123 lines
4.4 KiB
JSON
123 lines
4.4 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20191456",
|
|
"Version": "oval:org.altlinux.errata:def:20191456",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2019-1456: package `gdm` update to version 3.32.0-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p11"
|
|
],
|
|
"Products": [
|
|
"ALT Container"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2019-1456",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-1456",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2020-02203",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2020-02203",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2019-3825",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-3825",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades gdm to version 3.32.0-alt1. \nSecurity Fix(es):\n\n * BDU:2020-02203: Уязвимость графического интерфейса Gnome Display Manager операционной системы Fedora, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * CVE-2019-3825: A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Low",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2019-03-18"
|
|
},
|
|
"Updated": {
|
|
"Date": "2019-03-18"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2020-02203",
|
|
"CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-287",
|
|
"Href": "https://bdu.fstec.ru/vul/2020-02203",
|
|
"Impact": "Low",
|
|
"Public": "20190206"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2019-3825",
|
|
"CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-287",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3825",
|
|
"Impact": "Low",
|
|
"Public": "20190206"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:container:11"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191456001",
|
|
"Comment": "gdm is earlier than 0:3.32.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191456002",
|
|
"Comment": "gdm-data is earlier than 0:3.32.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191456003",
|
|
"Comment": "gdm-help is earlier than 0:3.32.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191456004",
|
|
"Comment": "gdm-libs is earlier than 0:3.32.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191456005",
|
|
"Comment": "gdm-libs-devel is earlier than 0:3.32.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191456006",
|
|
"Comment": "gdm-libs-gir is earlier than 0:3.32.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191456007",
|
|
"Comment": "gdm-libs-gir-devel is earlier than 0:3.32.0-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |