pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2015-2203/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

461 lines
22 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20152203",
"Version": "oval:org.altlinux.errata:def:20152203",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2015-2203: package `mariadb` update to version 10.1.10-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2015-2203",
"RefURL": "https://errata.altlinux.org/ALT-PU-2015-2203",
"Source": "ALTPU"
},
{
"RefID": "BDU:2016-00166",
"RefURL": "https://bdu.fstec.ru/vul/2016-00166",
"Source": "BDU"
},
{
"RefID": "BDU:2016-00168",
"RefURL": "https://bdu.fstec.ru/vul/2016-00168",
"Source": "BDU"
},
{
"RefID": "BDU:2016-00171",
"RefURL": "https://bdu.fstec.ru/vul/2016-00171",
"Source": "BDU"
},
{
"RefID": "BDU:2016-00172",
"RefURL": "https://bdu.fstec.ru/vul/2016-00172",
"Source": "BDU"
},
{
"RefID": "BDU:2016-00173",
"RefURL": "https://bdu.fstec.ru/vul/2016-00173",
"Source": "BDU"
},
{
"RefID": "BDU:2016-00175",
"RefURL": "https://bdu.fstec.ru/vul/2016-00175",
"Source": "BDU"
},
{
"RefID": "BDU:2016-00178",
"RefURL": "https://bdu.fstec.ru/vul/2016-00178",
"Source": "BDU"
},
{
"RefID": "BDU:2016-00180",
"RefURL": "https://bdu.fstec.ru/vul/2016-00180",
"Source": "BDU"
},
{
"RefID": "BDU:2016-00181",
"RefURL": "https://bdu.fstec.ru/vul/2016-00181",
"Source": "BDU"
},
{
"RefID": "BDU:2016-00184",
"RefURL": "https://bdu.fstec.ru/vul/2016-00184",
"Source": "BDU"
},
{
"RefID": "BDU:2016-01110",
"RefURL": "https://bdu.fstec.ru/vul/2016-01110",
"Source": "BDU"
},
{
"RefID": "BDU:2016-01118",
"RefURL": "https://bdu.fstec.ru/vul/2016-01118",
"Source": "BDU"
},
{
"RefID": "CVE-2016-0505",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0505",
"Source": "CVE"
},
{
"RefID": "CVE-2016-0546",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0546",
"Source": "CVE"
},
{
"RefID": "CVE-2016-0596",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0596",
"Source": "CVE"
},
{
"RefID": "CVE-2016-0597",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0597",
"Source": "CVE"
},
{
"RefID": "CVE-2016-0598",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0598",
"Source": "CVE"
},
{
"RefID": "CVE-2016-0600",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0600",
"Source": "CVE"
},
{
"RefID": "CVE-2016-0606",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0606",
"Source": "CVE"
},
{
"RefID": "CVE-2016-0608",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0608",
"Source": "CVE"
},
{
"RefID": "CVE-2016-0609",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0609",
"Source": "CVE"
},
{
"RefID": "CVE-2016-0616",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0616",
"Source": "CVE"
},
{
"RefID": "CVE-2016-0642",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0642",
"Source": "CVE"
},
{
"RefID": "CVE-2016-0651",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0651",
"Source": "CVE"
},
{
"RefID": "CVE-2016-2047",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2047",
"Source": "CVE"
}
],
"Description": "This update upgrades mariadb to version 10.1.10-alt1. \nSecurity Fix(es):\n\n * BDU:2016-00166: Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2016-00168: Уязвимость системы управления базами данных MySQL, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2016-00171: Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2016-00172: Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2016-00173: Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2016-00175: Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать частичный отказ в обслуживании\n\n * BDU:2016-00178: Уязвимость системы управления базами данных MySQL, позволяющая нарушителю модифицировать данные\n\n * BDU:2016-00180: Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2016-00181: Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2016-00184: Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2016-01110: Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на доступность информации\n\n * BDU:2016-01118: Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на целостность и доступность информации\n\n * CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.\n\n * CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.\n\n * CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.\n\n * CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.\n\n * CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.\n\n * CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.\n\n * CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.\n\n * CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.\n\n * CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.\n\n * CVE-2016-0616: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.\n\n * CVE-2016-0642: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.\n\n * CVE-2016-0651: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.\n\n * CVE-2016-2047: The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"/CN=\" string in a field in a certificate, as demonstrated by \"/OU=/CN=bar.com/CN=foo.com.\"",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2015-12-28"
