vuln-list-alt/oval/p11/ALT-PU-2017-1217/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20171217",
      "Version": "oval:org.altlinux.errata:def:20171217",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2017-1217: package `cups` update to version 2.2.2-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2017-1217",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2017-1217",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2018-01423",
            "RefURL": "https://bdu.fstec.ru/vul/2018-01423",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2017-18190",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18190",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades cups to version 2.2.2-alt1. \nSecurity Fix(es):\n\n * BDU:2018-01423: Уязвимость сервера печати CUPS, связанная с возможностью выполнения произвольных IPP-команд, позволяющая пользователю нарушить целостность данных\n\n * CVE-2017-18190: A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2017-02-27"
          },
          "Updated": {
            "Date": "2017-02-27"
          },
          "BDUs": [
            {
              "ID": "BDU:2018-01423",
              "CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
              "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "CWE": "CWE-254",
              "Href": "https://bdu.fstec.ru/vul/2018-01423",
              "Impact": "High",
              "Public": "20180216"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2017-18190",
              "CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
              "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "CWE": "CWE-290",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-18190",
              "Impact": "High",
              "Public": "20180216"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171217001",
                "Comment": "cups is earlier than 0:2.2.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171217002",
                "Comment": "cups-ipptool is earlier than 0:2.2.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171217003",
                "Comment": "libcups is earlier than 0:2.2.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171217004",
                "Comment": "libcups-devel is earlier than 0:2.2.2-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}