pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c9f2/ALT-PU-2014-1019/definitions.json
pepelyaevip 83c40c9d64 ALT Vulnerability
2024-07-06 03:04:52 +00:00

178 lines
7.4 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20141019",
"Version": "oval:org.altlinux.errata:def:20141019",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2014-1019: package `openssl10` update to version 1.0.1f-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2014-1019",
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-1019",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-01314",
"RefURL": "https://bdu.fstec.ru/vul/2015-01314",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09745",
"RefURL": "https://bdu.fstec.ru/vul/2015-09745",
"Source": "BDU"
},
{
"RefID": "BDU:2015-09775",
"RefURL": "https://bdu.fstec.ru/vul/2015-09775",
"Source": "BDU"
},
{
"RefID": "CVE-2013-4353",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-4353",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6449",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6449",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6450",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6450",
"Source": "CVE"
}
],
"Description": "This update upgrades openssl10 to version 1.0.1f-alt1. \nSecurity Fix(es):\n\n * BDU:2015-01314: Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить целостность и доступность защищаемой информации\n\n * BDU:2015-09745: Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-09775: Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2013-4353: The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.\n\n * CVE-2013-6449: The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.\n\n * CVE-2013-6450: The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2014-01-10"
},
"Updated": {
"Date": "2014-01-10"
},
"BDUs": [
{
"ID": "BDU:2015-01314",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"CWE": "CWE-310",
"Href": "https://bdu.fstec.ru/vul/2015-01314",
"Impact": "Low",
"Public": "20131223"
},
{
"ID": "BDU:2015-09745",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2015-09745",
"Impact": "Low",
"Public": "20140221"
},
{
"ID": "BDU:2015-09775",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"Href": "https://bdu.fstec.ru/vul/2015-09775",
"Impact": "High",
"Public": "20141226"
}
],
"CVEs": [
{
"ID": "CVE-2013-4353",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-4353",
"Impact": "Low",
"Public": "20140109"
},
{
"ID": "CVE-2013-6449",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CWE": "CWE-310",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6449",
"Impact": "Low",
"Public": "20131223"
},
{
"ID": "CVE-2013-6450",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"CWE": "CWE-310",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6450",
"Impact": "Low",
"Public": "20140101"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20141019001",
"Comment": "libcrypto10 is earlier than 0:1.0.1f-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141019002",
"Comment": "libssl-devel is earlier than 0:1.0.1f-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141019003",
"Comment": "libssl-devel-static is earlier than 0:1.0.1f-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141019004",
"Comment": "libssl10 is earlier than 0:1.0.1f-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141019005",
"Comment": "openssl is earlier than 0:1.0.1f-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141019006",
"Comment": "openssl-doc is earlier than 0:1.0.1f-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141019007",
"Comment": "openssl-engines is earlier than 0:1.0.1f-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141019008",
"Comment": "tsget is earlier than 0:1.0.1f-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink