145 lines
5.2 KiB
JSON
145 lines
5.2 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20201109",
|
|
"Version": "oval:org.altlinux.errata:def:20201109",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2020-1109: package `nss` update to version 3.49.1-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p10"
|
|
],
|
|
"Products": [
|
|
"ALT Server",
|
|
"ALT Virtualization Server",
|
|
"ALT Workstation",
|
|
"ALT Workstation K",
|
|
"ALT Education",
|
|
"Simply Linux",
|
|
"Starterkit"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2020-1109",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-1109",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2020-01970",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2020-01970",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2019-17023",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-17023",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades nss to version 3.49.1-alt1. \nSecurity Fix(es):\n\n * BDU:2020-01970: Уязвимость расширения HelloRetryRequest браузера Firefox, позволяющая нарушителю оказать воздействие на целостность данных\n\n * CVE-2019-17023: After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Low",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2020-01-29"
|
|
},
|
|
"Updated": {
|
|
"Date": "2020-01-29"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2020-01970",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
|
|
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
|
|
"CWE": "CWE-287",
|
|
"Href": "https://bdu.fstec.ru/vul/2020-01970",
|
|
"Impact": "Low",
|
|
"Public": "20191203"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2019-17023",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
|
|
"CWE": "CWE-287",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-17023",
|
|
"Impact": "Low",
|
|
"Public": "20200108"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:kworkstation:10",
|
|
"cpe:/o:alt:workstation:10",
|
|
"cpe:/o:alt:server:10",
|
|
"cpe:/o:alt:server-v:10",
|
|
"cpe:/o:alt:education:10",
|
|
"cpe:/o:alt:slinux:10",
|
|
"cpe:/o:alt:starterkit:p10",
|
|
"cpe:/o:alt:kworkstation:10.1",
|
|
"cpe:/o:alt:workstation:10.1",
|
|
"cpe:/o:alt:server:10.1",
|
|
"cpe:/o:alt:server-v:10.1",
|
|
"cpe:/o:alt:education:10.1",
|
|
"cpe:/o:alt:slinux:10.1",
|
|
"cpe:/o:alt:starterkit:10.1",
|
|
"cpe:/o:alt:kworkstation:10.2",
|
|
"cpe:/o:alt:workstation:10.2",
|
|
"cpe:/o:alt:server:10.2",
|
|
"cpe:/o:alt:server-v:10.2",
|
|
"cpe:/o:alt:education:10.2",
|
|
"cpe:/o:alt:slinux:10.2",
|
|
"cpe:/o:alt:starterkit:10.2"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:2001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20201109001",
|
|
"Comment": "libnss is earlier than 0:3.49.1-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20201109002",
|
|
"Comment": "libnss-devel is earlier than 0:3.49.1-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20201109003",
|
|
"Comment": "libnss-devel-static is earlier than 0:3.49.1-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20201109004",
|
|
"Comment": "libnss-nssckbi-checkinstall is earlier than 0:3.49.1-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20201109005",
|
|
"Comment": "libnss-sysinit is earlier than 0:3.49.1-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20201109006",
|
|
"Comment": "nss-utils is earlier than 0:3.49.1-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |