122 lines
4.2 KiB
JSON
122 lines
4.2 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20151923",
|
|
"Version": "oval:org.altlinux.errata:def:20151923",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2015-1923: package `pacemaker` update to version 1.1.13-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c10f1"
|
|
],
|
|
"Products": [
|
|
"ALT SP Workstation",
|
|
"ALT SP Server"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2015-1923",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2015-1923",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2013-0281",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-0281",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2015-1867",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-1867",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades pacemaker to version 1.1.13-alt1. \nSecurity Fix(es):\n\n * CVE-2013-0281: Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking).\n\n * CVE-2015-1867: Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2015-10-23"
|
|
},
|
|
"Updated": {
|
|
"Date": "2015-10-23"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2013-0281",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
|
"CWE": "CWE-399",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-0281",
|
|
"Impact": "Low",
|
|
"Public": "20131123"
|
|
},
|
|
{
|
|
"ID": "CVE-2015-1867",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"CWE": "CWE-264",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-1867",
|
|
"Impact": "High",
|
|
"Public": "20150812"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:10",
|
|
"cpe:/o:alt:spserver:10"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:5001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151923001",
|
|
"Comment": "libpacemaker is earlier than 0:1.1.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151923002",
|
|
"Comment": "libpacemaker-devel is earlier than 0:1.1.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151923003",
|
|
"Comment": "pacemaker is earlier than 0:1.1.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151923004",
|
|
"Comment": "pacemaker-cli is earlier than 0:1.1.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151923005",
|
|
"Comment": "pacemaker-cts is earlier than 0:1.1.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151923006",
|
|
"Comment": "pacemaker-doc is earlier than 0:1.1.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151923007",
|
|
"Comment": "pacemaker-remote is earlier than 0:1.1.13-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |