pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2022-1986/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

234 lines
11 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20221986",
"Version": "oval:org.altlinux.errata:def:20221986",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-1986: package `LibreOffice-still` update to version 7.2.7.2-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-1986",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-1986",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-04770",
"RefURL": "https://bdu.fstec.ru/vul/2022-04770",
"Source": "BDU"
},
{
"RefID": "BDU:2022-04771",
"RefURL": "https://bdu.fstec.ru/vul/2022-04771",
"Source": "BDU"
},
{
"RefID": "BDU:2022-04785",
"RefURL": "https://bdu.fstec.ru/vul/2022-04785",
"Source": "BDU"
},
{
"RefID": "CVE-2022-26305",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-26305",
"Source": "CVE"
},
{
"RefID": "CVE-2022-26306",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-26306",
"Source": "CVE"
},
{
"RefID": "CVE-2022-26307",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-26307",
"Source": "CVE"
}
],
"Description": "This update upgrades LibreOffice-still to version 7.2.7.2-alt1. \nSecurity Fix(es):\n\n * BDU:2022-04770: Уязвимость пакета офисных программ LibreOffice, связанная с недостаточно стойким шифрованием данных, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2022-04771: Уязвимость пакета офисных программ LibreOffice, связанная с неправильным подтверждением подлинности сертификата, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-04785: Уязвимость базы данных конфигураций пользователя пакета офисных программ LibreOffice, позволяющая нарушителю раскрыть защищаемую информацию\n\n * CVE-2022-26305: An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.\n\n * CVE-2022-26306: LibreOffice supports the storage of passwords for web connections in the users configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.\n\n * CVE-2022-26307: LibreOffice supports the storage of passwords for web connections in the users configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-06-01"
},
"Updated": {
"Date": "2022-06-01"
},
"BDUs": [
{
"ID": "BDU:2022-04770",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-312, CWE-326",
"Href": "https://bdu.fstec.ru/vul/2022-04770",
"Impact": "High",
"Public": "20220725"
},
{
"ID": "BDU:2022-04771",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2022-04771",
"Impact": "Critical",
"Public": "20220725"
},
{
"ID": "BDU:2022-04785",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-326",
"Href": "https://bdu.fstec.ru/vul/2022-04785",
"Impact": "High",
"Public": "20220725"
}
],
"CVEs": [
{
"ID": "CVE-2022-26305",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-26305",
"Impact": "High",
"Public": "20220725"
},
{
"ID": "CVE-2022-26306",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-330",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-26306",
"Impact": "High",
"Public": "20220725"
},
{
"ID": "CVE-2022-26307",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-26307",
"Impact": "High",
"Public": "20220725"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20221986001",
"Comment": "LibreOffice-still is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986002",
"Comment": "LibreOffice-still-common is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986003",
"Comment": "LibreOffice-still-extensions is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986004",
"Comment": "LibreOffice-still-gtk3 is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986005",
"Comment": "LibreOffice-still-integrated is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986006",
"Comment": "LibreOffice-still-kde5 is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986007",
"Comment": "LibreOffice-still-langpack-be is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986008",
"Comment": "LibreOffice-still-langpack-de is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986009",
"Comment": "LibreOffice-still-langpack-el is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986010",
"Comment": "LibreOffice-still-langpack-es is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986011",
"Comment": "LibreOffice-still-langpack-fr is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986012",
"Comment": "LibreOffice-still-langpack-kk is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986013",
"Comment": "LibreOffice-still-langpack-pt-BR is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986014",
"Comment": "LibreOffice-still-langpack-ru is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986015",
"Comment": "LibreOffice-still-langpack-tt is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986016",
"Comment": "LibreOffice-still-langpack-uk is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986017",
"Comment": "LibreOffice-still-mimetypes is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986018",
"Comment": "LibreOffice-still-qt5 is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986019",
"Comment": "LibreOffice-still-sdk is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986020",
"Comment": "libreofficekit-still is earlier than 0:7.2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20221986021",
"Comment": "libreofficekit-still-devel is earlier than 0:7.2.7.2-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink