pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2021-1643/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

188 lines
8.0 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20211643",
"Version": "oval:org.altlinux.errata:def:20211643",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-1643: package `freeswitch` update to version 1.10.6-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-1643",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1643",
"Source": "ALTPU"
},
{
"RefID": "CVE-2021-36513",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-36513",
"Source": "CVE"
},
{
"RefID": "CVE-2021-41157",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-41157",
"Source": "CVE"
}
],
"Description": "This update upgrades freeswitch to version 1.10.6-alt1. \nSecurity Fix(es):\n\n * CVE-2021-36513: An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value.\n\n * CVE-2021-41157: FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-04-13"
},
"Updated": {
"Date": "2021-04-13"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2021-36513",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-909",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-36513",
"Impact": "High",
"Public": "20211018"
},
{
"ID": "CVE-2021-41157",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-306",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-41157",
"Impact": "Low",
"Public": "20211026"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20211643001",
"Comment": "freeswitch-av is earlier than 1:1.10.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211643002",
"Comment": "freeswitch-daemon is earlier than 1:1.10.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211643003",
"Comment": "freeswitch-imagick is earlier than 1:1.10.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211643004",
"Comment": "freeswitch-java is earlier than 1:1.10.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211643005",
"Comment": "freeswitch-lang-de is earlier than 1:1.10.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211643006",
"Comment": "freeswitch-lang-en is earlier than 1:1.10.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211643007",
"Comment": "freeswitch-lang-es is earlier than 1:1.10.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211643008",
"Comment": "freeswitch-lang-fr is earlier than 1:1.10.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211643009",
"Comment": "freeswitch-lang-he is earlier than 1:1.10.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211643010",
"Comment": "freeswitch-lang-pt is earlier than 1:1.10.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211643011",
"Comment": "freeswitch-lang-ru is earlier than 1:1.10.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211643012",
"Comment": "freeswitch-lua is earlier than 1:1.10.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211643013",
"Comment": "freeswitch-perl is earlier than 1:1.10.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211643014",
"Comment": "freeswitch-vlc is earlier than 1:1.10.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211643015",
"Comment": "freeswitch-webui is earlier than 1:1.10.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211643016",
"Comment": "libfreeswitch is earlier than 1:1.10.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211643017",
"Comment": "libfreeswitch-devel is earlier than 1:1.10.6-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink