vuln-list-alt/oval/p11/ALT-PU-2018-1866/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20181866",
      "Version": "oval:org.altlinux.errata:def:20181866",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2018-1866: package `nginx` update to version 1.14.0-alt1.S1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2018-1866",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2018-1866",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2021-04615",
            "RefURL": "https://bdu.fstec.ru/vul/2021-04615",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2017-20005",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-20005",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2017-7529",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-7529",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades nginx to version 1.14.0-alt1.S1. \nSecurity Fix(es):\n\n * BDU:2021-04615: Уязвимость модуля autoindex сервера NGINX, связанная с целочисленным переполнением, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2017-20005: NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.\n\n * CVE-2017-7529: Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Critical",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2018-06-07"
          },
          "Updated": {
            "Date": "2018-06-07"
          },
          "BDUs": [
            {
              "ID": "BDU:2021-04615",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
              "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-190",
              "Href": "https://bdu.fstec.ru/vul/2021-04615",
              "Impact": "Critical",
              "Public": "20170828"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2017-20005",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-190",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-20005",
              "Impact": "Critical",
              "Public": "20210606"
            },
            {
              "ID": "CVE-2017-7529",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-7529",
              "Impact": "High",
              "Public": "20170713"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181866001",
                "Comment": "nginx is earlier than 0:1.14.0-alt1.S1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181866002",
                "Comment": "nginx-geoip is earlier than 0:1.14.0-alt1.S1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181866003",
                "Comment": "nginx-image_filter is earlier than 0:1.14.0-alt1.S1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181866004",
                "Comment": "nginx-pam is earlier than 0:1.14.0-alt1.S1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181866005",
                "Comment": "nginx-perl is earlier than 0:1.14.0-alt1.S1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181866006",
                "Comment": "nginx-spnego is earlier than 0:1.14.0-alt1.S1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181866007",
                "Comment": "nginx-xslt is earlier than 0:1.14.0-alt1.S1"
              }
            ]
          }
        ]
      }
    }
  ]
}