106 lines
3.5 KiB
JSON
106 lines
3.5 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20142073",
|
|
"Version": "oval:org.altlinux.errata:def:20142073",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2014-2073: package `otrs` update to version 3.3.8-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c9f2"
|
|
],
|
|
"Products": [
|
|
"ALT SPWorkstation",
|
|
"ALT SPServer"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2014-2073",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-2073",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-2553",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-2553",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-2554",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-2554",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades otrs to version 3.3.8-alt1. \nSecurity Fix(es):\n\n * CVE-2014-2553: Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields.\n\n * CVE-2014-2554: OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Low",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2014-09-04"
|
|
},
|
|
"Updated": {
|
|
"Date": "2014-09-04"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2014-2553",
|
|
"CVSS": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
|
|
"CWE": "CWE-79",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-2553",
|
|
"Impact": "Low",
|
|
"Public": "20140402"
|
|
},
|
|
{
|
|
"ID": "CVE-2014-2554",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"CWE": "CWE-20",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-2554",
|
|
"Impact": "Low",
|
|
"Public": "20140423"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:8.4",
|
|
"cpe:/o:alt:spserver:8.4"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142073001",
|
|
"Comment": "otrs is earlier than 0:3.3.8-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142073002",
|
|
"Comment": "otrs-apache2 is earlier than 0:3.3.8-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142073003",
|
|
"Comment": "otrs-doc-admin-en-pdf is earlier than 0:3.3.8-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |