pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-02-02 09:02:41 +00:00
parent 2609b8e82d
commit fc67b12066
16 changed files with 733 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
oval/c10f1/ALT-PU-2024-1610/definitions.json Normal file
View File

@ -0,0 +1,113 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241610",
"Version": "oval:org.altlinux.errata:def:20241610",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1610: package `libdnf` update to version 0.65.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1610",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1610",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-04884",
"RefURL": "https://bdu.fstec.ru/vul/2021-04884",
"Source": "BDU"
},
{
"RefID": "CVE-2021-3445",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3445",
"Source": "CVE"
}
],
"Description": "This update upgrades libdnf to version 0.65.0-alt1. \nSecurity Fix(es):\n\n * BDU:2021-04884: Уязвимость библиотеки менеджера пакета libdnf, связанная с некорректным подтверждением криптографической подписи данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2021-3445: A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-02-02"
},
"Updated": {
"Date": "2024-02-02"
},
"bdu": [
{
"Cvss": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"Cvss3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-347",
"Href": "https://bdu.fstec.ru/vul/2021-04884",
"Impact": "High",
"Public": "20210412",
"CveID": "BDU:2021-04884"
}
],
"Cves": [
{
"Cvss": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-347",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3445",
"Impact": "High",
"Public": "20210519",
"CveID": "CVE-2021-3445"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241610001",
"Comment": "libdnf is earlier than 0:0.65.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241610002",
"Comment": "libdnf-devel is earlier than 0:0.65.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241610003",
"Comment": "python3-module-hawkey is earlier than 0:0.65.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241610004",
"Comment": "python3-module-libdnf is earlier than 0:0.65.0-alt1"
}
]
}
]
}
}
]
}

52
oval/c10f1/ALT-PU-2024-1610/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241610001",
"Version": "1",
"comment": "libdnf is installed",
"Name": "libdnf"
},
{
"ID": "oval:org.altlinux.errata:obj:20241610002",
"Version": "1",
"comment": "libdnf-devel is installed",
"Name": "libdnf-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20241610003",
"Version": "1",
"comment": "python3-module-hawkey is installed",
"Name": "python3-module-hawkey"
},
{
"ID": "oval:org.altlinux.errata:obj:20241610004",
"Version": "1",
"comment": "python3-module-libdnf is installed",
"Name": "python3-module-libdnf"
}
]
}

23
oval/c10f1/ALT-PU-2024-1610/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241610001",
"Version": "1",
"Comment": "package EVR is earlier than 0:0.65.0-alt1",
"Arch": {},
"Evr": {
"Text": "0:0.65.0-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/c10f1/ALT-PU-2024-1610/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241610001",
"Version": "1",
"Check": "all",
"Comment": "libdnf is earlier than 0:0.65.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241610001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241610001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241610002",
"Version": "1",
"Check": "all",
"Comment": "libdnf-devel is earlier than 0:0.65.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241610002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241610001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241610003",
"Version": "1",
"Check": "all",
"Comment": "python3-module-hawkey is earlier than 0:0.65.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241610003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241610001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241610004",
"Version": "1",
"Check": "all",
"Comment": "python3-module-libdnf is earlier than 0:0.65.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241610004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241610001"
}
}
]
}

139
oval/c10f1/ALT-PU-2024-1683/definitions.json Normal file
View File

@ -0,0 +1,139 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241683",
"Version": "oval:org.altlinux.errata:def:20241683",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1683: package `wireshark` update to version 4.0.11-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1683",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1683",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-06834",
"RefURL": "https://bdu.fstec.ru/vul/2023-06834",
"Source": "BDU"
},
{
"RefID": "BDU:2023-08355",
"RefURL": "https://bdu.fstec.ru/vul/2023-08355",
"Source": "BDU"
},
{
"RefID": "CVE-2023-5371",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-5371",
"Source": "CVE"
},
{
"RefID": "CVE-2023-6174",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-6174",
"Source": "CVE"
}
],
"Description": "This update upgrades wireshark to version 4.0.11-alt1. \nSecurity Fix(es):\n\n * BDU:2023-06834: Уязвимость диссектора RTPS анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-08355: Уязвимость SSH-диссектора анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-5371: RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file\n\n * CVE-2023-6174: SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-02-02"
},
"Updated": {
"Date": "2024-02-02"
},
"bdu": [
{
"Cvss": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"Cvss3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-770, CWE-789",
"Href": "https://bdu.fstec.ru/vul/2023-06834",
"Impact": "High",
"Public": "20231004",
"CveID": "BDU:2023-06834"
},
{
"Cvss": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"Cwe": "CWE-74, CWE-125",
"Href": "https://bdu.fstec.ru/vul/2023-08355",
"Impact": "Low",
"Public": "20231002",
"CveID": "BDU:2023-08355"
}
],
"Cves": [
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"Cwe": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-5371",
"Impact": "Low",
"Public": "20231004",
"CveID": "CVE-2023-5371"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"Cwe": "CWE-74",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-6174",
"Impact": "Low",
"Public": "20231116",
"CveID": "CVE-2023-6174"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241683001",
"Comment": "tshark is earlier than 0:4.0.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241683002",
"Comment": "wireshark-base is earlier than 0:4.0.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241683003",
"Comment": "wireshark-devel is earlier than 0:4.0.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241683004",
"Comment": "wireshark-qt5 is earlier than 0:4.0.11-alt1"
}
]
}
]
}
}
]
}

52
oval/c10f1/ALT-PU-2024-1683/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241683001",
"Version": "1",
"comment": "tshark is installed",
"Name": "tshark"
},
{
"ID": "oval:org.altlinux.errata:obj:20241683002",
"Version": "1",
"comment": "wireshark-base is installed",
"Name": "wireshark-base"
},
{
"ID": "oval:org.altlinux.errata:obj:20241683003",
"Version": "1",
"comment": "wireshark-devel is installed",
"Name": "wireshark-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20241683004",
"Version": "1",
"comment": "wireshark-qt5 is installed",
"Name": "wireshark-qt5"
}
]
}

23
oval/c10f1/ALT-PU-2024-1683/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241683001",
"Version": "1",
"Comment": "package EVR is earlier than 0:4.0.11-alt1",
"Arch": {},
"Evr": {
"Text": "0:4.0.11-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/c10f1/ALT-PU-2024-1683/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241683001",
"Version": "1",
"Check": "all",
"Comment": "tshark is earlier than 0:4.0.11-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241683001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241683002",
"Version": "1",
"Check": "all",
"Comment": "wireshark-base is earlier than 0:4.0.11-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241683002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241683003",
"Version": "1",
"Check": "all",
"Comment": "wireshark-devel is earlier than 0:4.0.11-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241683003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241683004",
"Version": "1",
"Check": "all",
"Comment": "wireshark-qt5 is earlier than 0:4.0.11-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241683004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241683001"
}
}
]
}

6
oval/c10f2/ALT-PU-2024-1227/definitions.json
View File

@ -29,7 +29,7 @@
"Description": "This update upgrades freeswitch to version 1.10.11-alt1. \nSecurity Fix(es):\n\n * CVE-2023-51443: FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. If an attacker manages to send a ClientHello DTLS message with an invalid CipherSuite (such as `TLS_NULL_WITH_NULL_NULL`) to the port on the FreeSWITCH server that is expecting packets from the caller, a DTLS error is generated. This results in the media session being torn down, which is followed by teardown at signaling (SIP) level too. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable FreeSWITCH servers for calls that rely on DTLS-SRTP. To address this vulnerability, upgrade FreeSWITCH to 1.10.11 which includes the security fix. The solution implemented is to drop all packets from addresses that have not been validated by an ICE check.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Severity": "Low",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-01-23"
@ -40,10 +40,10 @@
"bdu": null,
"Cves": [
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cvss3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-703",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-51443",
"Impact": "High",
"Impact": "Low",
"Public": "20231227",
"CveID": "CVE-2023-51443"
}

85
oval/c10f2/ALT-PU-2024-1570/definitions.json Normal file
View File

@ -0,0 +1,85 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241570",
"Version": "oval:org.altlinux.errata:def:20241570",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1570: package `libebml` update to version 1.4.5-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1570",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1570",
"Source": "ALTPU"
},
{
"RefID": "CVE-2023-52339",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-52339",
"Source": "CVE"
}
],
"Description": "This update upgrades libebml to version 1.4.5-alt1. \nSecurity Fix(es):\n\n * CVE-2023-52339: In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-02-02"
},
"Updated": {
"Date": "2024-02-02"
},
"bdu": null,
"Cves": [
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"Cwe": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-52339",
"Impact": "Low",
"Public": "20240112",
"CveID": "CVE-2023-52339"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241570001",
"Comment": "libebml is earlier than 0:1.4.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241570002",
"Comment": "libebml-devel is earlier than 0:1.4.5-alt1"
}
]
}
]
}
}
]
}

40
oval/c10f2/ALT-PU-2024-1570/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241570001",
"Version": "1",
"comment": "libebml is installed",
"Name": "libebml"
},
{
"ID": "oval:org.altlinux.errata:obj:20241570002",
"Version": "1",
"comment": "libebml-devel is installed",
"Name": "libebml-devel"
}
]
}

23
oval/c10f2/ALT-PU-2024-1570/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241570001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.4.5-alt1",
"Arch": {},
"Evr": {
"Text": "0:1.4.5-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/c10f2/ALT-PU-2024-1570/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241570001",
"Version": "1",
"Check": "all",
"Comment": "libebml is earlier than 0:1.4.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241570001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241570001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241570002",
"Version": "1",
"Check": "all",
"Comment": "libebml-devel is earlier than 0:1.4.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241570002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241570001"
}
}
]
}

3
oval/p10/ALT-PU-2023-1903/definitions.json
View File

@ -40742,7 +40742,8 @@
},
{
"Cvss": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"Cwe": "NVD-CWE-Other",
"Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"Cwe": "CWE-193",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2001-1391",
"Impact": "Low",
"Public": "20010417",

6
oval/p10/ALT-PU-2024-1184/definitions.json
View File

@ -38,7 +38,7 @@
"Description": "This update upgrades freeswitch to version 1.10.11-alt1. \nSecurity Fix(es):\n\n * CVE-2023-51443: FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. If an attacker manages to send a ClientHello DTLS message with an invalid CipherSuite (such as `TLS_NULL_WITH_NULL_NULL`) to the port on the FreeSWITCH server that is expecting packets from the caller, a DTLS error is generated. This results in the media session being torn down, which is followed by teardown at signaling (SIP) level too. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable FreeSWITCH servers for calls that rely on DTLS-SRTP. To address this vulnerability, upgrade FreeSWITCH to 1.10.11 which includes the security fix. The solution implemented is to drop all packets from addresses that have not been validated by an ICE check.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Severity": "Low",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-01-22"
@ -49,10 +49,10 @@
"bdu": null,
"Cves": [
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cvss3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-703",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-51443",
"Impact": "High",
"Impact": "Low",
"Public": "20231227",
"CveID": "CVE-2023-51443"
}

2
oval/p9/ALT-PU-2020-3140/definitions.json
View File

@ -267,7 +267,7 @@
{
"Cvss": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"Cwe": "CWE-444",
"Cwe": "CWE-697",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-15811",
"Impact": "Low",
"Public": "20200902",