120 lines
4.2 KiB
JSON
120 lines
4.2 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20203538",
|
|
"Version": "oval:org.altlinux.errata:def:20203538",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2020-3538: package `libdb4.7` update to version 4.7.25-alt10",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p11"
|
|
],
|
|
"Products": [
|
|
"ALT Container"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2020-3538",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-3538",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-10140",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10140",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades libdb4.7 to version 4.7.25-alt10. \nSecurity Fix(es):\n\n * CVE-2017-10140: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2020-12-19"
|
|
},
|
|
"Updated": {
|
|
"Date": "2020-12-19"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2017-10140",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
|
|
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "NVD-CWE-noinfo",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10140",
|
|
"Impact": "High",
|
|
"Public": "20180416"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:container:11"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203538001",
|
|
"Comment": "db4.7-utils is earlier than 0:4.7.25-alt10"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203538002",
|
|
"Comment": "libdb4.7 is earlier than 0:4.7.25-alt10"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203538003",
|
|
"Comment": "libdb4.7-devel is earlier than 0:4.7.25-alt10"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203538004",
|
|
"Comment": "libdb4.7-devel-static is earlier than 0:4.7.25-alt10"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203538005",
|
|
"Comment": "libdb4.7-doc is earlier than 0:4.7.25-alt10"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203538006",
|
|
"Comment": "libdb4.7_cxx is earlier than 0:4.7.25-alt10"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203538007",
|
|
"Comment": "libdb4.7_cxx-devel is earlier than 0:4.7.25-alt10"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203538008",
|
|
"Comment": "libdb4.7_cxx-devel-static is earlier than 0:4.7.25-alt10"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203538009",
|
|
"Comment": "libdb4.7_int is earlier than 0:4.7.25-alt10"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203538010",
|
|
"Comment": "libdb4.7_int-devel is earlier than 0:4.7.25-alt10"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |