277 lines
12 KiB
JSON
277 lines
12 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20172287",
|
||
"Version": "oval:org.altlinux.errata:def:20172287",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2017-2287: package `samba` update to version 4.6.8-alt1.S1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch p9"
|
||
],
|
||
"Products": [
|
||
"ALT Server",
|
||
"ALT Virtualization Server",
|
||
"ALT Workstation",
|
||
"ALT Workstation K",
|
||
"ALT Education",
|
||
"Simply Linux",
|
||
"Starterkit"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2017-2287",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-2287",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2019-00223",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2019-00223",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2019-00224",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2019-00224",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-01433",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-01433",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2017-12150",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12150",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2017-12151",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12151",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2017-12163",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12163",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades samba to version 4.6.8-alt1.S1. \nSecurity Fix(es):\n\n * BDU:2019-00223: Уязвимость пакета программ для сетевого взаимодействия Samba, связанная с отсутствием подписи SMB-трафика, позволяющая нарушителю реализовать атаку «человек посередине»\n\n * BDU:2019-00224: Уязвимость пакета программ для сетевого взаимодействия Samba, связанная с отсутствием требования подписи и шифрования SMB-трафика при использовании перенаправлений DFS, позволяющая нарушителю реализовать атаку «человек посередине»\n\n * BDU:2021-01433: Уязвимость реализации протокола SMB1 пакета программ сетевого взаимодействия Samba, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность\n\n * CVE-2017-12150: It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce \"SMB signing\" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.\n\n * CVE-2017-12151: A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.\n\n * CVE-2017-12163: An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "High",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2017-09-21"
|
||
},
|
||
"Updated": {
|
||
"Date": "2017-09-21"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2019-00223",
|
||
"CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
|
||
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
|
||
"CWE": "CWE-300",
|
||
"Href": "https://bdu.fstec.ru/vul/2019-00223",
|
||
"Impact": "High",
|
||
"Public": "20170920"
|
||
},
|
||
{
|
||
"ID": "BDU:2019-00224",
|
||
"CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
|
||
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
|
||
"CWE": "CWE-300",
|
||
"Href": "https://bdu.fstec.ru/vul/2019-00224",
|
||
"Impact": "High",
|
||
"Public": "20170920"
|
||
},
|
||
{
|
||
"ID": "BDU:2021-01433",
|
||
"CVSS": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
|
||
"CVSS3": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
|
||
"CWE": "CWE-200",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-01433",
|
||
"Impact": "High",
|
||
"Public": "20180726"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2017-12150",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
|
||
"CWE": "NVD-CWE-noinfo",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12150",
|
||
"Impact": "High",
|
||
"Public": "20180726"
|
||
},
|
||
{
|
||
"ID": "CVE-2017-12151",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
|
||
"CWE": "CWE-310",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12151",
|
||
"Impact": "High",
|
||
"Public": "20180727"
|
||
},
|
||
{
|
||
"ID": "CVE-2017-12163",
|
||
"CVSS": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
|
||
"CVSS3": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
|
||
"CWE": "CWE-200",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12163",
|
||
"Impact": "High",
|
||
"Public": "20180726"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:kworkstation:9",
|
||
"cpe:/o:alt:workstation:9",
|
||
"cpe:/o:alt:server:9",
|
||
"cpe:/o:alt:server-v:9",
|
||
"cpe:/o:alt:education:9",
|
||
"cpe:/o:alt:slinux:9",
|
||
"cpe:/o:alt:starterkit:p9",
|
||
"cpe:/o:alt:kworkstation:9.1",
|
||
"cpe:/o:alt:workstation:9.1",
|
||
"cpe:/o:alt:server:9.1",
|
||
"cpe:/o:alt:server-v:9.1",
|
||
"cpe:/o:alt:education:9.1",
|
||
"cpe:/o:alt:slinux:9.1",
|
||
"cpe:/o:alt:starterkit:9.1",
|
||
"cpe:/o:alt:kworkstation:9.2",
|
||
"cpe:/o:alt:workstation:9.2",
|
||
"cpe:/o:alt:server:9.2",
|
||
"cpe:/o:alt:server-v:9.2",
|
||
"cpe:/o:alt:education:9.2",
|
||
"cpe:/o:alt:slinux:9.2",
|
||
"cpe:/o:alt:starterkit:9.2"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:1001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287001",
|
||
"Comment": "ctdb is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287002",
|
||
"Comment": "ctdb-tests is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287003",
|
||
"Comment": "libnetapi is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287004",
|
||
"Comment": "libsmbclient is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287005",
|
||
"Comment": "libsmbclient-devel is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287006",
|
||
"Comment": "libwbclient is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287007",
|
||
"Comment": "libwbclient-devel is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287008",
|
||
"Comment": "python-module-samba is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287009",
|
||
"Comment": "samba is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287010",
|
||
"Comment": "samba-client is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287011",
|
||
"Comment": "samba-client-libs is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287012",
|
||
"Comment": "samba-common is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287013",
|
||
"Comment": "samba-common-libs is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287014",
|
||
"Comment": "samba-common-tools is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287015",
|
||
"Comment": "samba-dc is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287016",
|
||
"Comment": "samba-dc-libs is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287017",
|
||
"Comment": "samba-devel is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287018",
|
||
"Comment": "samba-libs is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287019",
|
||
"Comment": "samba-pidl is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287020",
|
||
"Comment": "samba-test is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287021",
|
||
"Comment": "samba-vfs-cephfs is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287022",
|
||
"Comment": "samba-vfs-glusterfs is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287023",
|
||
"Comment": "samba-winbind is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287024",
|
||
"Comment": "samba-winbind-clients is earlier than 0:4.6.8-alt1.S1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172287025",
|
||
"Comment": "samba-winbind-krb5-locator is earlier than 0:4.6.8-alt1.S1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |