112 lines
4.0 KiB
JSON
112 lines
4.0 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20162380",
|
|
"Version": "oval:org.altlinux.errata:def:20162380",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2016-2380: package `node` update to version 6.9.1-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c10f1"
|
|
],
|
|
"Products": [
|
|
"ALT SP Workstation",
|
|
"ALT SP Server"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2016-2380",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2016-2380",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2016-5172",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5172",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2018-1000168",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades node to version 6.9.1-alt1. \nSecurity Fix(es):\n\n * CVE-2016-5172: The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.\n\n * CVE-2018-1000168: nghttp2 version \u003e= 1.10.0 and nghttp2 \u003c= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in \u003e= 1.31.1.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2016-12-01"
|
|
},
|
|
"Updated": {
|
|
"Date": "2016-12-01"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2016-5172",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
|
|
"CWE": "CWE-200",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5172",
|
|
"Impact": "Low",
|
|
"Public": "20160925"
|
|
},
|
|
{
|
|
"ID": "CVE-2018-1000168",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "CWE-20",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168",
|
|
"Impact": "High",
|
|
"Public": "20180508"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:10",
|
|
"cpe:/o:alt:spserver:10"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20162380001",
|
|
"Comment": "node is earlier than 0:6.9.1-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20162380002",
|
|
"Comment": "node-devel is earlier than 0:6.9.1-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20162380003",
|
|
"Comment": "node-doc is earlier than 0:6.9.1-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20162380004",
|
|
"Comment": "npm is earlier than 0:3.10.8-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |