vuln-list-alt/oval/p10/ALT-PU-2022-2020/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20222020",
      "Version": "oval:org.altlinux.errata:def:20222020",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2022-2020: package `bluez` update to version 5.64-alt2",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p10"
            ],
            "Products": [
              "ALT Server",
              "ALT Virtualization Server",
              "ALT Workstation",
              "ALT Workstation K",
              "ALT Education",
              "Simply Linux",
              "Starterkit"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2022-2020",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2022-2020",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2022-05666",
            "RefURL": "https://bdu.fstec.ru/vul/2022-05666",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2022-0204",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-0204",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades bluez to version 5.64-alt2. \nSecurity Fix(es):\n\n * BDU:2022-05666: Уязвимость реализации протокола GATT (Generic ATTribute Profile) стека протоколов Bluetooth для ОС Linux BlueZ, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * CVE-2022-0204: A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.\n\n * #42742: Не запускается dbus-org.bluez.obex.service",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2022-06-09"
          },
          "Updated": {
            "Date": "2022-06-09"
          },
          "BDUs": [
            {
              "ID": "BDU:2022-05666",
              "CVSS": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
              "CVSS3": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-119, CWE-787",
              "Href": "https://bdu.fstec.ru/vul/2022-05666",
              "Impact": "High",
              "Public": "20210608"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2022-0204",
              "CVSS": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-190",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-0204",
              "Impact": "High",
              "Public": "20220310"
            }
          ],
          "Bugzilla": [
            {
              "ID": "42742",
              "Href": "https://bugzilla.altlinux.org/42742",
              "Data": "Не запускается dbus-org.bluez.obex.service"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:kworkstation:10",
              "cpe:/o:alt:workstation:10",
              "cpe:/o:alt:server:10",
              "cpe:/o:alt:server-v:10",
              "cpe:/o:alt:education:10",
              "cpe:/o:alt:slinux:10",
              "cpe:/o:alt:starterkit:p10",
              "cpe:/o:alt:kworkstation:10.1",
              "cpe:/o:alt:workstation:10.1",
              "cpe:/o:alt:server:10.1",
              "cpe:/o:alt:server-v:10.1",
              "cpe:/o:alt:education:10.1",
              "cpe:/o:alt:slinux:10.1",
              "cpe:/o:alt:starterkit:10.1",
              "cpe:/o:alt:kworkstation:10.2",
              "cpe:/o:alt:workstation:10.2",
              "cpe:/o:alt:server:10.2",
              "cpe:/o:alt:server-v:10.2",
              "cpe:/o:alt:education:10.2",
              "cpe:/o:alt:slinux:10.2",
              "cpe:/o:alt:starterkit:10.2"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:2001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222020001",
                "Comment": "bluez is earlier than 0:5.64-alt2"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222020002",
                "Comment": "bluez-btpclient is earlier than 0:5.64-alt2"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222020003",
                "Comment": "bluez-cups is earlier than 0:5.64-alt2"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222020004",
                "Comment": "libbluez is earlier than 0:5.64-alt2"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222020005",
                "Comment": "libbluez-devel is earlier than 0:5.64-alt2"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222020006",
                "Comment": "zsh-completion-bluez is earlier than 0:5.64-alt2"
              }
            ]
          }
        ]
      }
    }
  ]
}