vuln-list-alt/oval/p11/ALT-PU-2017-2710/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20172710",
      "Version": "oval:org.altlinux.errata:def:20172710",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2017-2710: package `rabbitmq-server` update to version 3.6.14-alt4",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2017-2710",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2017-2710",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2016-9877",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9877",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades rabbitmq-server to version 3.6.14-alt4. \nSecurity Fix(es):\n\n * CVE-2016-9877: An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Critical",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2017-11-29"
          },
          "Updated": {
            "Date": "2017-11-29"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2016-9877",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-284",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9877",
              "Impact": "Critical",
              "Public": "20161229"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20172710001",
                "Comment": "rabbitmq-server is earlier than 0:3.6.14-alt4"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20172710002",
                "Comment": "rabbitmq-server-devel is earlier than 0:3.6.14-alt4"
              }
            ]
          }
        ]
      }
    }
  ]
}