pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
60a043f16d
vuln-list-alt/oval/c9f2/ALT-PU-2023-1136/definitions.json
pepelyaevip 9e8a5a2bb2 ALT Vulnerability
2024-02-14 09:47:22 +00:00

122 lines
4.8 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20231136",
"Version": "oval:org.altlinux.errata:def:20231136",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-1136: package `nss` update to version 3.86-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-1136",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-1136",
"Source": "ALTPU"
},
{
"RefID": "CVE-2021-43527",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-43527",
"Source": "CVE"
},
{
"RefID": "CVE-2022-3479",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-3479",
"Source": "CVE"
}
],
"Description": "This update upgrades nss to version 3.86-alt1. \nSecurity Fix(es):\n\n * CVE-2021-43527: NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \\#7, or PKCS \\#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS \u003c 3.73 and NSS \u003c 3.68.1.\n\n * CVE-2022-3479: A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.\n\n * #41317: nss-utils и conflict конфликтуют по файлу /usr/bin/conflict",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-01-26"
},
"Updated": {
"Date": "2023-01-26"
},
"bdu": null,
"Cves": [
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-43527",
"Impact": "Critical",
"Public": "20211208",
"CveID": "CVE-2021-43527"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-3479",
"Impact": "High",
"Public": "20221014",
"CveID": "CVE-2022-3479"
}
],
"Bugzilla": [
{
"Id": "41317",
"Href": "https://bugzilla.altlinux.org/41317",
"Data": "nss-utils и conflict конфликтуют по файлу /usr/bin/conflict"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20231136001",
"Comment": "libnss is earlier than 0:3.86-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231136002",
"Comment": "libnss-devel is earlier than 0:3.86-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231136003",
"Comment": "libnss-devel-static is earlier than 0:3.86-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231136004",
"Comment": "libnss-nssckbi-checkinstall is earlier than 0:3.86-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231136005",
"Comment": "nss-utils is earlier than 0:3.86-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink