pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c9f2/ALT-PU-2019-1050/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

155 lines
6.2 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20191050",
"Version": "oval:org.altlinux.errata:def:20191050",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-1050: package `ruby` update to version 2.5.4-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-1050",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-1050",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-03218",
"RefURL": "https://bdu.fstec.ru/vul/2019-03218",
"Source": "BDU"
},
{
"RefID": "CVE-2018-16395",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16395",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16396",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16396",
"Source": "CVE"
}
],
"Description": "This update upgrades ruby to version 2.5.4-alt1. \nSecurity Fix(es):\n\n * BDU:2019-03218: Уязвимость компонента OpenSSL::X509::Name библиотеки OpenSSL интерпретатора языка программирования Ruby, позволяющая нарушителю осуществить подделку сертификата X509\n\n * CVE-2018-16395: An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.\n\n * CVE-2018-16396: An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-01-16"
},
"Updated": {
"Date": "2019-01-16"
},
"BDUs": [
{
"ID": "BDU:2019-03218",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-19",
"Href": "https://bdu.fstec.ru/vul/2019-03218",
"Impact": "Critical",
"Public": "20181017"
}
],
"CVEs": [
{
"ID": "CVE-2018-16395",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16395",
"Impact": "Critical",
"Public": "20181116"
},
{
"ID": "CVE-2018-16396",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16396",
"Impact": "High",
"Public": "20181116"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20191050001",
"Comment": "erb is earlier than 0:2.5.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191050002",
"Comment": "gem is earlier than 0:2.5.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191050003",
"Comment": "irb is earlier than 0:2.5.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191050004",
"Comment": "libruby is earlier than 0:2.5.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191050005",
"Comment": "libruby-devel is earlier than 0:2.5.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191050006",
"Comment": "libruby-devel-static is earlier than 0:2.5.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191050007",
"Comment": "ri-doc is earlier than 0:2.5.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191050008",
"Comment": "ruby is earlier than 0:2.5.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191050009",
"Comment": "ruby-doc-ri is earlier than 0:2.5.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191050010",
"Comment": "ruby-miniruby-src is earlier than 0:2.5.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191050011",
"Comment": "ruby-stdlibs is earlier than 0:2.5.4-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink