pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2024-8547/definitions.json
pepelyaevip d4fbc9cb7f ALT Vulnerability
2024-07-04 03:05:09 +00:00

171 lines
7.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20248547",
"Version": "oval:org.altlinux.errata:def:20248547",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-8547: package `kubernetes1.28` update to version 1.28.10-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-8547",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-8547",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-02688",
"RefURL": "https://bdu.fstec.ru/vul/2024-02688",
"Source": "BDU"
},
{
"RefID": "BDU:2024-04110",
"RefURL": "https://bdu.fstec.ru/vul/2024-04110",
"Source": "BDU"
},
{
"RefID": "CVE-2023-45288",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"Source": "CVE"
},
{
"RefID": "CVE-2024-3177",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3177",
"Source": "CVE"
}
],
"Description": "This update upgrades kubernetes1.28 to version 1.28.10-alt1. \nSecurity Fix(es):\n\n * BDU:2024-02688: Уязвимость библиотек net/http и net/http2 языка программирования Go, связана с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-04110: Уязвимость компонента KUBE-APISERVER программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю запускать контейнеры в обход политики безопасности\n\n * CVE-2023-45288: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.\n\n * CVE-2024-3177: A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service accounts secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.\n\n",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-07-03"
},
"Updated": {
"Date": "2024-07-03"
},
"BDUs": [
{
"ID": "BDU:2024-02688",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2024-02688",
"Impact": "Low",
"Public": "20240404"
},
{
"ID": "BDU:2024-04110",
"CVSS": "AV:N/AC:L/Au:M/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2024-04110",
"Impact": "Low",
"Public": "20240422"
}
],
"CVEs": [
{
"ID": "CVE-2023-45288",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"Impact": "None",
"Public": "20240404"
},
{
"ID": "CVE-2024-3177",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3177",
"Impact": "None",
"Public": "20240422"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20248547001",
"Comment": "kubernetes1.28-client is earlier than 0:1.28.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248547002",
"Comment": "kubernetes1.28-common is earlier than 0:1.28.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248547003",
"Comment": "kubernetes1.28-crio is earlier than 0:1.28.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248547004",
"Comment": "kubernetes1.28-kubeadm is earlier than 0:1.28.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248547005",
"Comment": "kubernetes1.28-kubelet is earlier than 0:1.28.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248547006",
"Comment": "kubernetes1.28-master is earlier than 0:1.28.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248547007",
"Comment": "kubernetes1.28-node is earlier than 0:1.28.10-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink