vuln-list-alt/oval/c10f1/ALT-PU-2021-2508/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20212508",
      "Version": "oval:org.altlinux.errata:def:20212508",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2021-2508: package `c-ares` update to version 1.17.2-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c10f1"
            ],
            "Products": [
              "ALT SP Workstation",
              "ALT SP Server"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2021-2508",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2021-2508",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2022-00342",
            "RefURL": "https://bdu.fstec.ru/vul/2022-00342",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2021-3672",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades c-ares to version 1.17.2-alt1. \nSecurity Fix(es):\n\n * BDU:2022-00342: Уязвимость библиотеки СИ для асинхронных запросов DNS c-ares, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2021-3672: A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2021-08-13"
          },
          "Updated": {
            "Date": "2021-08-13"
          },
          "BDUs": [
            {
              "ID": "BDU:2022-00342",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
              "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "CWE": "CWE-79",
              "Href": "https://bdu.fstec.ru/vul/2022-00342",
              "Impact": "Low",
              "Public": "20210810"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2021-3672",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "CWE": "CWE-79",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672",
              "Impact": "Low",
              "Public": "20211123"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:10",
              "cpe:/o:alt:spserver:10"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:4001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20212508001",
                "Comment": "c-ares is earlier than 0:1.17.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20212508002",
                "Comment": "libcares is earlier than 0:1.17.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20212508003",
                "Comment": "libcares-devel is earlier than 0:1.17.2-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}