pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2020-3560/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

189 lines
7.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20203560",
"Version": "oval:org.altlinux.errata:def:20203560",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-3560: package `openldap` update to version 2.4.56-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-3560",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-3560",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-01803",
"RefURL": "https://bdu.fstec.ru/vul/2021-01803",
"Source": "BDU"
},
{
"RefID": "BDU:2022-00230",
"RefURL": "https://bdu.fstec.ru/vul/2022-00230",
"Source": "BDU"
},
{
"RefID": "BDU:2022-00231",
"RefURL": "https://bdu.fstec.ru/vul/2022-00231",
"Source": "BDU"
},
{
"RefID": "CVE-2020-25692",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25692",
"Source": "CVE"
},
{
"RefID": "CVE-2020-25709",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25709",
"Source": "CVE"
},
{
"RefID": "CVE-2020-25710",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25710",
"Source": "CVE"
}
],
"Description": "This update upgrades openldap to version 2.4.56-alt1. \nSecurity Fix(es):\n\n * BDU:2021-01803: Уязвимость процесса slapd пакета OpenLDAP, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-00230: Уязвимость функции csnNormalize23() реализации протокола LDAP OpenLDAP, связанная с недостатком использования функции assert(), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-00231: Уязвимость сервера slapd реализации протокола LDAP OpenLDAP, связанная с недостатком использования функции assert(), позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2020-25692: A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.\n\n * CVE-2020-25709: A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAPs slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.\n\n * CVE-2020-25710: A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.\n\n * #18754: название rpm-пакета\n\n * #27895: Стриппается slapd для debuginfo",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-12-27"
},
"Updated": {
"Date": "2020-12-27"
},
"BDUs": [
{
"ID": "BDU:2021-01803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2021-01803",
"Impact": "High",
"Public": "20200712"
},
{
"ID": "BDU:2022-00230",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://bdu.fstec.ru/vul/2022-00230",
"Impact": "High",
"Public": "20201102"
},
{
"ID": "BDU:2022-00231",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://bdu.fstec.ru/vul/2022-00231",
"Impact": "High",
"Public": "20201102"
}
],
"CVEs": [
{
"ID": "CVE-2020-25692",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25692",
"Impact": "High",
"Public": "20201208"
},
{
"ID": "CVE-2020-25709",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25709",
"Impact": "High",
"Public": "20210518"
},
{
"ID": "CVE-2020-25710",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25710",
"Impact": "High",
"Public": "20210528"
}
],
"Bugzilla": [
{
"ID": "18754",
"Href": "https://bugzilla.altlinux.org/18754",
"Data": "название rpm-пакета"
},
{
"ID": "27895",
"Href": "https://bugzilla.altlinux.org/27895",
"Data": "Стриппается slapd для debuginfo"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20203560001",
"Comment": "libldap is earlier than 0:2.4.56-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203560002",
"Comment": "libldap-devel is earlier than 0:2.4.56-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203560003",
"Comment": "libldap-devel-static is earlier than 0:2.4.56-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203560004",
"Comment": "openldap-clients is earlier than 0:2.4.56-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203560005",
"Comment": "openldap-common is earlier than 0:2.4.56-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203560006",
"Comment": "openldap-doc is earlier than 0:2.4.56-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203560007",
"Comment": "openldap-servers is earlier than 0:2.4.56-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink