2024-06-28 13:17:52 +00:00

197 lines
7.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20182402",
"Version": "oval:org.altlinux.errata:def:20182402",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-2402: package `mediawiki` update to version 1.31.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-2402",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-2402",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-04922",
"RefURL": "https://bdu.fstec.ru/vul/2020-04922",
"Source": "BDU"
},
{
"RefID": "BDU:2020-04924",
"RefURL": "https://bdu.fstec.ru/vul/2020-04924",
"Source": "BDU"
},
{
"RefID": "CVE-2018-0503",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-0503",
"Source": "CVE"
},
{
"RefID": "CVE-2018-0504",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-0504",
"Source": "CVE"
},
{
"RefID": "CVE-2018-0505",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-0505",
"Source": "CVE"
},
{
"RefID": "CVE-2018-1325",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1325",
"Source": "CVE"
}
],
"Description": "This update upgrades mediawiki to version 1.31.1-alt1. \nSecurity Fix(es):\n\n * BDU:2020-04922: Уязвимость программного средства для реализации гипертекстовой среды MediaWiki, связанная с недостатками процедуры аутентификации, позволяющая нарушителю обойти блокировку учетной записи CentralAuth\n\n * BDU:2020-04924: Уязвимость программного средства для реализации гипертекстовой среды MediaWiki, связанная с небезопасным управлением привилегиями, позволяющая нарушителю оказать воздействие на целостность защищаемой информации\n\n * CVE-2018-0503: Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.\n\n * CVE-2018-0504: Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid\n\n * CVE-2018-0505: Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock\n\n * CVE-2018-1325: In Apache wicket-jquery-ui \u003c= 6.29.0, \u003c= 7.10.1, \u003c= 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-09-29"
},
"Updated": {
"Date": "2018-09-29"
},
"BDUs": [
{
"ID": "BDU:2020-04922",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-287",
"Href": "https://bdu.fstec.ru/vul/2020-04922",
"Impact": "Low",
"Public": "20180924"
},
{
"ID": "BDU:2020-04924",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-269",
"Href": "https://bdu.fstec.ru/vul/2020-04924",
"Impact": "Low",
"Public": "20180921"
}
],
"CVEs": [
{
"ID": "CVE-2018-0503",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-269",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-0503",
"Impact": "Low",
"Public": "20181004"
},
{
"ID": "CVE-2018-0504",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-532",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-0504",
"Impact": "Low",
"Public": "20181004"
},
{
"ID": "CVE-2018-0505",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-287",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-0505",
"Impact": "Low",
"Public": "20181004"
},
{
"ID": "CVE-2018-1325",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1325",
"Impact": "Low",
"Public": "20180418"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20182402001",
"Comment": "mediawiki is earlier than 0:1.31.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182402002",
"Comment": "mediawiki-apache2 is earlier than 0:1.31.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182402003",
"Comment": "mediawiki-common is earlier than 0:1.31.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182402004",
"Comment": "mediawiki-mysql is earlier than 0:1.31.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182402005",
"Comment": "mediawiki-postgresql is earlier than 0:1.31.1-alt1"
}
]
}
]
}
}
]
}