pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2020-2749/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

131 lines
4.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20202749",
"Version": "oval:org.altlinux.errata:def:20202749",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-2749: package `gnutls30` update to version 3.6.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-2749",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-2749",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-00225",
"RefURL": "https://bdu.fstec.ru/vul/2022-00225",
"Source": "BDU"
},
{
"RefID": "CVE-2020-24659",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-24659",
"Source": "CVE"
}
],
"Description": "This update upgrades gnutls30 to version 3.6.15-alt1. \nSecurity Fix(es):\n\n * BDU:2022-00225: Уязвимость клиента TLS 1.3 библиотеки безопасности транспортного уровня GnuTLS, связанная с записью за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2020-24659: An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-09-09"
},
"Updated": {
"Date": "2020-09-09"
},
"BDUs": [
{
"ID": "BDU:2022-00225",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-00225",
"Impact": "High",
"Public": "20200820"
}
],
"CVEs": [
{
"ID": "CVE-2020-24659",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-24659",
"Impact": "High",
"Public": "20200904"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20202749001",
"Comment": "gnutls-utils is earlier than 0:3.6.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202749002",
"Comment": "gnutls30-devel-doc is earlier than 0:3.6.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202749003",
"Comment": "libgnutls-devel is earlier than 0:3.6.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202749004",
"Comment": "libgnutls-guile is earlier than 0:3.6.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202749005",
"Comment": "libgnutls-openssl-devel is earlier than 0:3.6.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202749006",
"Comment": "libgnutls27-openssl is earlier than 0:3.6.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202749007",
"Comment": "libgnutls30 is earlier than 0:3.6.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202749008",
"Comment": "libgnutlsxx-devel is earlier than 0:3.6.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202749009",
"Comment": "libgnutlsxx28 is earlier than 0:3.6.15-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink