",
"Source": "BDU"
},
{
"RefID": "CVE-2019-16319",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-16319",
"Source": "CVE"
}
],
"Description": "This update upgrades wireshark to version 3.0.4-alt1. \nSecurity Fix(es):\n\n * BDU:2022-00269: Уязвимость программы для анализа трафика wireshark, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2019-16319: In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-09-17"
},
"Updated": {
"Date": "2019-09-17"
},
"BDUs": [
{
"ID": "BDU:2022-00269",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2022-00269",
"Impact": "High",
"Public": "20190915"
}
],
"CVEs": [
{
"ID": "CVE-2019-16319",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-16319",
"Impact": "High",
"Public": "20190915"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20192704001",
"Comment": "tshark is earlier than 0:3.0.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192704002",
"Comment": "wireshark-base is earlier than 0:3.0.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192704003",
"Comment": "wireshark-devel is earlier than 0:3.0.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192704004",
"Comment": "wireshark-qt5 is earlier than 0:3.0.4-alt1"
}
]
}
]
}
}
]
}