},
"Updated": {
"Date": "2015-12-28"
},
"BDUs": [
{
"ID": "BDU:2016-00166",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2016-00166",
"Impact": "Low",
"Public": "20160119"
},
{
"ID": "BDU:2016-00168",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2016-00168",
"Impact": "High",
"Public": "20160119"
},
{
"ID": "BDU:2016-00171",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2016-00171",
"Impact": "Low",
"Public": "20160119"
},
{
"ID": "BDU:2016-00172",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2016-00172",
"Impact": "Low",
"Public": "20160119"
},
{
"ID": "BDU:2016-00173",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2016-00173",
"Impact": "Low",
"Public": "20160119"
},
{
"ID": "BDU:2016-00175",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2016-00175",
"Impact": "Low",
"Public": "20160119"
},
{
"ID": "BDU:2016-00178",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2016-00178",
"Impact": "Low",
"Public": "20160119"
},
{
"ID": "BDU:2016-00180",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2016-00180",
"Impact": "Low",
"Public": "20160119"
},
{
"ID": "BDU:2016-00181",
"CVSS": "AV:N/AC:H/Au:M/C:N/I:N/A:P",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2016-00181",
"Impact": "Low",
"Public": "20160119"
},
{
"ID": "BDU:2016-00184",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2016-00184",
"Impact": "Low",
"Public": "20160119"
},
{
"ID": "BDU:2016-01110",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2016-01110",
"Impact": "Low",
"Public": "20160421"
},
{
"ID": "BDU:2016-01118",
"CVSS": "AV:N/AC:M/Au:M/C:N/I:P/A:P",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2016-01118",
"Impact": "Low",
"Public": "20160421"
}
],
"CVEs": [
{
"ID": "CVE-2016-0505",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0505",
"Impact": "Low",
"Public": "20160121"
},
{
"ID": "CVE-2016-0546",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0546",
"Impact": "High",
"Public": "20160121"
},
{
"ID": "CVE-2016-0596",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0596",
"Impact": "Low",
"Public": "20160121"
},
{
"ID": "CVE-2016-0597",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0597",
"Impact": "Low",
"Public": "20160121"
},
{
"ID": "CVE-2016-0598",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0598",
"Impact": "Low",
"Public": "20160121"
},
{
"ID": "CVE-2016-0600",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0600",
"Impact": "Low",
"Public": "20160121"
},
{
"ID": "CVE-2016-0606",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0606",
"Impact": "Low",
"Public": "20160121"
},
{
"ID": "CVE-2016-0608",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0608",
"Impact": "Low",
"Public": "20160121"
},
{
"ID": "CVE-2016-0609",
"CVSS": "AV:N/AC:H/Au:M/C:N/I:N/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0609",
"Impact": "Low",
"Public": "20160121"
},
{
"ID": "CVE-2016-0616",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0616",
"Impact": "Low",
"Public": "20160121"
},
{
"ID": "CVE-2016-0642",
"CVSS": "AV:N/AC:M/Au:M/C:N/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0642",
"Impact": "Low",
"Public": "20160421"
},
{
"ID": "CVE-2016-0651",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0651",
"Impact": "Low",
"Public": "20160421"
},
{
"ID": "CVE-2016-2047",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-254",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2047",
"Impact": "Low",
"Public": "20160127"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20152203001",
"Comment": "libmariadbembedded is earlier than 0:10.1.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20152203002",
"Comment": "libmariadbembedded-devel is earlier than 0:10.1.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20152203003",
"Comment": "libmysqlclient-devel is earlier than 0:10.1.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20152203004",
"Comment": "libmysqlclient18 is earlier than 0:10.1.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20152203005",
"Comment": "mariadb is earlier than 0:10.1.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20152203006",
"Comment": "mariadb-bench is earlier than 0:10.1.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20152203007",
"Comment": "mariadb-client is earlier than 0:10.1.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20152203008",
"Comment": "mariadb-common is earlier than 0:10.1.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20152203009",
"Comment": "mariadb-server is earlier than 0:10.1.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20152203010",
"Comment": "mariadb-server-perl is earlier than 0:10.1.10-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink