pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c9f2/ALT-PU-2014-2057/definitions.json
pepelyaevip 83c40c9d64 ALT Vulnerability
2024-07-06 03:04:52 +00:00

137 lines
4.9 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20142057",
"Version": "oval:org.altlinux.errata:def:20142057",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2014-2057: package `cups` update to version 1.7.5-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2014-2057",
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-2057",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-01463",
"RefURL": "https://bdu.fstec.ru/vul/2015-01463",
"Source": "BDU"
},
{
"RefID": "CVE-2014-3537",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-3537",
"Source": "CVE"
},
{
"RefID": "CVE-2014-5030",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-5030",
"Source": "CVE"
},
{
"RefID": "CVE-2014-5031",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-5031",
"Source": "CVE"
}
],
"Description": "This update upgrades cups to version 1.7.5-alt1. \nSecurity Fix(es):\n\n * BDU:2015-01463: Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации\n\n * CVE-2014-3537: The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.\n\n * CVE-2014-5030: CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.\n\n * CVE-2014-5031: The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2014-09-01"
},
"Updated": {
"Date": "2014-09-01"
},
"BDUs": [
{
"ID": "BDU:2015-01463",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CWE": "CWE-59",
"Href": "https://bdu.fstec.ru/vul/2015-01463",
"Impact": "Low",
"Public": "20140723"
}
],
"CVEs": [
{
"ID": "CVE-2014-3537",
"CVSS": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"CWE": "CWE-59",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-3537",
"Impact": "Low",
"Public": "20140723"
},
{
"ID": "CVE-2014-5030",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CWE": "CWE-59",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-5030",
"Impact": "Low",
"Public": "20140729"
},
{
"ID": "CVE-2014-5031",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-5031",
"Impact": "Low",
"Public": "20140729"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20142057001",
"Comment": "cups is earlier than 0:1.7.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20142057002",
"Comment": "cups-ipptool is earlier than 0:1.7.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20142057003",
"Comment": "libcups is earlier than 0:1.7.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20142057004",
"Comment": "libcups-devel is earlier than 0:1.7.5-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink