pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2024-2554/definitions.json
pepelyaevip 43c7060749 ALT Vulnerability
2024-12-18 09:06:35 +00:00

271 lines
12 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20242554",
"Version": "oval:org.altlinux.errata:def:20242554",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-2554: package `dotnet-runtime-8.0` update to version 8.0.2-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-2554",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-2554",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-08097",
"RefURL": "https://bdu.fstec.ru/vul/2023-08097",
"Source": "BDU"
},
{
"RefID": "BDU:2023-08244",
"RefURL": "https://bdu.fstec.ru/vul/2023-08244",
"Source": "BDU"
},
{
"RefID": "BDU:2023-08245",
"RefURL": "https://bdu.fstec.ru/vul/2023-08245",
"Source": "BDU"
},
{
"RefID": "BDU:2024-00281",
"RefURL": "https://bdu.fstec.ru/vul/2024-00281",
"Source": "BDU"
},
{
"RefID": "BDU:2024-00402",
"RefURL": "https://bdu.fstec.ru/vul/2024-00402",
"Source": "BDU"
},
{
"RefID": "BDU:2024-00642",
"RefURL": "https://bdu.fstec.ru/vul/2024-00642",
"Source": "BDU"
},
{
"RefID": "CVE-2023-36038",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-36038",
"Source": "CVE"
},
{
"RefID": "CVE-2023-36049",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-36049",
"Source": "CVE"
},
{
"RefID": "CVE-2023-36558",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-36558",
"Source": "CVE"
},
{
"RefID": "CVE-2024-0056",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-0056",
"Source": "CVE"
},
{
"RefID": "CVE-2024-0057",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-0057",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21319",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21319",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21386",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21386",
"Source": "CVE"
},
{
"RefID": "CVE-2024-21404",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21404",
"Source": "CVE"
}
],
"Description": "This update upgrades dotnet-runtime-8.0 to version 8.0.2-alt1. \nSecurity Fix(es):\n\n * BDU:2023-08097: Уязвимость программной платформы ASP.NET Core, связанная с некорректной зачисткой или освобождением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-08244: Уязвимость программной платформы Microsoft .NET Framework, средства разработки программного обеспечения Microsoft Visual Studio, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2023-08245: Уязвимость программной платформы ASP.NET Core, связанная с ошибками в настройках безопасности, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2024-00281: Уязвимость библиотек Microsoft.Data.Sqlclient (MDS) и System.Data.Sqlclient (SDS) программных платформ Microsoft .NET Framework и .NET, связанная с ошибками в настройках безопасности, позволяющая нарушителю обойти ограничения безопасности и реализовать атаку типа «человек посередине»\n\n * BDU:2024-00402: Уязвимость программных платформ Microsoft .NET Framework, .NET и средства разработки программного обеспечения Microsoft Visual Studio, связанная с ошибками в настройках безопасности, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2024-00642: Уязвимость библиотеки Microsoft Identity программной платформы Microsoft .NET, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-36038: ASP.NET Core Denial of Service Vulnerability\n\n * CVE-2023-36049: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability\n\n * CVE-2023-36558: ASP.NET Core - Security Feature Bypass Vulnerability\n\n * CVE-2024-0056: Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability\n\n * CVE-2024-0057: NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability\n\n * CVE-2024-21319: Microsoft Identity Denial of service vulnerability\n\n * CVE-2024-21386: .NET Denial of Service Vulnerability\n\n * CVE-2024-21404: .NET Denial of Service Vulnerability",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-02-19"
},
"Updated": {
"Date": "2024-02-19"
},
"BDUs": [
{
"ID": "BDU:2023-08097",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2023-08097",
"Impact": "High",
"Public": "20231114"
},
{
"ID": "BDU:2023-08244",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:C/A:P",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2023-08244",
"Impact": "High",
"Public": "20231114"
},
{
"ID": "BDU:2023-08245",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-254, CWE-285",
"Href": "https://bdu.fstec.ru/vul/2023-08245",
"Impact": "Low",
"Public": "20231114"
},
{
"ID": "BDU:2024-00281",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"CWE": "CWE-254",
"Href": "https://bdu.fstec.ru/vul/2024-00281",
"Impact": "High",
"Public": "20240109"
},
{
"ID": "BDU:2024-00402",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-254",
"Href": "https://bdu.fstec.ru/vul/2024-00402",
"Impact": "Critical",
"Public": "20240109"
},
{
"ID": "BDU:2024-00642",
"CVSS": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2024-00642",
"Impact": "Low",
"Public": "20240109"
}
],
"CVEs": [
{
"ID": "CVE-2023-36038",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-36038",
"Impact": "High",
"Public": "20231114"
},
{
"ID": "CVE-2023-36049",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-36049",
"Impact": "Critical",
"Public": "20231114"
},
{
"ID": "CVE-2023-36558",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-36558",
"Impact": "Low",
"Public": "20231114"
},
{
"ID": "CVE-2024-0056",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-0056",
"Impact": "High",
"Public": "20240109"
},
{
"ID": "CVE-2024-0057",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-0057",
"Impact": "Critical",
"Public": "20240109"
},
{
"ID": "CVE-2024-21319",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21319",
"Impact": "Low",
"Public": "20240109"
},
{
"ID": "CVE-2024-21386",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21386",
"Impact": "High",
"Public": "20240213"
},
{
"ID": "CVE-2024-21404",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21404",
"Impact": "High",
"Public": "20240213"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20242554001",
"Comment": "dotnet-8.0 is earlier than 0:8.0.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20242554002",
"Comment": "dotnet-apphost-pack-8.0 is earlier than 0:8.0.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20242554003",
"Comment": "dotnet-hostfxr-8.0 is earlier than 0:8.0.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20242554004",
"Comment": "dotnet-runtime-8.0 is earlier than 0:8.0.2-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink