2024-12-12 21:07:30 +00:00

234 lines
9.7 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20151457",
"Version": "oval:org.altlinux.errata:def:20151457",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2015-1457: package `proftpd` update to version 1.3.5-alt2.gita31d0ab",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2015-1457",
"RefURL": "https://errata.altlinux.org/ALT-PU-2015-1457",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-02003",
"RefURL": "https://bdu.fstec.ru/vul/2015-02003",
"Source": "BDU"
},
{
"RefID": "CVE-2012-6095",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2012-6095",
"Source": "CVE"
},
{
"RefID": "CVE-2013-4359",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-4359",
"Source": "CVE"
}
],
"Description": "This update upgrades proftpd to version 1.3.5-alt2.gita31d0ab. \nSecurity Fix(es):\n\n * BDU:2015-02003: Уязвимости операционной системы Debian GNU/Linux, позволяющие локальному злоумышленнику нарушить целостность защищаемой информации\n\n * CVE-2012-6095: ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.\n\n * CVE-2013-4359: Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2015-05-21"
},
"Updated": {
"Date": "2015-05-21"
},
"BDUs": [
{
"ID": "BDU:2015-02003",
"CVSS": "AV:L/AC:H/Au:N/C:N/I:P/A:N",
"CWE": "CWE-362",
"Href": "https://bdu.fstec.ru/vul/2015-02003",
"Impact": "Low",
"Public": "20130124"
}
],
"CVEs": [
{
"ID": "CVE-2012-6095",
"CVSS": "AV:L/AC:H/Au:N/C:N/I:P/A:N",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2012-6095",
"Impact": "Low",
"Public": "20130124"
},
{
"ID": "CVE-2013-4359",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-189",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-4359",
"Impact": "Low",
"Public": "20130930"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20151457001",
"Comment": "proftpd is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457002",
"Comment": "proftpd-control is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457003",
"Comment": "proftpd-devel is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457004",
"Comment": "proftpd-mod_ban is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457005",
"Comment": "proftpd-mod_ctrls_admin is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457006",
"Comment": "proftpd-mod_dynmasq is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457007",
"Comment": "proftpd-mod_exec is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457008",
"Comment": "proftpd-mod_facl is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457009",
"Comment": "proftpd-mod_ifsession is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457010",
"Comment": "proftpd-mod_ldap is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457011",
"Comment": "proftpd-mod_load is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457012",
"Comment": "proftpd-mod_quotatab is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457013",
"Comment": "proftpd-mod_quotatab_file is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457014",
"Comment": "proftpd-mod_quotatab_ldap is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457015",
"Comment": "proftpd-mod_quotatab_sql is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457016",
"Comment": "proftpd-mod_radius is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457017",
"Comment": "proftpd-mod_ratio is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457018",
"Comment": "proftpd-mod_rewrite is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457019",
"Comment": "proftpd-mod_sftp is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457020",
"Comment": "proftpd-mod_sftp_pam is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457021",
"Comment": "proftpd-mod_sftp_sql is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457022",
"Comment": "proftpd-mod_shaper is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457023",
"Comment": "proftpd-mod_site_misc is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457024",
"Comment": "proftpd-mod_sql is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457025",
"Comment": "proftpd-mod_sql_mysql is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457026",
"Comment": "proftpd-mod_sql_passwd is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457027",
"Comment": "proftpd-mod_sql_postgres is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457028",
"Comment": "proftpd-mod_sql_sqlite is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457029",
"Comment": "proftpd-mod_tls is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457030",
"Comment": "proftpd-mod_tls_memcache is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457031",
"Comment": "proftpd-mod_tls_shmcache is earlier than 0:1.3.5-alt2.gita31d0ab"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151457032",
"Comment": "proftpd-mod_unique_id is earlier than 0:1.3.5-alt2.gita31d0ab"
}
]
}
]
}
}
]
}