131 lines
4.7 KiB
JSON
131 lines
4.7 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20151896",
|
|
"Version": "oval:org.altlinux.errata:def:20151896",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2015-1896: package `ceph` update to version 0.94.4-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c10f1"
|
|
],
|
|
"Products": [
|
|
"ALT SP Workstation",
|
|
"ALT SP Server"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2015-1896",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2015-1896",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2015-5245",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-5245",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2016-8626",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8626",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades ceph to version 0.94.4-alt1. \nSecurity Fix(es):\n\n * CVE-2015-5245: CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.\n\n * CVE-2016-8626: A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Low",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2015-10-20"
|
|
},
|
|
"Updated": {
|
|
"Date": "2015-10-20"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2015-5245",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"CWE": "NVD-CWE-Other",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-5245",
|
|
"Impact": "Low",
|
|
"Public": "20151203"
|
|
},
|
|
{
|
|
"ID": "CVE-2016-8626",
|
|
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "CWE-20",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-8626",
|
|
"Impact": "Low",
|
|
"Public": "20180731"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:10",
|
|
"cpe:/o:alt:spserver:10"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:5001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151896001",
|
|
"Comment": "ceph is earlier than 0:0.94.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151896002",
|
|
"Comment": "ceph-devel is earlier than 0:0.94.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151896003",
|
|
"Comment": "ceph-fuse is earlier than 0:0.94.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151896004",
|
|
"Comment": "ceph-radosgw is earlier than 0:0.94.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151896005",
|
|
"Comment": "ceph-resource-agents is earlier than 0:0.94.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151896006",
|
|
"Comment": "libcephfs1 is earlier than 0:0.94.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151896007",
|
|
"Comment": "librados2 is earlier than 0:0.94.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151896008",
|
|
"Comment": "librbd1 is earlier than 0:0.94.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151896009",
|
|
"Comment": "python-module-ceph is earlier than 0:0.94.4-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |