vuln-list-alt/oval/c9f2/ALT-PU-2021-3565/definitions.json
2024-12-12 21:07:30 +00:00

178 lines
7.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20213565",
"Version": "oval:org.altlinux.errata:def:20213565",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-3565: package `postgresql9.6` update to version 9.6.24-alt0.M90P.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-3565",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-3565",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-05535",
"RefURL": "https://bdu.fstec.ru/vul/2021-05535",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05857",
"RefURL": "https://bdu.fstec.ru/vul/2021-05857",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05996",
"RefURL": "https://bdu.fstec.ru/vul/2021-05996",
"Source": "BDU"
},
{
"RefID": "CVE-2021-23214",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-23214",
"Source": "CVE"
},
{
"RefID": "CVE-2021-23222",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-23222",
"Source": "CVE"
},
{
"RefID": "CVE-2021-43767",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-43767",
"Source": "CVE"
}
],
"Description": "This update upgrades postgresql9.6 to version 9.6.24-alt0.M90P.1. \nSecurity Fix(es):\n\n * BDU:2021-05535: Уязвимость библиотеки libpq системы управления базами данных PostgreSQL, позволяющая нарушителю реализовать атаку типа «человек посередине»\n\n * BDU:2021-05857: Уязвимость системы управления базами данных PostgreSQL, связанная с непринятием мер по шифрованию защищаемых данных, позволяющая нарушителю реализовать атаку типа «человек посередине»\n\n * BDU:2021-05996: Уязвимость системы управления базами данных PostgreSQL, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2021-23214: When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.\n\n * CVE-2021-23222: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.\n\n * CVE-2021-43767: Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-12-20"
},
"Updated": {
"Date": "2021-12-20"
},
"BDUs": [
{
"ID": "BDU:2021-05535",
"CVSS": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-522",
"Href": "https://bdu.fstec.ru/vul/2021-05535",
"Impact": "Low",
"Public": "20211111"
},
{
"ID": "BDU:2021-05857",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-311",
"Href": "https://bdu.fstec.ru/vul/2021-05857",
"Impact": "High",
"Public": "20211111"
},
{
"ID": "BDU:2021-05996",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-89",
"Href": "https://bdu.fstec.ru/vul/2021-05996",
"Impact": "High",
"Public": "20211111"
}
],
"CVEs": [
{
"ID": "CVE-2021-23214",
"CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-23214",
"Impact": "High",
"Public": "20220304"
},
{
"ID": "CVE-2021-23222",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-23222",
"Impact": "Low",
"Public": "20220302"
},
{
"ID": "CVE-2021-43767",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-43767",
"Impact": "Low",
"Public": "20220825"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20213565001",
"Comment": "postgresql9.6 is earlier than 0:9.6.24-alt0.M90P.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213565002",
"Comment": "postgresql9.6-contrib is earlier than 0:9.6.24-alt0.M90P.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213565003",
"Comment": "postgresql9.6-docs is earlier than 0:9.6.24-alt0.M90P.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213565004",
"Comment": "postgresql9.6-perl is earlier than 0:9.6.24-alt0.M90P.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213565005",
"Comment": "postgresql9.6-python is earlier than 0:9.6.24-alt0.M90P.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213565006",
"Comment": "postgresql9.6-server is earlier than 0:9.6.24-alt0.M90P.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213565007",
"Comment": "postgresql9.6-tcl is earlier than 0:9.6.24-alt0.M90P.1"
}
]
}
]
}
}
]
}