pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2014-1263/definitions.json
pepelyaevip 83c40c9d64 ALT Vulnerability
2024-07-06 03:04:52 +00:00

239 lines
11 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20141263",
"Version": "oval:org.altlinux.errata:def:20141263",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2014-1263: package `gnutls26` update to version 2.12.23-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2014-1263",
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-1263",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-01328",
"RefURL": "https://bdu.fstec.ru/vul/2015-01328",
"Source": "BDU"
},
{
"RefID": "BDU:2015-07241",
"RefURL": "https://bdu.fstec.ru/vul/2015-07241",
"Source": "BDU"
},
{
"RefID": "BDU:2015-07246",
"RefURL": "https://bdu.fstec.ru/vul/2015-07246",
"Source": "BDU"
},
{
"RefID": "BDU:2015-07249",
"RefURL": "https://bdu.fstec.ru/vul/2015-07249",
"Source": "BDU"
},
{
"RefID": "BDU:2015-07253",
"RefURL": "https://bdu.fstec.ru/vul/2015-07253",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09730",
"RefURL": "https://bdu.fstec.ru/vul/2015-09730",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09761",
"RefURL": "https://bdu.fstec.ru/vul/2015-09761",
"Source": "BDU"
},
{
"RefID": "CVE-2013-2116",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2116",
"Source": "CVE"
},
{
"RefID": "CVE-2014-0092",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0092",
"Source": "CVE"
},
{
"RefID": "CVE-2014-1959",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-1959",
"Source": "CVE"
}
],
"Description": "This update upgrades gnutls26 to version 2.12.23-alt2. \nSecurity Fix(es):\n\n * BDU:2015-01328: Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-07241: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-07246: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-07249: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-07253: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09730: Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-09761: Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2013-2116: The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.\n\n * CVE-2014-0092: lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.\n\n * CVE-2014-1959: lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2014-03-06"
},
"Updated": {
"Date": "2014-03-06"
},
"BDUs": [
{
"ID": "BDU:2015-01328",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2015-01328",
"Impact": "Low",
"Public": "20130703"
},
{
"ID": "BDU:2015-07241",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-310",
"Href": "https://bdu.fstec.ru/vul/2015-07241",
"Impact": "Critical",
"Public": "20140312"
},
{
"ID": "BDU:2015-07246",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-310",
"Href": "https://bdu.fstec.ru/vul/2015-07246",
"Impact": "Low",
"Public": "20140312"
},
{
"ID": "BDU:2015-07249",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-310",
"Href": "https://bdu.fstec.ru/vul/2015-07249",
"Impact": "Critical",
"Public": "20140312"
},
{
"ID": "BDU:2015-07253",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-310",
"Href": "https://bdu.fstec.ru/vul/2015-07253",
"Impact": "Critical",
"Public": "20140312"
},
{
"ID": "BDU:2015-09730",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-310",
"Href": "https://bdu.fstec.ru/vul/2015-09730",
"Impact": "Low",
"Public": "20131028"
},
{
"ID": "BDU:2015-09761",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-310",
"Href": "https://bdu.fstec.ru/vul/2015-09761",
"Impact": "Low",
"Public": "20140613"
}
],
"CVEs": [
{
"ID": "CVE-2013-2116",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2116",
"Impact": "Low",
"Public": "20130703"
},
{
"ID": "CVE-2014-0092",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"CWE": "CWE-310",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0092",
"Impact": "Low",
"Public": "20140307"
},
{
"ID": "CVE-2014-1959",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-1959",
"Impact": "Low",
"Public": "20140307"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20141263001",
"Comment": "gnutls26-devel-doc is earlier than 0:2.12.23-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141263002",
"Comment": "gnutls26-utils is earlier than 0:2.12.23-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141263003",
"Comment": "libgnutls-devel is earlier than 0:2.12.23-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141263004",
"Comment": "libgnutls-extra-devel is earlier than 0:2.12.23-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141263005",
"Comment": "libgnutls-openssl-devel is earlier than 0:2.12.23-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141263006",
"Comment": "libgnutls26 is earlier than 0:2.12.23-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141263007",
"Comment": "libgnutls26-extra is earlier than 0:2.12.23-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141263008",
"Comment": "libgnutls27-openssl is earlier than 0:2.12.23-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141263009",
"Comment": "libgnutlsxx-devel is earlier than 0:2.12.23-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141263010",
"Comment": "libgnutlsxx27 is earlier than 0:2.12.23-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink