vuln-list-alt/oval/c10f1/ALT-PU-2015-1410/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20151410",
      "Version": "oval:org.altlinux.errata:def:20151410",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2015-1410: package `curl` update to version 7.42.1-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c10f1"
            ],
            "Products": [
              "ALT SP Workstation",
              "ALT SP Server"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2015-1410",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2015-1410",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2015-3153",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-3153",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades curl to version 7.42.1-alt1. \nSecurity Fix(es):\n\n * CVE-2015-3153: The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2015-04-29"
          },
          "Updated": {
            "Date": "2015-04-29"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2015-3153",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
              "CWE": "CWE-200",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-3153",
              "Impact": "Low",
              "Public": "20150501"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:10",
              "cpe:/o:alt:spserver:10"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:4001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20151410001",
                "Comment": "curl is earlier than 0:7.42.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20151410002",
                "Comment": "libcurl is earlier than 0:7.42.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20151410003",
                "Comment": "libcurl-devel is earlier than 0:7.42.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20151410004",
                "Comment": "libcurl-devel-static is earlier than 0:7.42.1-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}