2024-02-14 09:47:22 +00:00

157 lines
6.1 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20211960",
"Version": "oval:org.altlinux.errata:def:20211960",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-1960: package `gnutls30` update to version 3.6.16-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-1960",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1960",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-02748",
"RefURL": "https://bdu.fstec.ru/vul/2021-02748",
"Source": "BDU"
},
{
"RefID": "CVE-2021-20305",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20305",
"Source": "CVE"
}
],
"Description": "This update upgrades gnutls30 to version 3.6.16-alt1. \nSecurity Fix(es):\n\n * BDU:2021-02748: Уязвимость функций проверки подписи (ГОСТ DSA, EDDSA и ECDSA) библиотеки Nettle, связанная с недостатками используемых криптографических алгоритмов, позволяющая нарушителю, не прошедшему проверку подлинности, выполнить произвольный код\n\n * CVE-2021-20305: A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA \u0026 ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-06-09"
},
"Updated": {
"Date": "2021-06-09"
},
"bdu": [
{
"Cvss": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"Cvss3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-327",
"Href": "https://bdu.fstec.ru/vul/2021-02748",
"Impact": "High",
"Public": "20210418",
"CveID": "BDU:2021-02748"
}
],
"Cves": [
{
"Cvss": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20305",
"Impact": "High",
"Public": "20210405",
"CveID": "CVE-2021-20305"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20211960001",
"Comment": "gnutls-utils is earlier than 0:3.6.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211960002",
"Comment": "gnutls30-devel-doc is earlier than 0:3.6.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211960003",
"Comment": "libgnutls-devel is earlier than 0:3.6.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211960004",
"Comment": "libgnutls-guile is earlier than 0:3.6.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211960005",
"Comment": "libgnutls-openssl-devel is earlier than 0:3.6.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211960006",
"Comment": "libgnutls27-openssl is earlier than 0:3.6.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211960007",
"Comment": "libgnutls30 is earlier than 0:3.6.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211960008",
"Comment": "libgnutlsxx-devel is earlier than 0:3.6.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211960009",
"Comment": "libgnutlsxx28 is earlier than 0:3.6.16-alt1"
}
]
}
]
}
}
]
}