vuln-list-alt/oval/c9f2/ALT-PU-2018-1990/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20181990",
      "Version": "oval:org.altlinux.errata:def:20181990",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2018-1990: package `spice-vdagent` update to version 0.18.0-alt1.S1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c9f2"
            ],
            "Products": [
              "ALT SPWorkstation",
              "ALT SPServer"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2018-1990",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2018-1990",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2017-15108",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15108",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades spice-vdagent to version 0.18.0-alt1.S1. \nSecurity Fix(es):\n\n * CVE-2017-15108: spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2018-07-09"
          },
          "Updated": {
            "Date": "2018-07-09"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2017-15108",
              "CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-78",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15108",
              "Impact": "High",
              "Public": "20180120"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:8.4",
              "cpe:/o:alt:spserver:8.4"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181990001",
                "Comment": "spice-vdagent is earlier than 0:0.18.0-alt1.S1"
              }
            ]
          }
        ]
      }
    }
  ]
}