vuln-list-alt/oval/c9f2/ALT-PU-2018-2174/definitions.json
2024-06-28 13:17:52 +00:00

121 lines
4.5 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20182174",
"Version": "oval:org.altlinux.errata:def:20182174",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-2174: package `kubernetes` update to version 1.11.2-alt1.S1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-2174",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-2174",
"Source": "ALTPU"
},
{
"RefID": "BDU:2018-01617",
"RefURL": "https://bdu.fstec.ru/vul/2018-01617",
"Source": "BDU"
},
{
"RefID": "CVE-2018-1002101",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002101",
"Source": "CVE"
}
],
"Description": "This update upgrades kubernetes to version 1.11.2-alt1.S1. \nSecurity Fix(es):\n\n * BDU:2018-01617: Уязвимость программного средства управления кластерами виртуальных машин Kubernetes, связанная с непринятием мер по нейтрализации специальных элементов, используемых в командах, позволяющая нарушителю выполнить произвольные команды операционной системы\n\n * CVE-2018-1002101: In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-08-17"
},
"Updated": {
"Date": "2018-08-17"
},
"BDUs": [
{
"ID": "BDU:2018-01617",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-78",
"Href": "https://bdu.fstec.ru/vul/2018-01617",
"Impact": "High",
"Public": "20181205"
}
],
"CVEs": [
{
"ID": "CVE-2018-1002101",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002101",
"Impact": "Critical",
"Public": "20181205"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20182174001",
"Comment": "kubernetes-client is earlier than 0:1.11.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182174002",
"Comment": "kubernetes-common is earlier than 0:1.11.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182174003",
"Comment": "kubernetes-kubeadm is earlier than 0:1.11.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182174004",
"Comment": "kubernetes-kubelet is earlier than 0:1.11.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182174005",
"Comment": "kubernetes-master is earlier than 0:1.11.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182174006",
"Comment": "kubernetes-node is earlier than 0:1.11.2-alt1.S1"
}
]
}
]
}
}
]
}