pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2019-1312/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

291 lines
12 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20191312",
"Version": "oval:org.altlinux.errata:def:20191312",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-1312: package `ceph` update to version 13.2.4-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-1312",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-1312",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-01537",
"RefURL": "https://bdu.fstec.ru/vul/2020-01537",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01538",
"RefURL": "https://bdu.fstec.ru/vul/2020-01538",
"Source": "BDU"
},
{
"RefID": "CVE-2018-1128",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1128",
"Source": "CVE"
},
{
"RefID": "CVE-2018-14662",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14662",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16846",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16846",
"Source": "CVE"
}
],
"Description": "This update upgrades ceph to version 13.2.4-alt1. \nSecurity Fix(es):\n\n * BDU:2020-01537: Уязвимость системы хранения данных Ceph, связанная с ошибкой процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к ключам шифрования dm-crypt\n\n * BDU:2020-01538: Уязвимость системы хранения данных Ceph, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.\n\n * CVE-2018-14662: It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.\n\n * CVE-2018-16846: It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-02-25"
},
"Updated": {
"Date": "2019-02-25"
},
"BDUs": [
{
"ID": "BDU:2020-01537",
"CVSS": "AV:A/AC:L/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-285, CWE-732",
"Href": "https://bdu.fstec.ru/vul/2020-01537",
"Impact": "Low",
"Public": "20190107"
},
{
"ID": "BDU:2020-01538",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2020-01538",
"Impact": "Low",
"Public": "20190107"
}
],
"CVEs": [
{
"ID": "CVE-2018-1128",
"CVSS": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-287",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1128",
"Impact": "High",
"Public": "20180710"
},
{
"ID": "CVE-2018-14662",
"CVSS": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-285",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14662",
"Impact": "Low",
"Public": "20190115"
},
{
"ID": "CVE-2018-16846",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16846",
"Impact": "Low",
"Public": "20190115"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20191312001",
"Comment": "ceph is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312002",
"Comment": "ceph-base is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312003",
"Comment": "ceph-common is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312004",
"Comment": "ceph-devel is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312005",
"Comment": "ceph-fuse is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312006",
"Comment": "ceph-mds is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312007",
"Comment": "ceph-mgr is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312008",
"Comment": "ceph-mgr-dashboard is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312009",
"Comment": "ceph-mgr-influx is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312010",
"Comment": "ceph-mgr-prometheus is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312011",
"Comment": "ceph-mgr-telegraf is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312012",
"Comment": "ceph-mgr-zabbix is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312013",
"Comment": "ceph-mon is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312014",
"Comment": "ceph-osd is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312015",
"Comment": "ceph-radosgw is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312016",
"Comment": "ceph-resource-agents is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312017",
"Comment": "libcephfs2 is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312018",
"Comment": "libcephfs2-devel is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312019",
"Comment": "librados2 is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312020",
"Comment": "librados2-devel is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312021",
"Comment": "libradosstriper1 is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312022",
"Comment": "libradosstriper1-devel is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312023",
"Comment": "librbd1 is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312024",
"Comment": "librbd1-devel is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312025",
"Comment": "librgw2 is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312026",
"Comment": "librgw2-devel is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312027",
"Comment": "python3-module-ceph is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312028",
"Comment": "python3-module-ceph-argparse is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312029",
"Comment": "python3-module-ceph_detect_init is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312030",
"Comment": "python3-module-ceph_disk is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312031",
"Comment": "python3-module-ceph_volume is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312032",
"Comment": "python3-module-cephfs is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312033",
"Comment": "python3-module-rados is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312034",
"Comment": "python3-module-rbd is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312035",
"Comment": "python3-module-rgw is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312036",
"Comment": "rbd-fuse is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312037",
"Comment": "rbd-mirror is earlier than 0:13.2.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191312038",
"Comment": "rbd-nbd is earlier than 0:13.2.4-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink