117 lines
4.3 KiB
JSON
117 lines
4.3 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20192476",
|
|
"Version": "oval:org.altlinux.errata:def:20192476",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2019-2476: package `kf5-kconfig` update to version 5.61.0-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c9f2"
|
|
],
|
|
"Products": [
|
|
"ALT SPWorkstation",
|
|
"ALT SPServer"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2019-2476",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-2476",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2019-03649",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2019-03649",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2019-14744",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14744",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades kf5-kconfig to version 5.61.0-alt1. \nSecurity Fix(es):\n\n * BDU:2019-03649: Уязвимость библиотеки Kconfig среды рабочего стола KDE, позволяющая нарушителю получить несанкционированный доступ к информации, вызвать отказ в обслуживании или оказать воздействие на доступность информации\n\n * CVE-2019-14744: In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2019-08-15"
|
|
},
|
|
"Updated": {
|
|
"Date": "2019-08-15"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2019-03649",
|
|
"CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
|
|
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-77",
|
|
"Href": "https://bdu.fstec.ru/vul/2019-03649",
|
|
"Impact": "High",
|
|
"Public": "20190728"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2019-14744",
|
|
"CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
|
|
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-78",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14744",
|
|
"Impact": "High",
|
|
"Public": "20190807"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:8.4",
|
|
"cpe:/o:alt:spserver:8.4"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20192476001",
|
|
"Comment": "kf5-kconfig is earlier than 0:5.61.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20192476002",
|
|
"Comment": "kf5-kconfig-common is earlier than 0:5.61.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20192476003",
|
|
"Comment": "kf5-kconfig-devel is earlier than 0:5.61.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20192476004",
|
|
"Comment": "libkf5configcore is earlier than 0:5.61.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20192476005",
|
|
"Comment": "libkf5configgui is earlier than 0:5.61.0-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |