pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2021-1734/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

99 lines
3.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20211734",
"Version": "oval:org.altlinux.errata:def:20211734",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-1734: package `sddm` update to version 0.19.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-1734",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1734",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-01700",
"RefURL": "https://bdu.fstec.ru/vul/2021-01700",
"Source": "BDU"
},
{
"RefID": "CVE-2020-28049",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28049",
"Source": "CVE"
}
],
"Description": "This update upgrades sddm to version 0.19.0-alt1. \nSecurity Fix(es):\n\n * BDU:2021-01700: Уязвимость компонента X server экранного менеджера SDDM, связанная с одновременным выполнением с использованием общего ресурса с неправильной синхронизацией, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность\n\n * CVE-2020-28049: An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-04-28"
},
"Updated": {
"Date": "2021-04-28"
},
"BDUs": [
{
"ID": "BDU:2021-01700",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-362",
"Href": "https://bdu.fstec.ru/vul/2021-01700",
"Impact": "Low",
"Public": "20201001"
}
],
"CVEs": [
{
"ID": "CVE-2020-28049",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28049",
"Impact": "Low",
"Public": "20201104"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20211734001",
"Comment": "sddm is earlier than 0:0.19.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink