vuln-list-alt/oval/c9f2/ALT-PU-2023-4760/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20234760",
      "Version": "oval:org.altlinux.errata:def:20234760",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2023-4760: package `librsvg` update to version 2.48.12-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c9f2"
            ],
            "Products": [
              "ALT SPWorkstation",
              "ALT SPServer"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2023-4760",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2023-4760",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2023-38633",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38633",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades librsvg to version 2.48.12-alt1. \nSecurity Fix(es):\n\n * CVE-2023-38633: A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=\".?../../../../../../../../../../etc/passwd\" in an xi:include element.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2023-08-07"
          },
          "Updated": {
            "Date": "2023-08-07"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2023-38633",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "CWE": "CWE-22",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38633",
              "Impact": "Low",
              "Public": "20230722"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:8.4",
              "cpe:/o:alt:spserver:8.4"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20234760001",
                "Comment": "librsvg is earlier than 1:2.48.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20234760002",
                "Comment": "librsvg-devel is earlier than 1:2.48.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20234760003",
                "Comment": "librsvg-devel-doc is earlier than 1:2.48.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20234760004",
                "Comment": "librsvg-gir is earlier than 1:2.48.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20234760005",
                "Comment": "librsvg-gir-devel is earlier than 1:2.48.12-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20234760006",
                "Comment": "librsvg-utils is earlier than 1:2.48.12-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}