118 lines
4.4 KiB
JSON
118 lines
4.4 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20238061",
|
|
"Version": "oval:org.altlinux.errata:def:20238061",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2023-8061: package `glpi` update to version 10.0.11-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p11"
|
|
],
|
|
"Products": [
|
|
"ALT Container"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2023-8061",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-8061",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2023-43813",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-43813",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2023-46726",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-46726",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2023-46727",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-46727",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades glpi to version 10.0.11-alt1. \nSecurity Fix(es):\n\n * CVE-2023-43813: GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue.\n\n * CVE-2023-46726: GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue.\n\n * CVE-2023-46727: GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Critical",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2023-12-15"
|
|
},
|
|
"Updated": {
|
|
"Date": "2023-12-15"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2023-43813",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-43813",
|
|
"Impact": "High",
|
|
"Public": "20231213"
|
|
},
|
|
{
|
|
"ID": "CVE-2023-46726",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-46726",
|
|
"Impact": "Critical",
|
|
"Public": "20231213"
|
|
},
|
|
{
|
|
"ID": "CVE-2023-46727",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-46727",
|
|
"Impact": "Critical",
|
|
"Public": "20231213"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:container:11"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20238061001",
|
|
"Comment": "glpi is earlier than 0:10.0.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20238061002",
|
|
"Comment": "glpi-apache2 is earlier than 0:10.0.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20238061003",
|
|
"Comment": "glpi-php8.1 is earlier than 0:10.0.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20238061004",
|
|
"Comment": "glpi-php8.2 is earlier than 0:10.0.11-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |