pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0f9ca6c802
vuln-list-alt/oval/c10f2/ALT-PU-2024-4495/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

220 lines
9.4 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20244495",
"Version": "oval:org.altlinux.errata:def:20244495",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-4495: package `sssd` update to version 2.9.4-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-4495",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-4495",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-00665",
"RefURL": "https://bdu.fstec.ru/vul/2023-00665",
"Source": "BDU"
},
{
"RefID": "CVE-2023-0286",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286",
"Source": "CVE"
}
],
"Description": "This update upgrades sssd to version 2.9.4-alt1. \nSecurity Fix(es):\n\n * BDU:2023-00665: Уязвимость функции GENERAL_NAME_cmp библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-0286: There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.\n\n",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-03-31"
},
"Updated": {
"Date": "2024-03-31"
},
"BDUs": [
{
"ID": "BDU:2023-00665",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-704",
"Href": "https://bdu.fstec.ru/vul/2023-00665",
"Impact": "High",
"Public": "20230207"
}
],
"CVEs": [
{
"ID": "CVE-2023-0286",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-843",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286",
"Impact": "High",
"Public": "20230208"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20244495001",
"Comment": "libipa_hbac is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495002",
"Comment": "libipa_hbac-devel is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495003",
"Comment": "libsss_autofs is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495004",
"Comment": "libsss_certmap is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495005",
"Comment": "libsss_certmap-devel is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495006",
"Comment": "libsss_idmap is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495007",
"Comment": "libsss_idmap-devel is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495008",
"Comment": "libsss_nss_idmap is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495009",
"Comment": "libsss_nss_idmap-devel is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495010",
"Comment": "libsss_sudo is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495011",
"Comment": "python3-module-ipa_hbac is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495012",
"Comment": "python3-module-sss is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495013",
"Comment": "python3-module-sss-murmur is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495014",
"Comment": "python3-module-sss_nss_idmap is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495015",
"Comment": "python3-module-sssd is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495016",
"Comment": "python3-module-sssdconfig is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495017",
"Comment": "sssd is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495018",
"Comment": "sssd-ad is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495019",
"Comment": "sssd-client is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495020",
"Comment": "sssd-dbus is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495021",
"Comment": "sssd-idp is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495022",
"Comment": "sssd-ipa is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495023",
"Comment": "sssd-kcm is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495024",
"Comment": "sssd-krb5 is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495025",
"Comment": "sssd-krb5-common is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495026",
"Comment": "sssd-ldap is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495027",
"Comment": "sssd-nfs-idmap is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495028",
"Comment": "sssd-pac is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495029",
"Comment": "sssd-passkey is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495030",
"Comment": "sssd-proxy is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495031",
"Comment": "sssd-tools is earlier than 0:2.9.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244495032",
"Comment": "sssd-winbind-idmap is earlier than 0:2.9.4-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink