pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b6ebe67160
vuln-list-alt/oval/c10f2/ALT-PU-2024-3395/definitions.json

167 lines
7.2 KiB
JSON
Raw Normal View History

ALT Vulnerability
2024-03-07 18:02:26 +03:00
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20243395",
"Version": "oval:org.altlinux.errata:def:20243395",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-3395: package `tigervnc` update to version 1.13.1-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-3395",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-3395",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-05229",
"RefURL": "https://bdu.fstec.ru/vul/2021-05229",
"Source": "BDU"
},
{
"RefID": "BDU:2024-00638",
"RefURL": "https://bdu.fstec.ru/vul/2024-00638",
"Source": "BDU"
},
{
"RefID": "BDU:2024-00639",
"RefURL": "https://bdu.fstec.ru/vul/2024-00639",
"Source": "BDU"
},
{
"RefID": "CVE-2020-26117",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-26117",
"Source": "CVE"
},
{
"RefID": "CVE-2024-0408",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-0408",
"Source": "CVE"
},
{
"RefID": "CVE-2024-0409",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-0409",
"Source": "CVE"
}
],
"Description": "This update upgrades tigervnc to version 1.13.1-alt2. \nSecurity Fix(es):\n\n * BDU:2021-05229: Уязвимость программного обеспечения для реализации VNC TigerVNC, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность\n\n * BDU:2024-00638: Уязвимость компонента GLX PBuffer Handler реализации сервера X Window System X.Org Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-00639: Уязвимость компонента Privates Handler реализации сервера X Window System X.Org Server, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2020-26117: In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.\n\n * CVE-2024-0408: A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.\n\n * CVE-2024-0409: A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-03-07"
},
"Updated": {
"Date": "2024-03-07"
},
"bdu": [
{
"Cvss": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"Cvss3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"Cwe": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2021-05229",
"Impact": "High",
"Public": "20200928",
"CveID": "BDU:2021-05229"
},
{
"Cvss": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"Cvss3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-158",
"Href": "https://bdu.fstec.ru/vul/2024-00638",
"Impact": "Low",
"Public": "20240116",
"CveID": "BDU:2024-00638"
},
{
"Cvss": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"Cvss3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2024-00639",
"Impact": "High",
"Public": "20240116",
"CveID": "BDU:2024-00639"
}
],
"Cves": [
{
"Cvss": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"Cwe": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-26117",
"Impact": "High",
"Public": "20200927",
"CveID": "CVE-2020-26117"
},
{
"Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-0408",
"Impact": "Low",
"Public": "20240118",
"CveID": "CVE-2024-0408"
},
{
"Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-0409",
"Impact": "High",
"Public": "20240118",
"CveID": "CVE-2024-0409"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20243395001",
"Comment": "tigervnc is earlier than 0:1.13.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20243395002",
"Comment": "tigervnc-common is earlier than 0:1.13.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20243395003",
"Comment": "tigervnc-pam is earlier than 0:1.13.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20243395004",
"Comment": "tigervnc-server is earlier than 0:1.13.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20243395005",
"Comment": "xorg-extension-vnc is earlier than 0:1.13.1-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue Copy Permalink