220 lines
9.9 KiB
JSON
220 lines
9.9 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20191207",
|
||
"Version": "oval:org.altlinux.errata:def:20191207",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2019-1207: package `389-ds-base` update to version 1.4.1.1-alt1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch p11"
|
||
],
|
||
"Products": [
|
||
"ALT Container"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2019-1207",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-1207",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2020-00801",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2020-00801",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2020-02768",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2020-02768",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2020-02902",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2020-02902",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2022-05559",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2022-05559",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2017-15135",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15135",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2018-1054",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1054",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2018-10850",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-10850",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2018-14648",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-14648",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2021-4091",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-4091",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades 389-ds-base to version 1.4.1.1-alt1. \nSecurity Fix(es):\n\n * BDU:2020-00801: Уязвимость сервера службы каталогов 389 Directory Server, вызванная чтением за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02768: Уязвимость сервера службы каталогов 389 Directory Server, вызванная ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02902: Уязвимость службы каталогов уровня предприятия 389 Directory Server, связанная с неправильной аутентификацией, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * BDU:2022-05559: Уязвимость реализации функции поиска сервера службы каталогов 389 Directory Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2017-15135: It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.\n\n * CVE-2018-1054: An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.\n\n * CVE-2018-10850: 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.\n\n * CVE-2018-14648: A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.\n\n * CVE-2021-4091: A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "High",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2019-02-11"
|
||
},
|
||
"Updated": {
|
||
"Date": "2019-02-11"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2020-00801",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-120, CWE-125",
|
||
"Href": "https://bdu.fstec.ru/vul/2020-00801",
|
||
"Impact": "High",
|
||
"Public": "20180307"
|
||
},
|
||
{
|
||
"ID": "BDU:2020-02768",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
|
||
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-362",
|
||
"Href": "https://bdu.fstec.ru/vul/2020-02768",
|
||
"Impact": "Low",
|
||
"Public": "20180925"
|
||
},
|
||
{
|
||
"ID": "BDU:2020-02902",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
|
||
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||
"CWE": "CWE-287",
|
||
"Href": "https://bdu.fstec.ru/vul/2020-02902",
|
||
"Impact": "Low",
|
||
"Public": "20180124"
|
||
},
|
||
{
|
||
"ID": "BDU:2022-05559",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-415, CWE-416",
|
||
"Href": "https://bdu.fstec.ru/vul/2022-05559",
|
||
"Impact": "High",
|
||
"Public": "20220218"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2017-15135",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15135",
|
||
"Impact": "High",
|
||
"Public": "20180124"
|
||
},
|
||
{
|
||
"ID": "CVE-2018-1054",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-125",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1054",
|
||
"Impact": "High",
|
||
"Public": "20180307"
|
||
},
|
||
{
|
||
"ID": "CVE-2018-10850",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-362",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-10850",
|
||
"Impact": "Low",
|
||
"Public": "20180613"
|
||
},
|
||
{
|
||
"ID": "CVE-2018-14648",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-400",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-14648",
|
||
"Impact": "High",
|
||
"Public": "20180928"
|
||
},
|
||
{
|
||
"ID": "CVE-2021-4091",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-415",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-4091",
|
||
"Impact": "High",
|
||
"Public": "20220218"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:container:11"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191207001",
|
||
"Comment": "389-ds is earlier than 0:1.4.1.1-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191207002",
|
||
"Comment": "389-ds-base is earlier than 0:1.4.1.1-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191207003",
|
||
"Comment": "389-ds-base-devel is earlier than 0:1.4.1.1-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191207004",
|
||
"Comment": "389-ds-base-legacy-tools is earlier than 0:1.4.1.1-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191207005",
|
||
"Comment": "389-ds-base-libs is earlier than 0:1.4.1.1-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191207006",
|
||
"Comment": "cockpit-389-ds is earlier than 0:1.4.1.1-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20191207007",
|
||
"Comment": "python3-module-lib389 is earlier than 0:1.4.1.1-alt1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |