vuln-list-alt/oval/c9f2/ALT-PU-2014-1473/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20141473",
      "Version": "oval:org.altlinux.errata:def:20141473",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2014-1473: package `stunnel4` update to version 5.01-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c9f2"
            ],
            "Products": [
              "ALT SPWorkstation",
              "ALT SPServer"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2014-1473",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2014-1473",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2015-09778",
            "RefURL": "https://bdu.fstec.ru/vul/2015-09778",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2014-0016",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0016",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades stunnel4 to version 5.01-alt1. \nSecurity Fix(es):\n\n * BDU:2015-09778: Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации\n\n * CVE-2014-0016: stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2014-04-13"
          },
          "Updated": {
            "Date": "2014-04-13"
          },
          "BDUs": [
            {
              "ID": "BDU:2015-09778",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
              "CWE": "CWE-332",
              "Href": "https://bdu.fstec.ru/vul/2015-09778",
              "Impact": "Low",
              "Public": "20140829"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2014-0016",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
              "CWE": "CWE-332",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0016",
              "Impact": "Low",
              "Public": "20140324"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:8.4",
              "cpe:/o:alt:spserver:8.4"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20141473001",
                "Comment": "stunnel4 is earlier than 0:5.01-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20141473002",
                "Comment": "stunnel4-inetd is earlier than 0:5.01-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20141473003",
                "Comment": "stunnel4-standalone is earlier than 0:5.01-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}