pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2014-1451/definitions.json
pepelyaevip 83c40c9d64 ALT Vulnerability
2024-07-06 03:04:52 +00:00

211 lines
8.4 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20141451",
"Version": "oval:org.altlinux.errata:def:20141451",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2014-1451: package `openssl10` update to version 1.0.1g-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2014-1451",
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-1451",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-00130",
"RefURL": "https://bdu.fstec.ru/vul/2015-00130",
"Source": "BDU"
},
{
"RefID": "BDU:2015-00131",
"RefURL": "https://bdu.fstec.ru/vul/2015-00131",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09760",
"RefURL": "https://bdu.fstec.ru/vul/2015-09760",
"Source": "BDU"
},
{
"RefID": "CVE-2014-0076",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0076",
"Source": "CVE"
},
{
"RefID": "CVE-2014-0160",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0160",
"Source": "CVE"
}
],
"Description": "This update upgrades openssl10 to version 1.0.1g-alt1. \nSecurity Fix(es):\n\n * BDU:2015-00130: Уязвимость программного обеспечения Cisco IPS, позволяющая злоумышленнику получить одноразовый код (nonce) ECDSA\n\n * BDU:2015-00131: Уязвимость программного обеспечения Cisco Unified Communications Manager, позволяющая злоумышленнику получить одноразовый код (nonce) ECDSA\n\n * BDU:2015-09760: Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации\n\n * CVE-2014-0076: The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.\n\n * CVE-2014-0160: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2014-04-08"
},
"Updated": {
"Date": "2014-04-08"
},
"BDUs": [
{
"ID": "BDU:2015-00130",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CWE": "CWE-310",
"Href": "https://bdu.fstec.ru/vul/2015-00130",
"Impact": "Low",
"Public": "20140325"
},
{
"ID": "BDU:2015-00131",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CWE": "CWE-310",
"Href": "https://bdu.fstec.ru/vul/2015-00131",
"Impact": "Low",
"Public": "20140325"
},
{
"ID": "BDU:2015-09760",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CWE": "CWE-310",
"Href": "https://bdu.fstec.ru/vul/2015-09760",
"Impact": "Low",
"Public": "20140408"
}
],
"CVEs": [
{
"ID": "CVE-2014-0076",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CWE": "CWE-310",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0076",
"Impact": "Low",
"Public": "20140325"
},
{
"ID": "CVE-2014-0160",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0160",
"Impact": "High",
"Public": "20140407"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20141451001",
"Comment": "i586-libcrypto10 is earlier than 0:1.0.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141451002",
"Comment": "i586-libssl-devel is earlier than 0:1.0.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141451003",
"Comment": "i586-libssl-devel-static is earlier than 0:1.0.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141451004",
"Comment": "i586-libssl10 is earlier than 0:1.0.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141451005",
"Comment": "i586-openssl-engines is earlier than 0:1.0.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141451006",
"Comment": "libcrypto10 is earlier than 0:1.0.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141451007",
"Comment": "libssl-devel is earlier than 0:1.0.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141451008",
"Comment": "libssl-devel-static is earlier than 0:1.0.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141451009",
"Comment": "libssl10 is earlier than 0:1.0.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141451010",
"Comment": "openssl is earlier than 0:1.0.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141451011",
"Comment": "openssl-doc is earlier than 0:1.0.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141451012",
"Comment": "openssl-engines is earlier than 0:1.0.1g-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141451013",
"Comment": "tsget is earlier than 0:1.0.1g-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink