121 lines
4.5 KiB
JSON
121 lines
4.5 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20246631",
|
|
"Version": "oval:org.altlinux.errata:def:20246631",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2024-6631: package `guacamole` update to version 1.5.4-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c10f2"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2024-6631",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-6631",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2023-43826",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-43826",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades guacamole to version 1.5.4-alt1. \nSecurity Fix(es):\n\n * CVE-2023-43826: Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.\n\nUsers are recommended to upgrade to version 1.5.4, which fixes this issue.\n\n",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2024-04-17"
|
|
},
|
|
"Updated": {
|
|
"Date": "2024-04-17"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2023-43826",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-190",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-43826",
|
|
"Impact": "High",
|
|
"Public": "20231219"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:10",
|
|
"cpe:/o:alt:spserver:10"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:5001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246631001",
|
|
"Comment": "guacamole-auth-duo is earlier than 0:1.5.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246631002",
|
|
"Comment": "guacamole-auth-header is earlier than 0:1.5.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246631003",
|
|
"Comment": "guacamole-auth-jdbc-mysql is earlier than 0:1.5.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246631004",
|
|
"Comment": "guacamole-auth-jdbc-postgresql is earlier than 0:1.5.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246631005",
|
|
"Comment": "guacamole-auth-jdbc-sqlserver is earlier than 0:1.5.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246631006",
|
|
"Comment": "guacamole-auth-json is earlier than 0:1.5.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246631007",
|
|
"Comment": "guacamole-auth-ldap is earlier than 0:1.5.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246631008",
|
|
"Comment": "guacamole-auth-quickconnect is earlier than 0:1.5.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246631009",
|
|
"Comment": "guacamole-auth-sso is earlier than 0:1.5.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246631010",
|
|
"Comment": "guacamole-auth-totp is earlier than 0:1.5.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20246631011",
|
|
"Comment": "guacamole-client is earlier than 0:1.5.4-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |