vuln-list-alt/oval/p11/ALT-PU-2019-1393/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20191393",
      "Version": "oval:org.altlinux.errata:def:20191393",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2019-1393: package `gvfs` update to version 1.38.2-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2019-1393",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2019-1393",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2020-03304",
            "RefURL": "https://bdu.fstec.ru/vul/2020-03304",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2019-3827",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-3827",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades gvfs to version 1.38.2-alt1. \nSecurity Fix(es):\n\n * BDU:2020-03304: Уязвимость подсистемы GVFS среды рабочего стола GNOME, связанная с недостатками разграничения доступа, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * CVE-2019-3827: An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2019-03-11"
          },
          "Updated": {
            "Date": "2019-03-11"
          },
          "BDUs": [
            {
              "ID": "BDU:2020-03304",
              "CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:N",
              "CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
              "CWE": "CWE-275, CWE-863",
              "Href": "https://bdu.fstec.ru/vul/2020-03304",
              "Impact": "Low",
              "Public": "20190111"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2019-3827",
              "CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
              "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-863",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3827",
              "Impact": "High",
              "Public": "20190325"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191393001",
                "Comment": "fuse-gvfs is earlier than 0:1.38.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191393002",
                "Comment": "gvfs is earlier than 0:1.38.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191393003",
                "Comment": "gvfs-backend-admin is earlier than 0:1.38.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191393004",
                "Comment": "gvfs-backend-afc is earlier than 0:1.38.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191393005",
                "Comment": "gvfs-backend-afp is earlier than 0:1.38.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191393006",
                "Comment": "gvfs-backend-cdda is earlier than 0:1.38.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191393007",
                "Comment": "gvfs-backend-dnssd is earlier than 0:1.38.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191393008",
                "Comment": "gvfs-backend-goa is earlier than 0:1.38.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191393009",
                "Comment": "gvfs-backend-google is earlier than 0:1.38.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191393010",
                "Comment": "gvfs-backend-mtp is earlier than 0:1.38.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191393011",
                "Comment": "gvfs-backend-nfs is earlier than 0:1.38.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191393012",
                "Comment": "gvfs-backend-recent-files is earlier than 0:1.38.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191393013",
                "Comment": "gvfs-backend-smb is earlier than 0:1.38.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191393014",
                "Comment": "gvfs-backends is earlier than 0:1.38.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191393015",
                "Comment": "gvfs-devel is earlier than 0:1.38.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20191393016",
                "Comment": "gvfs-tests is earlier than 0:1.38.2-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}