pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2023-2066/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

99 lines
3.4 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20232066",
"Version": "oval:org.altlinux.errata:def:20232066",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-2066: package `php8.2` update to version 8.2.7-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-2066",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-2066",
"Source": "ALTPU"
},
{
"RefID": "CVE-2023-3247",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-3247",
"Source": "CVE"
}
],
"Description": "This update upgrades php8.2 to version 8.2.7-alt1. \nSecurity Fix(es):\n\n * CVE-2023-3247: In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. \n\n",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-06-25"
},
"Updated": {
"Date": "2023-06-25"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2023-3247",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-330",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-3247",
"Impact": "Low",
"Public": "20230722"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20232066001",
"Comment": "php8.2 is earlier than 0:8.2.7-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20232066002",
"Comment": "php8.2-devel is earlier than 0:8.2.7-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20232066003",
"Comment": "php8.2-libs is earlier than 0:8.2.7-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20232066004",
"Comment": "php8.2-mysqlnd is earlier than 0:8.2.7-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20232066005",
"Comment": "rpm-build-php8.2-version is earlier than 0:8.2.7-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink