128 lines
4.6 KiB
JSON
128 lines
4.6 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20231574",
|
|
"Version": "oval:org.altlinux.errata:def:20231574",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2023-1574: package `qt5-webengine` update to version 5.15.13-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c10f1"
|
|
],
|
|
"Products": [
|
|
"ALT SP Workstation",
|
|
"ALT SP Server"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2023-1574",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-1574",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2023-02373",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2023-02373",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2023-24607",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-24607",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades qt5-webengine to version 5.15.13-alt1. \nSecurity Fix(es):\n\n * BDU:2023-02373: Уязвимость плагина SQL ODBC кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-24607: Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2023-04-04"
|
|
},
|
|
"Updated": {
|
|
"Date": "2023-04-04"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2023-02373",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
|
|
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "CWE-20, CWE-404",
|
|
"Href": "https://bdu.fstec.ru/vul/2023-02373",
|
|
"Impact": "High",
|
|
"Public": "20230415"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2023-24607",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "NVD-CWE-noinfo",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-24607",
|
|
"Impact": "High",
|
|
"Public": "20230415"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:10",
|
|
"cpe:/o:alt:spserver:10"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20231574001",
|
|
"Comment": "libqt5-pdf is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20231574002",
|
|
"Comment": "libqt5-pdfwidgets is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20231574003",
|
|
"Comment": "libqt5-webengine is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20231574004",
|
|
"Comment": "libqt5-webenginecore is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20231574005",
|
|
"Comment": "libqt5-webenginewidgets is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20231574006",
|
|
"Comment": "qt5-webengine-common is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20231574007",
|
|
"Comment": "qt5-webengine-devel is earlier than 0:5.15.13-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20231574008",
|
|
"Comment": "qt5-webengine-doc is earlier than 0:5.15.13-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |