140 lines
5.1 KiB
JSON
140 lines
5.1 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20172692",
|
|
"Version": "oval:org.altlinux.errata:def:20172692",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2017-2692: package `thrift` update to version 0.10.0-alt1_4jpp8",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c10f1"
|
|
],
|
|
"Products": [
|
|
"ALT SP Workstation",
|
|
"ALT SP Server"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2017-2692",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-2692",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2015-3254",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-3254",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2016-5397",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5397",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades thrift to version 0.10.0-alt1_4jpp8. \nSecurity Fix(es):\n\n * CVE-2015-3254: The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.\n\n * CVE-2016-5397: The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2017-11-23"
|
|
},
|
|
"Updated": {
|
|
"Date": "2017-11-23"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2015-3254",
|
|
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "CWE-20",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-3254",
|
|
"Impact": "Low",
|
|
"Public": "20170616"
|
|
},
|
|
{
|
|
"ID": "CVE-2016-5397",
|
|
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-77",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5397",
|
|
"Impact": "High",
|
|
"Public": "20180212"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:10",
|
|
"cpe:/o:alt:spserver:10"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20172692001",
|
|
"Comment": "fb303 is earlier than 0:0.10.0-alt1_4jpp8"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20172692002",
|
|
"Comment": "fb303-devel is earlier than 0:0.10.0-alt1_4jpp8"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20172692003",
|
|
"Comment": "fb303-java is earlier than 0:0.10.0-alt1_4jpp8"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20172692004",
|
|
"Comment": "libthrift-java is earlier than 0:0.10.0-alt1_4jpp8"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20172692005",
|
|
"Comment": "libthrift-javadoc is earlier than 0:0.10.0-alt1_4jpp8"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20172692006",
|
|
"Comment": "perl-thrift is earlier than 0:0.10.0-alt1_4jpp8"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20172692007",
|
|
"Comment": "python-module-fb303 is earlier than 0:0.10.0-alt1_4jpp8"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20172692008",
|
|
"Comment": "thrift is earlier than 0:0.10.0-alt1_4jpp8"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20172692009",
|
|
"Comment": "thrift-devel is earlier than 0:0.10.0-alt1_4jpp8"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20172692010",
|
|
"Comment": "thrift-glib is earlier than 0:0.10.0-alt1_4jpp8"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20172692011",
|
|
"Comment": "thrift-qt is earlier than 0:0.10.0-alt1_4jpp8"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |