334 lines
15 KiB
JSON
334 lines
15 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20151890",
|
|
"Version": "oval:org.altlinux.errata:def:20151890",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2015-1890: package `apache2` update to version 2.2.31-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p9"
|
|
],
|
|
"Products": [
|
|
"ALT Server",
|
|
"ALT Virtualization Server",
|
|
"ALT Workstation",
|
|
"ALT Workstation K",
|
|
"ALT Education",
|
|
"Simply Linux",
|
|
"Starterkit"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2015-1890",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2015-1890",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-00396",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-00396",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-00398",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-00398",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2013-1862",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1862",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2013-1896",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1896",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2013-5704",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-5704",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2013-6438",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6438",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-0098",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0098",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-0118",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0118",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-0226",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0226",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades apache2 to version 2.2.31-alt1. \nSecurity Fix(es):\n\n * BDU:2015-00396: Уязвимость программного обеспечения Apache HTTP Server, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-00398: Уязвимость программного обеспечения Apache HTTP Server, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации\n\n * CVE-2013-1862: mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.\n\n * CVE-2013-1896: mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.\n\n * CVE-2013-5704: The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass \"RequestHeader unset\" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states \"this is not a security issue in httpd as such.\"\n\n * CVE-2013-6438: The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.\n\n * CVE-2014-0098: The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.\n\n * CVE-2014-0118: The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.\n\n * CVE-2014-0226: Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Low",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2015-10-19"
|
|
},
|
|
"Updated": {
|
|
"Date": "2015-10-19"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2015-00396",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"CWE": "CWE-362",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-00396",
|
|
"Impact": "Low",
|
|
"Public": "20140720"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-00398",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
|
"CWE": "CWE-400",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-00398",
|
|
"Impact": "Low",
|
|
"Public": "20140722"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2013-1862",
|
|
"CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
|
|
"CWE": "NVD-CWE-noinfo",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-1862",
|
|
"Impact": "Low",
|
|
"Public": "20130610"
|
|
},
|
|
{
|
|
"ID": "CVE-2013-1896",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
|
"CWE": "NVD-CWE-noinfo",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-1896",
|
|
"Impact": "Low",
|
|
"Public": "20130710"
|
|
},
|
|
{
|
|
"ID": "CVE-2013-5704",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
|
|
"CWE": "NVD-CWE-noinfo",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-5704",
|
|
"Impact": "Low",
|
|
"Public": "20140415"
|
|
},
|
|
{
|
|
"ID": "CVE-2013-6438",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
|
"CWE": "NVD-CWE-noinfo",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6438",
|
|
"Impact": "Low",
|
|
"Public": "20140318"
|
|
},
|
|
{
|
|
"ID": "CVE-2014-0098",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
|
"CWE": "NVD-CWE-noinfo",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0098",
|
|
"Impact": "Low",
|
|
"Public": "20140318"
|
|
},
|
|
{
|
|
"ID": "CVE-2014-0118",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
|
"CWE": "CWE-400",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0118",
|
|
"Impact": "Low",
|
|
"Public": "20140720"
|
|
},
|
|
{
|
|
"ID": "CVE-2014-0226",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"CWE": "CWE-362",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0226",
|
|
"Impact": "Low",
|
|
"Public": "20140720"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:kworkstation:9",
|
|
"cpe:/o:alt:workstation:9",
|
|
"cpe:/o:alt:server:9",
|
|
"cpe:/o:alt:server-v:9",
|
|
"cpe:/o:alt:education:9",
|
|
"cpe:/o:alt:slinux:9",
|
|
"cpe:/o:alt:starterkit:p9",
|
|
"cpe:/o:alt:kworkstation:9.1",
|
|
"cpe:/o:alt:workstation:9.1",
|
|
"cpe:/o:alt:server:9.1",
|
|
"cpe:/o:alt:server-v:9.1",
|
|
"cpe:/o:alt:education:9.1",
|
|
"cpe:/o:alt:slinux:9.1",
|
|
"cpe:/o:alt:starterkit:9.1",
|
|
"cpe:/o:alt:kworkstation:9.2",
|
|
"cpe:/o:alt:workstation:9.2",
|
|
"cpe:/o:alt:server:9.2",
|
|
"cpe:/o:alt:server-v:9.2",
|
|
"cpe:/o:alt:education:9.2",
|
|
"cpe:/o:alt:slinux:9.2",
|
|
"cpe:/o:alt:starterkit:9.2"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:1001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890001",
|
|
"Comment": "apache2 is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890002",
|
|
"Comment": "apache2-ab is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890003",
|
|
"Comment": "apache2-base is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890004",
|
|
"Comment": "apache2-cgi-bin is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890005",
|
|
"Comment": "apache2-cgi-bin-printenv is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890006",
|
|
"Comment": "apache2-cgi-bin-test-cgi is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890007",
|
|
"Comment": "apache2-compat is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890008",
|
|
"Comment": "apache2-configs-A1PROXIED is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890009",
|
|
"Comment": "apache2-datadirs is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890010",
|
|
"Comment": "apache2-devel is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890011",
|
|
"Comment": "apache2-docs is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890012",
|
|
"Comment": "apache2-full is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890013",
|
|
"Comment": "apache2-htcacheclean is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890014",
|
|
"Comment": "apache2-htcacheclean-control is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890015",
|
|
"Comment": "apache2-html is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890016",
|
|
"Comment": "apache2-htpasswd is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890017",
|
|
"Comment": "apache2-httpd-event is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890018",
|
|
"Comment": "apache2-httpd-itk is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890019",
|
|
"Comment": "apache2-httpd-peruser is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890020",
|
|
"Comment": "apache2-httpd-prefork is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890021",
|
|
"Comment": "apache2-httpd-worker is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890022",
|
|
"Comment": "apache2-icons is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890023",
|
|
"Comment": "apache2-manual is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890024",
|
|
"Comment": "apache2-manual-addons is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890025",
|
|
"Comment": "apache2-mod_disk_cache is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890026",
|
|
"Comment": "apache2-mod_ldap is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890027",
|
|
"Comment": "apache2-mod_ssl is earlier than 1:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890028",
|
|
"Comment": "apache2-mod_ssl-compat is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890029",
|
|
"Comment": "apache2-mods is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890030",
|
|
"Comment": "apache2-suexec is earlier than 0:2.2.31-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20151890031",
|
|
"Comment": "rpm-build-apache2 is earlier than 0:2.2.31-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |