pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2dae4da41e
vuln-list-alt/oval/c10f1/ALT-PU-2014-1209/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

127 lines
5.0 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20141209",
"Version": "oval:org.altlinux.errata:def:20141209",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2014-1209: package `nss` update to version 3.15.4-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2014-1209",
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-1209",
"Source": "ALTPU"
},
{
"RefID": "CVE-2013-1740",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1740",
"Source": "CVE"
},
{
"RefID": "CVE-2014-1490",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-1490",
"Source": "CVE"
},
{
"RefID": "CVE-2014-1491",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-1491",
"Source": "CVE"
}
],
"Description": "This update upgrades nss to version 3.15.4-alt1. \nSecurity Fix(es):\n\n * CVE-2013-1740: The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.\n\n * CVE-2014-1490: Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.\n\n * CVE-2014-1491: Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2014-02-19"
},
"Updated": {
"Date": "2014-02-19"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2013-1740",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"CWE": "CWE-310",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-1740",
"Impact": "Low",
"Public": "20140118"
},
{
"ID": "CVE-2014-1490",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-1490",
"Impact": "Critical",
"Public": "20140206"
},
{
"ID": "CVE-2014-1491",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CWE": "CWE-326",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-1491",
"Impact": "Low",
"Public": "20140206"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20141209001",
"Comment": "libnss is earlier than 0:3.15.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141209002",
"Comment": "libnss-devel is earlier than 0:3.15.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141209003",
"Comment": "libnss-devel-static is earlier than 0:3.15.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141209004",
"Comment": "libnss-sysinit is earlier than 0:3.15.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141209005",
"Comment": "nss-utils is earlier than 0:3.15.4-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink