pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2020-3164/definitions.json
pepelyaevip 83c40c9d64 ALT Vulnerability
2024-07-06 03:04:52 +00:00

157 lines
5.9 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20203164",
"Version": "oval:org.altlinux.errata:def:20203164",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-3164: package `nbd` update to version 3.20-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-3164",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-3164",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-01947",
"RefURL": "https://bdu.fstec.ru/vul/2015-01947",
"Source": "BDU"
},
{
"RefID": "CVE-2013-6410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6410",
"Source": "CVE"
},
{
"RefID": "CVE-2013-7441",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-7441",
"Source": "CVE"
},
{
"RefID": "CVE-2015-0847",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-0847",
"Source": "CVE"
}
],
"Description": "This update upgrades nbd to version 3.20-alt1. \nSecurity Fix(es):\n\n * BDU:2015-01947: Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2013-6410: nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.\n\n * CVE-2013-7441: The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export.\n\n * CVE-2015-0847: nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-10-29"
},
"Updated": {
"Date": "2020-10-29"
},
"BDUs": [
{
"ID": "BDU:2015-01947",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2015-01947",
"Impact": "High",
"Public": "20131207"
}
],
"CVEs": [
{
"ID": "CVE-2013-6410",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6410",
"Impact": "High",
"Public": "20131207"
},
{
"ID": "CVE-2013-7441",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-7441",
"Impact": "High",
"Public": "20150529"
},
{
"ID": "CVE-2015-0847",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-17",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-0847",
"Impact": "High",
"Public": "20150529"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20203164001",
"Comment": "nbd-client is earlier than 0:3.20-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203164002",
"Comment": "nbd-doc is earlier than 0:3.20-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203164003",
"Comment": "nbd-server is earlier than 0:3.20-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink