vuln-list-alt/oval/p9/ALT-PU-2017-1701/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20171701",
      "Version": "oval:org.altlinux.errata:def:20171701",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2017-1701: package `roundcube` update to version 1.2.5-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p9"
            ],
            "Products": [
              "ALT Server",
              "ALT Virtualization Server",
              "ALT Workstation",
              "ALT Workstation K",
              "ALT Education",
              "Simply Linux",
              "Starterkit"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2017-1701",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2017-1701",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2017-8114",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8114",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades roundcube to version 1.2.5-alt1. \nSecurity Fix(es):\n\n * CVE-2017-8114: Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2017-06-08"
          },
          "Updated": {
            "Date": "2017-06-08"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2017-8114",
              "CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-269",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-8114",
              "Impact": "High",
              "Public": "20170429"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:kworkstation:9",
              "cpe:/o:alt:workstation:9",
              "cpe:/o:alt:server:9",
              "cpe:/o:alt:server-v:9",
              "cpe:/o:alt:education:9",
              "cpe:/o:alt:slinux:9",
              "cpe:/o:alt:starterkit:p9"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:1001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171701001",
                "Comment": "roundcube is earlier than 0:1.2.5-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171701002",
                "Comment": "roundcube-apache2 is earlier than 0:1.2.5-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}