vuln-list-alt/oval/c10f1/ALT-PU-2022-2610/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20222610",
      "Version": "oval:org.altlinux.errata:def:20222610",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2022-2610: package `pki-core` update to version 10.14.1-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c10f1"
            ],
            "Products": [
              "ALT SP Workstation",
              "ALT SP Server"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2022-2610",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2022-2610",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2022-2393",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2393",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades pki-core to version 10.14.1-alt1. \nSecurity Fix(es):\n\n * CVE-2022-2393: A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2022-09-14"
          },
          "Updated": {
            "Date": "2022-09-14"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2022-2393",
              "CVSS3": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "CWE": "NVD-CWE-Other",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2393",
              "Impact": "Low",
              "Public": "20220714"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:10",
              "cpe:/o:alt:spserver:10"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:4001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222610001",
                "Comment": "dogtag-pki-console-theme is earlier than 0:10.14.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222610002",
                "Comment": "dogtag-pki-server-theme is earlier than 0:10.14.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222610003",
                "Comment": "pki-acme is earlier than 0:10.14.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222610004",
                "Comment": "pki-base is earlier than 0:10.14.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222610005",
                "Comment": "pki-base-java is earlier than 0:10.14.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222610006",
                "Comment": "pki-ca is earlier than 0:10.14.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222610007",
                "Comment": "pki-console is earlier than 0:10.14.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222610008",
                "Comment": "pki-core is earlier than 0:10.14.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222610009",
                "Comment": "pki-healthcheck is earlier than 0:10.14.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222610010",
                "Comment": "pki-javadoc is earlier than 0:10.14.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222610011",
                "Comment": "pki-kra is earlier than 0:10.14.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222610012",
                "Comment": "pki-ocsp is earlier than 0:10.14.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222610013",
                "Comment": "pki-server is earlier than 0:10.14.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222610014",
                "Comment": "pki-symkey is earlier than 0:10.14.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222610015",
                "Comment": "pki-tks is earlier than 0:10.14.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222610016",
                "Comment": "pki-tools is earlier than 0:10.14.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222610017",
                "Comment": "pki-tps is earlier than 0:10.14.1-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20222610018",
                "Comment": "python3-module-pki-base is earlier than 0:10.14.1-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}