vuln-list-alt/oval/p10/ALT-PU-2024-8546/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20248546",
      "Version": "oval:org.altlinux.errata:def:20248546",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2024-8546: package `kubernetes1.27` update to version 1.27.14-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p10"
            ],
            "Products": [
              "ALT Server",
              "ALT Virtualization Server",
              "ALT Workstation",
              "ALT Workstation K",
              "ALT Education",
              "Simply Linux",
              "Starterkit"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2024-8546",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2024-8546",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2024-04110",
            "RefURL": "https://bdu.fstec.ru/vul/2024-04110",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2024-3177",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3177",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades kubernetes1.27 to version 1.27.14-alt1. \nSecurity Fix(es):\n\n * BDU:2024-04110: Уязвимость компонента KUBE-APISERVER программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю запускать контейнеры в обход политики безопасности\n\n * CVE-2024-3177: A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.\n\n",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2024-07-03"
          },
          "Updated": {
            "Date": "2024-07-03"
          },
          "BDUs": [
            {
              "ID": "BDU:2024-04110",
              "CVSS": "AV:N/AC:L/Au:M/C:P/I:N/A:N",
              "CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
              "CWE": "CWE-20",
              "Href": "https://bdu.fstec.ru/vul/2024-04110",
              "Impact": "Low",
              "Public": "20240422"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2024-3177",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3177",
              "Impact": "None",
              "Public": "20240422"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:kworkstation:10",
              "cpe:/o:alt:workstation:10",
              "cpe:/o:alt:server:10",
              "cpe:/o:alt:server-v:10",
              "cpe:/o:alt:education:10",
              "cpe:/o:alt:slinux:10",
              "cpe:/o:alt:starterkit:p10",
              "cpe:/o:alt:kworkstation:10.1",
              "cpe:/o:alt:workstation:10.1",
              "cpe:/o:alt:server:10.1",
              "cpe:/o:alt:server-v:10.1",
              "cpe:/o:alt:education:10.1",
              "cpe:/o:alt:slinux:10.1",
              "cpe:/o:alt:starterkit:10.1",
              "cpe:/o:alt:kworkstation:10.2",
              "cpe:/o:alt:workstation:10.2",
              "cpe:/o:alt:server:10.2",
              "cpe:/o:alt:server-v:10.2",
              "cpe:/o:alt:education:10.2",
              "cpe:/o:alt:slinux:10.2",
              "cpe:/o:alt:starterkit:10.2"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:2001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20248546001",
                "Comment": "kubernetes1.27-client is earlier than 0:1.27.14-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20248546002",
                "Comment": "kubernetes1.27-common is earlier than 0:1.27.14-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20248546003",
                "Comment": "kubernetes1.27-crio is earlier than 0:1.27.14-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20248546004",
                "Comment": "kubernetes1.27-kubeadm is earlier than 0:1.27.14-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20248546005",
                "Comment": "kubernetes1.27-kubelet is earlier than 0:1.27.14-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20248546006",
                "Comment": "kubernetes1.27-master is earlier than 0:1.27.14-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20248546007",
                "Comment": "kubernetes1.27-node is earlier than 0:1.27.14-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}