vuln-list-alt/oval/c9f2/ALT-PU-2018-2296/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20182296",
      "Version": "oval:org.altlinux.errata:def:20182296",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2018-2296: package `nss` update to version 3.39.0-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c9f2"
            ],
            "Products": [
              "ALT SPWorkstation",
              "ALT SPServer"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2018-2296",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2018-2296",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2018-01562",
            "RefURL": "https://bdu.fstec.ru/vul/2018-01562",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2019-01764",
            "RefURL": "https://bdu.fstec.ru/vul/2019-01764",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2019-04362",
            "RefURL": "https://bdu.fstec.ru/vul/2019-04362",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2018-12384",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-12384",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades nss to version 3.39.0-alt1. \nSecurity Fix(es):\n\n * BDU:2018-01562: Уязвимость набора библиотек Network Security Services, связанная с ошибками при установлении соединения, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации\n\n * BDU:2019-01764: Уязвимость реализации протокола SSLv2 набора библиотек Network Security Services, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2019-04362: Уязвимость набора библиотек NSS (Network Security Services), связанная с ошибками генерации значений при обработке запроса ClientHello, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * CVE-2018-12384: When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2018-09-10"
          },
          "Updated": {
            "Date": "2018-09-10"
          },
          "BDUs": [
            {
              "ID": "BDU:2018-01562",
              "CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
              "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "CWE": "CWE-300",
              "Href": "https://bdu.fstec.ru/vul/2018-01562",
              "Impact": "Low",
              "Public": "20180814"
            },
            {
              "ID": "BDU:2019-01764",
              "CVSS": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
              "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "CWE": "CWE-200",
              "Href": "https://bdu.fstec.ru/vul/2019-01764",
              "Impact": "Low",
              "Public": "20180814"
            },
            {
              "ID": "BDU:2019-04362",
              "CVSS": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
              "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "CWE": "CWE-254",
              "Href": "https://bdu.fstec.ru/vul/2019-04362",
              "Impact": "Low",
              "Public": "20190709"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2018-12384",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
              "CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "CWE": "CWE-335",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-12384",
              "Impact": "Low",
              "Public": "20190429"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:8.4",
              "cpe:/o:alt:spserver:8.4"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182296001",
                "Comment": "libnss is earlier than 0:3.39.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182296002",
                "Comment": "libnss-devel is earlier than 0:3.39.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182296003",
                "Comment": "libnss-devel-static is earlier than 0:3.39.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182296004",
                "Comment": "libnss-nssckbi-checkinstall is earlier than 0:3.39.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182296005",
                "Comment": "libnss-sysinit is earlier than 0:3.39.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20182296006",
                "Comment": "nss-utils is earlier than 0:3.39.0-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}