vuln-list-alt/oval/p9/ALT-PU-2017-1285/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20171285",
      "Version": "oval:org.altlinux.errata:def:20171285",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2017-1285: package `nss` update to version 3.30.0-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p9"
            ],
            "Products": [
              "ALT Server",
              "ALT Virtualization Server",
              "ALT Workstation",
              "ALT Workstation K",
              "ALT Education",
              "Simply Linux",
              "Starterkit"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2017-1285",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2017-1285",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2021-00048",
            "RefURL": "https://bdu.fstec.ru/vul/2021-00048",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2016-9574",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9574",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2017-5462",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5462",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades nss to version 3.30.0-alt1. \nSecurity Fix(es):\n\n * BDU:2021-00048: Уязвимость службы сетевой безопасности NSS браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю оказать влияние на целостность данных\n\n * CVE-2016-9574: nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.\n\n * CVE-2017-5462: A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2017-03-15"
          },
          "Updated": {
            "Date": "2017-03-15"
          },
          "BDUs": [
            {
              "ID": "BDU:2021-00048",
              "CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
              "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
              "CWE": "CWE-682",
              "Href": "https://bdu.fstec.ru/vul/2021-00048",
              "Impact": "Low",
              "Public": "20170307"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2016-9574",
              "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
              "CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-384",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9574",
              "Impact": "Low",
              "Public": "20180719"
            },
            {
              "ID": "CVE-2017-5462",
              "CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
              "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
              "CWE": "CWE-682",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5462",
              "Impact": "Low",
              "Public": "20180611"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:kworkstation:9",
              "cpe:/o:alt:workstation:9",
              "cpe:/o:alt:server:9",
              "cpe:/o:alt:server-v:9",
              "cpe:/o:alt:education:9",
              "cpe:/o:alt:slinux:9",
              "cpe:/o:alt:starterkit:p9",
              "cpe:/o:alt:kworkstation:9.1",
              "cpe:/o:alt:workstation:9.1",
              "cpe:/o:alt:server:9.1",
              "cpe:/o:alt:server-v:9.1",
              "cpe:/o:alt:education:9.1",
              "cpe:/o:alt:slinux:9.1",
              "cpe:/o:alt:starterkit:9.1",
              "cpe:/o:alt:kworkstation:9.2",
              "cpe:/o:alt:workstation:9.2",
              "cpe:/o:alt:server:9.2",
              "cpe:/o:alt:server-v:9.2",
              "cpe:/o:alt:education:9.2",
              "cpe:/o:alt:slinux:9.2",
              "cpe:/o:alt:starterkit:9.2"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:1001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171285001",
                "Comment": "libnss is earlier than 0:3.30.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171285002",
                "Comment": "libnss-devel is earlier than 0:3.30.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171285003",
                "Comment": "libnss-devel-static is earlier than 0:3.30.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171285004",
                "Comment": "libnss-sysinit is earlier than 0:3.30.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171285005",
                "Comment": "nss-utils is earlier than 0:3.30.0-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}