217 lines
9.0 KiB
JSON
217 lines
9.0 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20221811",
|
|
"Version": "oval:org.altlinux.errata:def:20221811",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2022-1811: package `systemd` update to version 249.11-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c10f1"
|
|
],
|
|
"Products": [
|
|
"ALT SP Workstation",
|
|
"ALT SP Server"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2022-1811",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-1811",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2022-00488",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2022-00488",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2021-4034",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades systemd to version 249.11-alt1. \nSecurity Fix(es):\n\n * BDU:2022-00488: Уязвимость библиотеки Polkit и инструмента песочницы Bubblewrap, вызванная переполнением буфера на стеке, позволяющая нарушителю повысить свои привилегии до уровня суперпользователя\n\n * CVE-2021-4034: A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2022-05-04"
|
|
},
|
|
"Updated": {
|
|
"Date": "2022-05-04"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2022-00488",
|
|
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-125, CWE-787",
|
|
"Href": "https://bdu.fstec.ru/vul/2022-00488",
|
|
"Impact": "High",
|
|
"Public": "20220125"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2021-4034",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-125",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034",
|
|
"Impact": "High",
|
|
"Public": "20220128"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:10",
|
|
"cpe:/o:alt:spserver:10"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811001",
|
|
"Comment": "libnss-myhostname is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811002",
|
|
"Comment": "libnss-mymachines is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811003",
|
|
"Comment": "libnss-resolve is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811004",
|
|
"Comment": "libnss-systemd is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811005",
|
|
"Comment": "libsystemd is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811006",
|
|
"Comment": "libsystemd-devel is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811007",
|
|
"Comment": "libudev-devel is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811008",
|
|
"Comment": "libudev1 is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811009",
|
|
"Comment": "pam_systemd is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811010",
|
|
"Comment": "pam_systemd_home is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811011",
|
|
"Comment": "systemd is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811012",
|
|
"Comment": "systemd-analyze is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811013",
|
|
"Comment": "systemd-boot-efi is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811014",
|
|
"Comment": "systemd-container is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811015",
|
|
"Comment": "systemd-coredump is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811016",
|
|
"Comment": "systemd-homed is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811017",
|
|
"Comment": "systemd-journal-remote is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811018",
|
|
"Comment": "systemd-modules-common is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811019",
|
|
"Comment": "systemd-networkd is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811020",
|
|
"Comment": "systemd-oomd-defaults is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811021",
|
|
"Comment": "systemd-portable is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811022",
|
|
"Comment": "systemd-stateless is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811023",
|
|
"Comment": "systemd-sysctl-common is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811024",
|
|
"Comment": "systemd-sysvinit is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811025",
|
|
"Comment": "systemd-tests is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811026",
|
|
"Comment": "systemd-timesyncd is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811027",
|
|
"Comment": "systemd-tmpfiles-common is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811028",
|
|
"Comment": "systemd-utils-filetriggers is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811029",
|
|
"Comment": "systemd-utils-standalone is earlier than 1:249.11-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20221811030",
|
|
"Comment": "udev is earlier than 1:249.11-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |