116 lines
4.1 KiB
JSON
116 lines
4.1 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20161012",
|
|
"Version": "oval:org.altlinux.errata:def:20161012",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2016-1012: package `nss` update to version 3.20.2-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c9f2"
|
|
],
|
|
"Products": [
|
|
"ALT SPWorkstation",
|
|
"ALT SPServer"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2016-1012",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2016-1012",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2016-00136",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2016-00136",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2015-7575",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-7575",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades nss to version 3.20.2-alt1. \nSecurity Fix(es):\n\n * BDU:2016-00136: Уязвимость программных платформ Jrockit и Java Platform, позволяющая нарушителю получить доступ на чтение данных или модифицировать данные\n\n * CVE-2015-7575: Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Low",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2016-01-08"
|
|
},
|
|
"Updated": {
|
|
"Date": "2016-01-08"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2016-00136",
|
|
"CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
|
|
"CWE": "CWE-17",
|
|
"Href": "https://bdu.fstec.ru/vul/2016-00136",
|
|
"Impact": "Low",
|
|
"Public": "20160119"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2015-7575",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
|
"CWE": "CWE-19",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-7575",
|
|
"Impact": "Low",
|
|
"Public": "20160109"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:8.4",
|
|
"cpe:/o:alt:spserver:8.4"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20161012001",
|
|
"Comment": "libnss is earlier than 0:3.20.2-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20161012002",
|
|
"Comment": "libnss-devel is earlier than 0:3.20.2-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20161012003",
|
|
"Comment": "libnss-devel-static is earlier than 0:3.20.2-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20161012004",
|
|
"Comment": "libnss-sysinit is earlier than 0:3.20.2-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20161012005",
|
|
"Comment": "nss-utils is earlier than 0:3.20.2-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |