vuln-list-alt/oval/c9f2/ALT-PU-2020-1324/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20201324",
      "Version": "oval:org.altlinux.errata:def:20201324",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2020-1324: package `mariadb` update to version 10.4.12-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c9f2"
            ],
            "Products": [
              "ALT SPWorkstation",
              "ALT SPServer"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2020-1324",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2020-1324",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2020-00431",
            "RefURL": "https://bdu.fstec.ru/vul/2020-00431",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2021-05136",
            "RefURL": "https://bdu.fstec.ru/vul/2021-05136",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2020-2574",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-2574",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2020-7221",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-7221",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades mariadb to version 10.4.12-alt1. \nSecurity Fix(es):\n\n * BDU:2020-00431: Уязвимость компонента C API системы управления базами данных MySQL Client, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-05136: Уязвимость функции mysql_install_db системы управления базами данных MariaDB, связанная с некорректным определением ссылки перед доступом к файлу, позволяющая нарушителю повысить свои привилегии\n\n * CVE-2020-2574: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2020-7221: mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2020-02-21"
          },
          "Updated": {
            "Date": "2020-02-21"
          },
          "BDUs": [
            {
              "ID": "BDU:2020-00431",
              "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
              "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-404",
              "Href": "https://bdu.fstec.ru/vul/2020-00431",
              "Impact": "Low",
              "Public": "20200114"
            },
            {
              "ID": "BDU:2021-05136",
              "CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
              "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-59",
              "Href": "https://bdu.fstec.ru/vul/2021-05136",
              "Impact": "High",
              "Public": "20200204"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2020-2574",
              "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
              "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "NVD-CWE-noinfo",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-2574",
              "Impact": "Low",
              "Public": "20200115"
            },
            {
              "ID": "CVE-2020-7221",
              "CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-59",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-7221",
              "Impact": "High",
              "Public": "20200204"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:8.4",
              "cpe:/o:alt:spserver:8.4"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324001",
                "Comment": "libmariadb-devel is earlier than 0:10.4.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324002",
                "Comment": "libmariadb3 is earlier than 0:10.4.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324003",
                "Comment": "libmariadbd-devel is earlier than 0:10.4.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324004",
                "Comment": "libmariadbd19 is earlier than 0:10.4.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324005",
                "Comment": "mariadb is earlier than 0:10.4.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324006",
                "Comment": "mariadb-backup is earlier than 0:10.4.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324007",
                "Comment": "mariadb-bench is earlier than 0:10.4.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324008",
                "Comment": "mariadb-client is earlier than 0:10.4.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324009",
                "Comment": "mariadb-common is earlier than 0:10.4.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324010",
                "Comment": "mariadb-connect-engine is earlier than 0:10.4.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324011",
                "Comment": "mariadb-cracklib-password-check is earlier than 0:10.4.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324012",
                "Comment": "mariadb-gssapi-server is earlier than 0:10.4.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324013",
                "Comment": "mariadb-oqgraph-engine is earlier than 0:10.4.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324014",
                "Comment": "mariadb-rocksdb-engine is earlier than 0:10.4.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324015",
                "Comment": "mariadb-server is earlier than 0:10.4.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324016",
                "Comment": "mariadb-server-control is earlier than 0:10.4.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324017",
                "Comment": "mariadb-server-galera is earlier than 0:10.4.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324018",
                "Comment": "mariadb-server-perl is earlier than 0:10.4.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201324019",
                "Comment": "mariadb-sphinx-engine is earlier than 0:10.4.12-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}