2024-05-08 15:02:14 +00:00

145 lines
5.4 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20247305",
"Version": "oval:org.altlinux.errata:def:20247305",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-7305: package `glpi` update to version 10.0.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-7305",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-7305",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-03309",
"RefURL": "https://bdu.fstec.ru/vul/2024-03309",
"Source": "BDU"
},
{
"RefID": "CVE-2024-29889",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-29889",
"Source": "CVE"
},
{
"RefID": "CVE-2024-31456",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-31456",
"Source": "CVE"
}
],
"Description": "This update upgrades glpi to version 10.0.15-alt1. \nSecurity Fix(es):\n\n * BDU:2024-03309: Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю выполнять произвольные SQL-запросы\n\n * CVE-2024-29889: GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15.\n\n * CVE-2024-31456: GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-05-02"
},
"Updated": {
"Date": "2024-05-02"
},
"BDUs": [
{
"ID": "BDU:2024-03309",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-89",
"Href": "https://bdu.fstec.ru/vul/2024-03309",
"Impact": "Critical",
"Public": "20240424"
}
],
"CVEs": [
{
"ID": "CVE-2024-29889",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-29889",
"Impact": "None",
"Public": "20240507"
},
{
"ID": "CVE-2024-31456",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-31456",
"Impact": "None",
"Public": "20240507"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20247305001",
"Comment": "glpi is earlier than 0:10.0.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20247305002",
"Comment": "glpi-apache2 is earlier than 0:10.0.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20247305003",
"Comment": "glpi-php8.1 is earlier than 0:10.0.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20247305004",
"Comment": "glpi-php8.2 is earlier than 0:10.0.15-alt1"
}
]
}
]
}
}
]
}