362 lines
18 KiB
JSON
362 lines
18 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20211547",
|
|
"Version": "oval:org.altlinux.errata:def:20211547",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2021-1547: package `libldb` update to version 2.2.1-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c10f1"
|
|
],
|
|
"Products": [
|
|
"ALT SP Workstation",
|
|
"ALT SP Server"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2021-1547",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1547",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-04793",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-04793",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-07553",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-07553",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-07575",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-07575",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-07580",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-07580",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-07588",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-07588",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-08214",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-08214",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-08215",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-08215",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-08216",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-08216",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-08217",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-08217",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-08218",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-08218",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-08219",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-08219",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-08220",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-08220",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-08221",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-08221",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-09613",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-09613",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2001-1162",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2001-1162",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2003-0085",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2003-0085",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2003-0086",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2003-0086",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2003-0196",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2003-0196",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2003-0201",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2003-0201",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2004-0815",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2004-0815",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2004-1154",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2004-1154",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2007-6015",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2007-6015",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades libldb to version 2.2.1-alt1. \nSecurity Fix(es):\n\n * BDU:2015-04793: Уязвимость операционной системы openSUSE, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-07553: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-07575: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-07580: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-07588: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08214: Уязвимости операционной системы Red Hat Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08215: Уязвимости операционной системы Red Hat Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08216: Уязвимости операционной системы Red Hat Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08217: Уязвимости операционной системы Red Hat Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08218: Уязвимости операционной системы Red Hat Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08219: Уязвимости операционной системы Red Hat Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08220: Уязвимости операционной системы Red Hat Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-08221: Уязвимости операционной системы Red Hat Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09613: Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2001-1162: Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.\n\n * CVE-2003-0085: Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.\n\n * CVE-2003-0086: The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.\n\n * CVE-2003-0196: Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.\n\n * CVE-2003-0201: Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.\n\n * CVE-2004-0815: The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via \"/.////\" style sequences in pathnames.\n\n * CVE-2004-1154: Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.\n\n * CVE-2007-6015: Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the \"domain logons\" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Critical",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2021-03-25"
|
|
},
|
|
"Updated": {
|
|
"Date": "2021-03-25"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2015-04793",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-04793",
|
|
"Impact": "Critical",
|
|
"Public": "20030505"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-07553",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-07553",
|
|
"Impact": "Critical",
|
|
"Public": "20050105"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-07575",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-07575",
|
|
"Impact": "Critical",
|
|
"Public": "20050105"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-07580",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-07580",
|
|
"Impact": "Critical",
|
|
"Public": "20050105"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-07588",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-07588",
|
|
"Impact": "Critical",
|
|
"Public": "20050105"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-08214",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-08214",
|
|
"Impact": "Critical",
|
|
"Public": "20030408"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-08215",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-08215",
|
|
"Impact": "Critical",
|
|
"Public": "20030408"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-08216",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-08216",
|
|
"Impact": "Critical",
|
|
"Public": "20030408"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-08217",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-08217",
|
|
"Impact": "Critical",
|
|
"Public": "20030408"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-08218",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-08218",
|
|
"Impact": "Critical",
|
|
"Public": "20030408"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-08219",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-08219",
|
|
"Impact": "Critical",
|
|
"Public": "20030408"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-08220",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-08220",
|
|
"Impact": "Critical",
|
|
"Public": "20030408"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-08221",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-08221",
|
|
"Impact": "Critical",
|
|
"Public": "20030408"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-09613",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-09613",
|
|
"Impact": "Critical",
|
|
"Public": "20071210"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2001-1162",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "NVD-CWE-Other",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2001-1162",
|
|
"Impact": "Critical",
|
|
"Public": "20010623"
|
|
},
|
|
{
|
|
"ID": "CVE-2003-0085",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "NVD-CWE-Other",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2003-0085",
|
|
"Impact": "Critical",
|
|
"Public": "20030331"
|
|
},
|
|
{
|
|
"ID": "CVE-2003-0086",
|
|
"CVSS": "AV:L/AC:H/Au:N/C:N/I:P/A:N",
|
|
"CWE": "NVD-CWE-Other",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2003-0086",
|
|
"Impact": "Low",
|
|
"Public": "20030331"
|
|
},
|
|
{
|
|
"ID": "CVE-2003-0196",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "NVD-CWE-Other",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2003-0196",
|
|
"Impact": "Critical",
|
|
"Public": "20030505"
|
|
},
|
|
{
|
|
"ID": "CVE-2003-0201",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "NVD-CWE-Other",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2003-0201",
|
|
"Impact": "Critical",
|
|
"Public": "20030505"
|
|
},
|
|
{
|
|
"ID": "CVE-2004-0815",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"CWE": "NVD-CWE-Other",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2004-0815",
|
|
"Impact": "High",
|
|
"Public": "20041103"
|
|
},
|
|
{
|
|
"ID": "CVE-2004-1154",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CWE": "NVD-CWE-Other",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2004-1154",
|
|
"Impact": "Critical",
|
|
"Public": "20050110"
|
|
},
|
|
{
|
|
"ID": "CVE-2007-6015",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2007-6015",
|
|
"Impact": "Critical",
|
|
"Public": "20071213"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:10",
|
|
"cpe:/o:alt:spserver:10"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211547001",
|
|
"Comment": "ldb-tools is earlier than 0:2.2.1-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211547002",
|
|
"Comment": "libldb is earlier than 0:2.2.1-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211547003",
|
|
"Comment": "libldb-devel is earlier than 0:2.2.1-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211547004",
|
|
"Comment": "python3-module-pyldb is earlier than 0:2.2.1-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211547005",
|
|
"Comment": "python3-module-pyldb-devel is earlier than 0:2.2.1-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |