vuln-list-alt/oval/c9f2/ALT-PU-2017-2653/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20172653",
      "Version": "oval:org.altlinux.errata:def:20172653",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2017-2653: package `novnc` update to version 0.6.2-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c9f2"
            ],
            "Products": [
              "ALT SPWorkstation",
              "ALT SPServer"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2017-2653",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2017-2653",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2017-18635",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18635",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades novnc to version 0.6.2-alt1. \nSecurity Fix(es):\n\n * CVE-2017-18635: An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2017-11-16"
          },
          "Updated": {
            "Date": "2017-11-16"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2017-18635",
              "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "CWE": "CWE-79",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-18635",
              "Impact": "Low",
              "Public": "20190925"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:8.4",
              "cpe:/o:alt:spserver:8.4"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20172653001",
                "Comment": "novnc is earlier than 0:0.6.2-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}