vuln-list-alt/oval/p11/ALT-PU-2024-6328/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20246328",
      "Version": "oval:org.altlinux.errata:def:20246328",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2024-6328: package `qt5-networkauth` update to version 5.15.13-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2024-6328",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2024-6328",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2023-02373",
            "RefURL": "https://bdu.fstec.ru/vul/2023-02373",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2023-24607",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-24607",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades qt5-networkauth to version 5.15.13-alt1. \nSecurity Fix(es):\n\n * BDU:2023-02373: Уязвимость плагина SQL ODBC кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-24607: Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2024-04-12"
          },
          "Updated": {
            "Date": "2024-04-12"
          },
          "BDUs": [
            {
              "ID": "BDU:2023-02373",
              "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
              "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-20, CWE-404",
              "Href": "https://bdu.fstec.ru/vul/2023-02373",
              "Impact": "High",
              "Public": "20230415"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2023-24607",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "NVD-CWE-noinfo",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-24607",
              "Impact": "High",
              "Public": "20230415"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20246328001",
                "Comment": "libqt5-networkauth is earlier than 0:5.15.13-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20246328002",
                "Comment": "qt5-networkauth-common is earlier than 0:5.15.13-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20246328003",
                "Comment": "qt5-networkauth-devel is earlier than 0:5.15.13-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20246328004",
                "Comment": "qt5-networkauth-doc is earlier than 0:5.15.13-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}