vuln-list-alt/oval/p11/ALT-PU-2022-2920/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20222920",
      "Version": "oval:org.altlinux.errata:def:20222920",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2022-2920: package `arj` update to version 3.10.22-alt9",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2022-2920",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2022-2920",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2015-0557",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-0557",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades arj to version 3.10.22-alt9. \nSecurity Fix(es):\n\n * CVE-2015-0557: Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.\n\n * #44143: Зависает при создании архивов",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2022-10-25"
          },
          "Updated": {
            "Date": "2022-10-25"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2015-0557",
              "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
              "CWE": "CWE-22",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-0557",
              "Impact": "Low",
              "Public": "20150408"
            }
          ],
          "Bugzilla": [
            {
              "ID": "44143",
              "Href": "https://bugzilla.altlinux.org/44143",
              "Data": "Зависает при создании архивов"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222920001",
                "Comment": "arj is earlier than 1:3.10.22-alt9"
              }
            ]
          }
        ]
      }
    }
  ]
}