vuln-list-alt/oval/p9/ALT-PU-2018-2713/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20182713",
      "Version": "oval:org.altlinux.errata:def:20182713",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2018-2713: package `openslp` update to version 2.0.0-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p9"
            ],
            "Products": [
              "ALT Server",
              "ALT Virtualization Server",
              "ALT Workstation",
              "ALT Workstation K",
              "ALT Education",
              "Simply Linux",
              "Starterkit"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2018-2713",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2018-2713",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2015-09474",
            "RefURL": "https://bdu.fstec.ru/vul/2015-09474",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2005-0769",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2005-0769",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2010-3609",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2010-3609",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2012-4428",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2012-4428",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2015-5177",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-5177",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades openslp to version 2.0.0-alt1. \nSecurity Fix(es):\n\n * BDU:2015-09474: Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2005-0769: Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attackers to have an unknown impact via malformed SLP packets.\n\n * CVE-2010-3609: The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a \"next extension offset\" that references this extension or a previous extension.  NOTE: some of these details are obtained from third party information.\n\n * CVE-2012-4428: openslp: SLPIntersectStringList()' Function has a DoS vulnerability\n\n * CVE-2015-5177: Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2025 BaseALT Ltd.",
          "Issued": {
            "Date": "2018-11-28"
          },
          "Updated": {
            "Date": "2018-11-28"
          },
          "BDUs": [
            {
              "ID": "BDU:2015-09474",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
              "Href": "https://bdu.fstec.ru/vul/2015-09474",
              "Impact": "High",
              "Public": "20050320"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2005-0769",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
              "CWE": "NVD-CWE-Other",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2005-0769",
              "Impact": "High",
              "Public": "20050502"
            },
            {
              "ID": "CVE-2010-3609",
              "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
              "CWE": "NVD-CWE-noinfo",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2010-3609",
              "Impact": "Low",
              "Public": "20110311"
            },
            {
              "ID": "CVE-2012-4428",
              "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-125",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2012-4428",
              "Impact": "High",
              "Public": "20191202"
            },
            {
              "ID": "CVE-2015-5177",
              "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
              "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-415",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-5177",
              "Impact": "High",
              "Public": "20171022"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:kworkstation:9",
              "cpe:/o:alt:workstation:9",
              "cpe:/o:alt:server:9",
              "cpe:/o:alt:server-v:9",
              "cpe:/o:alt:education:9",
              "cpe:/o:alt:slinux:9",
              "cpe:/o:alt:starterkit:p9"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:1001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182713001",
                "Comment": "libopenslp is earlier than 0:2.0.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182713002",
                "Comment": "libopenslp-devel is earlier than 0:2.0.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182713003",
                "Comment": "openslp is earlier than 0:2.0.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182713004",
                "Comment": "openslp-daemon is earlier than 0:2.0.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182713005",
                "Comment": "openslp-doc is earlier than 0:2.0.0-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}
ALT Vulnerability 2024-06-28 13:17:52 +00:00			`{`
			`"Definition": [`
			`{`
			`"ID": "oval:org.altlinux.errata:def:20182713",`
			`"Version": "oval:org.altlinux.errata:def:20182713",`
			`"Class": "patch",`
			`"Metadata": {`
			"Title": "ALT-PU-2018-2713: package `openslp` update to version 2.0.0-alt1",
			`"AffectedList": [`
			`{`
			`"Family": "unix",`
			`"Platforms": [`
			`"ALT Linux branch p9"`
			`],`
			`"Products": [`
			`"ALT Server",`
			`"ALT Virtualization Server",`
			`"ALT Workstation",`
			`"ALT Workstation K",`
			`"ALT Education",`
			`"Simply Linux",`
			`"Starterkit"`
			`]`
			`}`
			`],`
			`"References": [`
			`{`
			`"RefID": "ALT-PU-2018-2713",`
			`"RefURL": "https://errata.altlinux.org/ALT-PU-2018-2713",`
			`"Source": "ALTPU"`
			`},`
			`{`
			`"RefID": "BDU:2015-09474",`
			`"RefURL": "https://bdu.fstec.ru/vul/2015-09474",`
			`"Source": "BDU"`
			`},`
			`{`
			`"RefID": "CVE-2005-0769",`
			`"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2005-0769",`
			`"Source": "CVE"`
			`},`
			`{`
			`"RefID": "CVE-2010-3609",`
			`"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2010-3609",`
			`"Source": "CVE"`
			`},`
			`{`
			`"RefID": "CVE-2012-4428",`
			`"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2012-4428",`
			`"Source": "CVE"`
			`},`
			`{`
			`"RefID": "CVE-2015-5177",`
			`"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-5177",`
			`"Source": "CVE"`
			`}`
			`],`
			"Description": "This update upgrades openslp to version 2.0.0-alt1. \nSecurity Fix(es):\n\n * BDU:2015-09474: Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2005-0769: Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attackers to have an unknown impact via malformed SLP packets.\n\n * CVE-2010-3609: The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a \"next extension offset\" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.\n\n * CVE-2012-4428: openslp: SLPIntersectStringList()' Function has a DoS vulnerability\n\n * CVE-2015-5177: Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.",
			`"Advisory": {`
			`"From": "errata.altlinux.org",`
			`"Severity": "High",`
ALT Vulnerability 2025-03-03 12:05:02 +00:00			`"Rights": "Copyright 2025 BaseALT Ltd.",`
ALT Vulnerability 2024-06-28 13:17:52 +00:00			`"Issued": {`
			`"Date": "2018-11-28"`
			`},`
			`"Updated": {`
			`"Date": "2018-11-28"`
			`},`
			`"BDUs": [`
			`{`
			`"ID": "BDU:2015-09474",`
			`"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",`
			`"Href": "https://bdu.fstec.ru/vul/2015-09474",`
			`"Impact": "High",`
			`"Public": "20050320"`
			`}`
			`],`
			`"CVEs": [`
			`{`
			`"ID": "CVE-2005-0769",`
			`"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",`
			`"CWE": "NVD-CWE-Other",`
			`"Href": "https://nvd.nist.gov/vuln/detail/CVE-2005-0769",`
			`"Impact": "High",`
			`"Public": "20050502"`
			`},`
			`{`
			`"ID": "CVE-2010-3609",`
			`"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",`
			`"CWE": "NVD-CWE-noinfo",`
			`"Href": "https://nvd.nist.gov/vuln/detail/CVE-2010-3609",`
			`"Impact": "Low",`
			`"Public": "20110311"`
			`},`
			`{`
			`"ID": "CVE-2012-4428",`
			`"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",`
			`"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",`
			`"CWE": "CWE-125",`
			`"Href": "https://nvd.nist.gov/vuln/detail/CVE-2012-4428",`
			`"Impact": "High",`
			`"Public": "20191202"`
			`},`
			`{`
			`"ID": "CVE-2015-5177",`
			`"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",`
			`"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",`
			`"CWE": "CWE-415",`
			`"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-5177",`
			`"Impact": "High",`
			`"Public": "20171022"`
			`}`
			`],`
			`"AffectedCPEs": {`
			`"CPEs": [`
			`"cpe:/o:alt:kworkstation:9",`
			`"cpe:/o:alt:workstation:9",`
			`"cpe:/o:alt:server:9",`
			`"cpe:/o:alt:server-v:9",`
			`"cpe:/o:alt:education:9",`
			`"cpe:/o:alt:slinux:9",`
ALT Vulnerability 2024-12-12 21:07:30 +00:00			`"cpe:/o:alt:starterkit:p9"`
ALT Vulnerability 2024-06-28 13:17:52 +00:00			`]`
			`}`
			`}`
			`},`
			`"Criteria": {`
			`"Operator": "AND",`
			`"Criterions": [`
			`{`
			`"TestRef": "oval:org.altlinux.errata:tst:1001",`
			`"Comment": "ALT Linux must be installed"`
			`}`
			`],`
			`"Criterias": [`
			`{`
			`"Operator": "OR",`
			`"Criterions": [`
			`{`
			`"TestRef": "oval:org.altlinux.errata:tst:20182713001",`
			`"Comment": "libopenslp is earlier than 0:2.0.0-alt1"`
			`},`
			`{`
			`"TestRef": "oval:org.altlinux.errata:tst:20182713002",`
			`"Comment": "libopenslp-devel is earlier than 0:2.0.0-alt1"`
			`},`
			`{`
			`"TestRef": "oval:org.altlinux.errata:tst:20182713003",`
			`"Comment": "openslp is earlier than 0:2.0.0-alt1"`
			`},`
			`{`
			`"TestRef": "oval:org.altlinux.errata:tst:20182713004",`
			`"Comment": "openslp-daemon is earlier than 0:2.0.0-alt1"`
			`},`
			`{`
			`"TestRef": "oval:org.altlinux.errata:tst:20182713005",`
			`"Comment": "openslp-doc is earlier than 0:2.0.0-alt1"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`