pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2020-1938/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

242 lines
10 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20201938",
"Version": "oval:org.altlinux.errata:def:20201938",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-1938: package `libvirt` update to version 6.3.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-1938",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-1938",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-04593",
"RefURL": "https://bdu.fstec.ru/vul/2021-04593",
"Source": "BDU"
},
{
"RefID": "CVE-2020-14301",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-14301",
"Source": "CVE"
}
],
"Description": "This update upgrades libvirt to version 6.3.0-alt1. \nSecurity Fix(es):\n\n * BDU:2021-04593: Уязвимость файлов cookie HTTP библиотеки управления виртуализацией Libvirt, связанная с неправильным межграничным удалением критичных данных, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * CVE-2020-14301: An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-05-08"
},
"Updated": {
"Date": "2020-05-08"
},
"BDUs": [
{
"ID": "BDU:2021-04593",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-212",
"Href": "https://bdu.fstec.ru/vul/2021-04593",
"Impact": "Low",
"Public": "20200617"
}
],
"CVEs": [
{
"ID": "CVE-2020-14301",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-14301",
"Impact": "Low",
"Public": "20210527"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20201938001",
"Comment": "libvirt is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938002",
"Comment": "libvirt-admin is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938003",
"Comment": "libvirt-client is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938004",
"Comment": "libvirt-daemon is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938005",
"Comment": "libvirt-daemon-config-network is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938006",
"Comment": "libvirt-daemon-config-nwfilter is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938007",
"Comment": "libvirt-daemon-driver-interface is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938008",
"Comment": "libvirt-daemon-driver-lxc is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938009",
"Comment": "libvirt-daemon-driver-network is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938010",
"Comment": "libvirt-daemon-driver-nodedev is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938011",
"Comment": "libvirt-daemon-driver-nwfilter is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938012",
"Comment": "libvirt-daemon-driver-qemu is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938013",
"Comment": "libvirt-daemon-driver-secret is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938014",
"Comment": "libvirt-daemon-driver-storage is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938015",
"Comment": "libvirt-daemon-driver-storage-core is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938016",
"Comment": "libvirt-daemon-driver-storage-disk is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938017",
"Comment": "libvirt-daemon-driver-storage-fs is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938018",
"Comment": "libvirt-daemon-driver-storage-gluster is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938019",
"Comment": "libvirt-daemon-driver-storage-iscsi is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938020",
"Comment": "libvirt-daemon-driver-storage-iscsi-direct is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938021",
"Comment": "libvirt-daemon-driver-storage-logical is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938022",
"Comment": "libvirt-daemon-driver-storage-mpath is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938023",
"Comment": "libvirt-daemon-driver-storage-rbd is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938024",
"Comment": "libvirt-daemon-driver-storage-scsi is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938025",
"Comment": "libvirt-daemon-driver-storage-zfs is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938026",
"Comment": "libvirt-daemon-driver-vbox is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938027",
"Comment": "libvirt-devel is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938028",
"Comment": "libvirt-docs is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938029",
"Comment": "libvirt-kvm is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938030",
"Comment": "libvirt-libs is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938031",
"Comment": "libvirt-lock-sanlock is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938032",
"Comment": "libvirt-login-shell is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938033",
"Comment": "libvirt-lxc is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938034",
"Comment": "libvirt-qemu is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938035",
"Comment": "libvirt-qemu-common is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938036",
"Comment": "libvirt-vbox is earlier than 0:6.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201938037",
"Comment": "nss-libvirt is earlier than 0:6.3.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink