vuln-list-alt/oval/p11/ALT-PU-2024-2019/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20242019",
      "Version": "oval:org.altlinux.errata:def:20242019",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2024-2019: package `gem-nokogiri` update to version 1.16.2-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2024-2019",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2024-2019",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2024-25062",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-25062",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades gem-nokogiri to version 1.16.2-alt1. \nSecurity Fix(es):\n\n * CVE-2024-25062: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2024-02-11"
          },
          "Updated": {
            "Date": "2024-02-12"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2024-25062",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-25062",
              "Impact": "High",
              "Public": "20240204"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20242019001",
                "Comment": "gem-nokogiri is earlier than 0:1.16.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20242019002",
                "Comment": "gem-nokogiri-devel is earlier than 0:1.16.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20242019003",
                "Comment": "gem-nokogiri-doc is earlier than 0:1.16.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20242019004",
                "Comment": "nokogiri is earlier than 0:1.16.2-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}