124 lines
4.5 KiB
JSON
124 lines
4.5 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20181315",
|
|
"Version": "oval:org.altlinux.errata:def:20181315",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2018-1315: package `mailman` update to version 2.1.26-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p11"
|
|
],
|
|
"Products": [
|
|
"ALT Container"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2018-1315",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-1315",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2016-02068",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2016-02068",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2016-6893",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-6893",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2018-5950",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5950",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades mailman to version 2.1.26-alt1. \nSecurity Fix(es):\n\n * BDU:2016-02068: Уязвимость системы управления почтовыми рассылками GNU Mailman, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей\n\n * CVE-2016-6893: Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.\n\n * CVE-2018-5950: Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2018-03-02"
|
|
},
|
|
"Updated": {
|
|
"Date": "2018-03-02"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2016-02068",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"CWE": "CWE-352",
|
|
"Href": "https://bdu.fstec.ru/vul/2016-02068",
|
|
"Impact": "Low",
|
|
"Public": "20160902"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2016-6893",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-352",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-6893",
|
|
"Impact": "High",
|
|
"Public": "20160902"
|
|
},
|
|
{
|
|
"ID": "CVE-2018-5950",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"CWE": "CWE-79",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5950",
|
|
"Impact": "Low",
|
|
"Public": "20180123"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:container:11"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20181315001",
|
|
"Comment": "mailman is earlier than 5:2.1.26-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20181315002",
|
|
"Comment": "mailman-apache2 is earlier than 5:2.1.26-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20181315003",
|
|
"Comment": "mailman-docs is earlier than 5:2.1.26-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20181315004",
|
|
"Comment": "mailman-nginx is earlier than 5:2.1.26-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |