vuln-list-alt/oval/p10/ALT-PU-2020-1480/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20201480",
      "Version": "oval:org.altlinux.errata:def:20201480",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2020-1480: package `glib2` update to version 2.64.1-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p10"
            ],
            "Products": [
              "ALT Server",
              "ALT Virtualization Server",
              "ALT Workstation",
              "ALT Workstation K",
              "ALT Education",
              "Simply Linux",
              "Starterkit"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2020-1480",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2020-1480",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2020-6750",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6750",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2021-3800",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3800",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades glib2 to version 2.64.1-alt1. \nSecurity Fix(es):\n\n * CVE-2020-6750: GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.\n\n * CVE-2021-3800: A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2020-03-15"
          },
          "Updated": {
            "Date": "2020-03-15"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2020-6750",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
              "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "CWE": "NVD-CWE-noinfo",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6750",
              "Impact": "Low",
              "Public": "20200109"
            },
            {
              "ID": "CVE-2021-3800",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
              "CWE": "CWE-200",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3800",
              "Impact": "Low",
              "Public": "20220823"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:kworkstation:10",
              "cpe:/o:alt:workstation:10",
              "cpe:/o:alt:server:10",
              "cpe:/o:alt:server-v:10",
              "cpe:/o:alt:education:10",
              "cpe:/o:alt:slinux:10",
              "cpe:/o:alt:starterkit:p10",
              "cpe:/o:alt:kworkstation:10.1",
              "cpe:/o:alt:workstation:10.1",
              "cpe:/o:alt:server:10.1",
              "cpe:/o:alt:server-v:10.1",
              "cpe:/o:alt:education:10.1",
              "cpe:/o:alt:slinux:10.1",
              "cpe:/o:alt:starterkit:10.1",
              "cpe:/o:alt:kworkstation:10.2",
              "cpe:/o:alt:workstation:10.2",
              "cpe:/o:alt:server:10.2",
              "cpe:/o:alt:server-v:10.2",
              "cpe:/o:alt:education:10.2",
              "cpe:/o:alt:slinux:10.2",
              "cpe:/o:alt:starterkit:10.2"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:2001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201480001",
                "Comment": "glib2 is earlier than 0:2.64.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201480002",
                "Comment": "glib2-devel is earlier than 0:2.64.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201480003",
                "Comment": "glib2-devel-static is earlier than 0:2.64.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201480004",
                "Comment": "glib2-doc is earlier than 0:2.64.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201480005",
                "Comment": "glib2-locales is earlier than 0:2.64.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201480006",
                "Comment": "glib2-tests is earlier than 0:2.64.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201480007",
                "Comment": "libgio is earlier than 0:2.64.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201480008",
                "Comment": "libgio-devel is earlier than 0:2.64.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20201480009",
                "Comment": "libgio-doc is earlier than 0:2.64.1-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}