108 lines
3.8 KiB
JSON
108 lines
3.8 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20162464",
|
|
"Version": "oval:org.altlinux.errata:def:20162464",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2016-2464: package `squid` update to version 3.5.23-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c9f2"
|
|
],
|
|
"Products": [
|
|
"ALT SPWorkstation",
|
|
"ALT SPServer"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2016-2464",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2016-2464",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2016-10002",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10002",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2016-10003",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10003",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades squid to version 3.5.23-alt1. \nSecurity Fix(es):\n\n * CVE-2016-10002: Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.\n\n * CVE-2016-10003: Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2016-12-19"
|
|
},
|
|
"Updated": {
|
|
"Date": "2016-12-19"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2016-10002",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
|
"CWE": "CWE-200",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10002",
|
|
"Impact": "High",
|
|
"Public": "20170127"
|
|
},
|
|
{
|
|
"ID": "CVE-2016-10003",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
|
"CWE": "CWE-697",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10003",
|
|
"Impact": "High",
|
|
"Public": "20170127"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:8.4",
|
|
"cpe:/o:alt:spserver:8.4"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20162464001",
|
|
"Comment": "squid is earlier than 0:3.5.23-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20162464002",
|
|
"Comment": "squid-doc is earlier than 0:3.5.23-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20162464003",
|
|
"Comment": "squid-helpers is earlier than 0:3.5.23-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |