105 lines
3.5 KiB
JSON
105 lines
3.5 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20211907",
|
|
"Version": "oval:org.altlinux.errata:def:20211907",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2021-1907: package `jackson-databind` update to version 2.11.2-alt1_2jpp11",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c10f1"
|
|
],
|
|
"Products": [
|
|
"ALT SP Workstation",
|
|
"ALT SP Server"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2021-1907",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1907",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2022-05602",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2022-05602",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2020-25649",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades jackson-databind to version 2.11.2-alt1_2jpp11. \nSecurity Fix(es):\n\n * BDU:2022-05602: Уязвимость компонента DOMDeserializer библиотеки FasterXML jackson-databind, позволяющая нарушителю проводить XXE-атаки\n\n * CVE-2020-25649: A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2021-06-02"
|
|
},
|
|
"Updated": {
|
|
"Date": "2021-06-02"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2022-05602",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
|
|
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
|
"CWE": "CWE-611",
|
|
"Href": "https://bdu.fstec.ru/vul/2022-05602",
|
|
"Impact": "High",
|
|
"Public": "20201203"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2020-25649",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
|
"CWE": "CWE-611",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649",
|
|
"Impact": "High",
|
|
"Public": "20201203"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:10",
|
|
"cpe:/o:alt:spserver:10"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211907001",
|
|
"Comment": "jackson-databind is earlier than 0:2.11.2-alt1_2jpp11"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211907002",
|
|
"Comment": "jackson-databind-javadoc is earlier than 0:2.11.2-alt1_2jpp11"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |