vuln-list-alt/oval/p11/ALT-PU-2024-1362/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20241362",
      "Version": "oval:org.altlinux.errata:def:20241362",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2024-1362: package `libdnf` update to version 0.65.0-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2024-1362",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2024-1362",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2021-04884",
            "RefURL": "https://bdu.fstec.ru/vul/2021-04884",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2021-3445",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3445",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades libdnf to version 0.65.0-alt1. \nSecurity Fix(es):\n\n * BDU:2021-04884: Уязвимость библиотеки менеджера пакета libdnf, связанная с некорректным подтверждением криптографической подписи данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2021-3445: A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2024-01-24"
          },
          "Updated": {
            "Date": "2024-01-24"
          },
          "BDUs": [
            {
              "ID": "BDU:2021-04884",
              "CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
              "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "CWE": "CWE-347",
              "Href": "https://bdu.fstec.ru/vul/2021-04884",
              "Impact": "High",
              "Public": "20210412"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2021-3445",
              "CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3445",
              "Impact": "High",
              "Public": "20210519"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20241362001",
                "Comment": "libdnf is earlier than 0:0.65.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20241362002",
                "Comment": "libdnf-devel is earlier than 0:0.65.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20241362003",
                "Comment": "python3-module-hawkey is earlier than 0:0.65.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20241362004",
                "Comment": "python3-module-libdnf is earlier than 0:0.65.0-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}