126 lines
4.5 KiB
JSON
126 lines
4.5 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20192096",
|
|
"Version": "oval:org.altlinux.errata:def:20192096",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2019-2096: package `moodle` update to version 3.7.0-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c9f2"
|
|
],
|
|
"Products": [
|
|
"ALT SPWorkstation",
|
|
"ALT SPServer"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2019-2096",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-2096",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2019-10133",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-10133",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2019-10134",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-10134",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2019-10154",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-10154",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades moodle to version 3.7.0-alt1. \nSecurity Fix(es):\n\n * CVE-2019-10133: A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.\n\n * CVE-2019-10134: A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.\n\n * CVE-2019-10154: A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2019-06-19"
|
|
},
|
|
"Updated": {
|
|
"Date": "2019-06-19"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2019-10133",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"CWE": "CWE-601",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-10133",
|
|
"Impact": "Low",
|
|
"Public": "20190626"
|
|
},
|
|
{
|
|
"ID": "CVE-2019-10134",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
|
|
"CWE": "NVD-CWE-noinfo",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-10134",
|
|
"Impact": "Low",
|
|
"Public": "20190626"
|
|
},
|
|
{
|
|
"ID": "CVE-2019-10154",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
|
"CWE": "NVD-CWE-Other",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-10154",
|
|
"Impact": "High",
|
|
"Public": "20190626"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:8.4",
|
|
"cpe:/o:alt:spserver:8.4"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20192096001",
|
|
"Comment": "moodle is earlier than 0:3.7.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20192096002",
|
|
"Comment": "moodle-apache2 is earlier than 0:3.7.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20192096003",
|
|
"Comment": "moodle-base is earlier than 0:3.7.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20192096004",
|
|
"Comment": "moodle-local-mysql is earlier than 0:3.7.0-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |