vuln-list-alt/oval/c10f1/ALT-PU-2021-3612/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20213612",
      "Version": "oval:org.altlinux.errata:def:20213612",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2021-3612: package `glances` update to version 3.2.4.2-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c10f1"
            ],
            "Products": [
              "ALT SP Workstation",
              "ALT SP Server"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2021-3612",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2021-3612",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2022-02263",
            "RefURL": "https://bdu.fstec.ru/vul/2022-02263",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2021-23418",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-23418",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades glances to version 3.2.4.2-alt1. \nSecurity Fix(es):\n\n * BDU:2022-02263: Уязвимость инструмента мониторинга Glances, связанная с неверным ограничением XML-ссылок на внешние объекты, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2021-23418: The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Critical",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2021-12-23"
          },
          "Updated": {
            "Date": "2021-12-23"
          },
          "BDUs": [
            {
              "ID": "BDU:2022-02263",
              "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
              "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-611",
              "Href": "https://bdu.fstec.ru/vul/2022-02263",
              "Impact": "Critical",
              "Public": "20210729"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2021-23418",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-611",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-23418",
              "Impact": "Critical",
              "Public": "20210729"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:10",
              "cpe:/o:alt:spserver:10"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:4001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20213612001",
                "Comment": "glances is earlier than 0:3.2.4.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20213612002",
                "Comment": "python3-module-glances is earlier than 0:3.2.4.2-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}