pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8b9ae8bcbb
vuln-list-alt/oval/c10f2/ALT-PU-2023-6244/definitions.json
pepelyaevip 9e8a5a2bb2 ALT Vulnerability
2024-02-14 09:47:22 +00:00

125 lines
4.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20236244",
"Version": "oval:org.altlinux.errata:def:20236244",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-6244: package `openldap` update to version 2.4.59-alt1.p10.2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-6244",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-6244",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-03203",
"RefURL": "https://bdu.fstec.ru/vul/2022-03203",
"Source": "BDU"
},
{
"RefID": "CVE-2022-29155",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-29155",
"Source": "CVE"
}
],
"Description": "This update upgrades openldap to version 2.4.59-alt1.p10.2. \nSecurity Fix(es):\n\n * BDU:2022-03203: Уязвимость реализации протокола OpenLDAP, связанная с непринятием мер по защите структуры SQL-запроса, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2022-29155: In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-10-16"
},
"Updated": {
"Date": "2023-10-16"
},
"bdu": [
{
"Cvss": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-89",
"Href": "https://bdu.fstec.ru/vul/2022-03203",
"Impact": "Critical",
"Public": "20220323",
"CveID": "BDU:2022-03203"
}
],
"Cves": [
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-89",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-29155",
"Impact": "Critical",
"Public": "20220504",
"CveID": "CVE-2022-29155"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20236244001",
"Comment": "libldap is earlier than 0:2.4.59-alt1.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20236244002",
"Comment": "libldap-devel is earlier than 0:2.4.59-alt1.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20236244003",
"Comment": "libldap-devel-static is earlier than 0:2.4.59-alt1.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20236244004",
"Comment": "openldap-clients is earlier than 0:2.4.59-alt1.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20236244005",
"Comment": "openldap-common is earlier than 0:2.4.59-alt1.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20236244006",
"Comment": "openldap-contrib is earlier than 0:2.4.59-alt1.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20236244007",
"Comment": "openldap-doc is earlier than 0:2.4.59-alt1.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20236244008",
"Comment": "openldap-servers is earlier than 0:2.4.59-alt1.p10.2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink