165 lines
6.2 KiB
JSON
165 lines
6.2 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20249141",
|
|
"Version": "oval:org.altlinux.errata:def:20249141",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2024-9141: package `plasma5-workspace` update to version 5.27.11-alt7",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p10"
|
|
],
|
|
"Products": [
|
|
"ALT Server",
|
|
"ALT Virtualization Server",
|
|
"ALT Workstation",
|
|
"ALT Workstation K",
|
|
"ALT Education",
|
|
"Simply Linux",
|
|
"Starterkit"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2024-9141",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-9141",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2024-36041",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-36041",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades plasma5-workspace to version 5.27.11-alt7. \nSecurity Fix(es):\n\n * CVE-2024-36041: KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2024-07-04"
|
|
},
|
|
"Updated": {
|
|
"Date": "2024-07-04"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2024-36041",
|
|
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "NVD-CWE-noinfo",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-36041",
|
|
"Impact": "High",
|
|
"Public": "20240705"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:kworkstation:10",
|
|
"cpe:/o:alt:workstation:10",
|
|
"cpe:/o:alt:server:10",
|
|
"cpe:/o:alt:server-v:10",
|
|
"cpe:/o:alt:education:10",
|
|
"cpe:/o:alt:slinux:10",
|
|
"cpe:/o:alt:starterkit:p10",
|
|
"cpe:/o:alt:kworkstation:10.1",
|
|
"cpe:/o:alt:workstation:10.1",
|
|
"cpe:/o:alt:server:10.1",
|
|
"cpe:/o:alt:server-v:10.1",
|
|
"cpe:/o:alt:education:10.1",
|
|
"cpe:/o:alt:slinux:10.1",
|
|
"cpe:/o:alt:starterkit:10.1",
|
|
"cpe:/o:alt:kworkstation:10.2",
|
|
"cpe:/o:alt:workstation:10.2",
|
|
"cpe:/o:alt:server:10.2",
|
|
"cpe:/o:alt:server-v:10.2",
|
|
"cpe:/o:alt:education:10.2",
|
|
"cpe:/o:alt:slinux:10.2",
|
|
"cpe:/o:alt:starterkit:10.2"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:2001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20249141001",
|
|
"Comment": "libcolorcorrect5 is earlier than 1:5.27.11-alt7"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20249141002",
|
|
"Comment": "libkfontinst5 is earlier than 1:5.27.11-alt7"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20249141003",
|
|
"Comment": "libkfontinstui5 is earlier than 1:5.27.11-alt7"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20249141004",
|
|
"Comment": "libkrdb5 is earlier than 1:5.27.11-alt7"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20249141005",
|
|
"Comment": "libkworkspace55 is earlier than 1:5.27.11-alt7"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20249141006",
|
|
"Comment": "libnotificationmanager1 is earlier than 1:5.27.11-alt7"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20249141007",
|
|
"Comment": "libplasma-geolocation-interface5 is earlier than 1:5.27.11-alt7"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20249141008",
|
|
"Comment": "libtaskmanager6 is earlier than 1:5.27.11-alt7"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20249141009",
|
|
"Comment": "libweather_ion7 is earlier than 1:5.27.11-alt7"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20249141010",
|
|
"Comment": "plasma5-workspace is earlier than 1:5.27.11-alt7"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20249141011",
|
|
"Comment": "plasma5-workspace-common is earlier than 1:5.27.11-alt7"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20249141012",
|
|
"Comment": "plasma5-workspace-devel is earlier than 1:5.27.11-alt7"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20249141013",
|
|
"Comment": "plasma5-workspace-qml is earlier than 1:5.27.11-alt7"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20249141014",
|
|
"Comment": "polkit-kde-plasma-workspace is earlier than 1:5.27.11-alt7"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20249141015",
|
|
"Comment": "sddm-theme-breeze is earlier than 1:5.27.11-alt7"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |