vuln-list-alt/oval/p11/ALT-PU-2021-2545/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20212545",
      "Version": "oval:org.altlinux.errata:def:20212545",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2021-2545: package `glances` update to version 3.2.3-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2021-2545",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2021-2545",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2022-02263",
            "RefURL": "https://bdu.fstec.ru/vul/2022-02263",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2021-23418",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-23418",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades glances to version 3.2.3-alt1. \nSecurity Fix(es):\n\n * BDU:2022-02263: Уязвимость инструмента мониторинга Glances, связанная с неверным ограничением XML-ссылок на внешние объекты, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2021-23418: The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Critical",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2021-08-17"
          },
          "Updated": {
            "Date": "2021-08-17"
          },
          "BDUs": [
            {
              "ID": "BDU:2022-02263",
              "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
              "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-611",
              "Href": "https://bdu.fstec.ru/vul/2022-02263",
              "Impact": "Critical",
              "Public": "20210729"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2021-23418",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-611",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-23418",
              "Impact": "Critical",
              "Public": "20210729"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20212545001",
                "Comment": "glances is earlier than 0:3.2.3-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20212545002",
                "Comment": "python3-module-glances is earlier than 0:3.2.3-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}