pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2016-1328/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

205 lines
8.8 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20161328",
"Version": "oval:org.altlinux.errata:def:20161328",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2016-1328: package `node` update to version 4.4.3-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2016-1328",
"RefURL": "https://errata.altlinux.org/ALT-PU-2016-1328",
"Source": "ALTPU"
},
{
"RefID": "BDU:2016-00630",
"RefURL": "https://bdu.fstec.ru/vul/2016-00630",
"Source": "BDU"
},
{
"RefID": "BDU:2016-00632",
"RefURL": "https://bdu.fstec.ru/vul/2016-00632",
"Source": "BDU"
},
{
"RefID": "CVE-2015-8855",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-8855",
"Source": "CVE"
},
{
"RefID": "CVE-2016-0702",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0702",
"Source": "CVE"
},
{
"RefID": "CVE-2016-0797",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0797",
"Source": "CVE"
},
{
"RefID": "CVE-2016-2086",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2086",
"Source": "CVE"
},
{
"RefID": "CVE-2016-2216",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2216",
"Source": "CVE"
},
{
"RefID": "CVE-2016-3956",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-3956",
"Source": "CVE"
}
],
"Description": "This update upgrades node to version 4.4.3-alt1. \nSecurity Fix(es):\n\n * BDU:2016-00630: Уязвимость библиотеки OpenSSL, позволяющая нарушителю раскрыть RSA-ключи\n\n * BDU:2016-00632: Уязвимости библиотеки OpenSSL, позволяющие нарушителю вызвать отказ в обслуживании или оказать другое воздействие\n\n * CVE-2015-8855: The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a \"regular expression denial of service (ReDoS).\"\n\n * CVE-2016-0702: The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.\n\n * CVE-2016-0797: Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.\n\n * CVE-2016-2086: Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.\n\n * CVE-2016-2216: The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.\n\n * CVE-2016-3956: The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2016-04-13"
},
"Updated": {
"Date": "2016-04-13"
},
"BDUs": [
{
"ID": "BDU:2016-00630",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2016-00630",
"Impact": "Low",
"Public": "20160303"
},
{
"ID": "BDU:2016-00632",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2016-00632",
"Impact": "Low",
"Public": "20160303"
}
],
"CVEs": [
{
"ID": "CVE-2015-8855",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-8855",
"Impact": "High",
"Public": "20170123"
},
{
"ID": "CVE-2016-0702",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0702",
"Impact": "Low",
"Public": "20160303"
},
{
"ID": "CVE-2016-0797",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0797",
"Impact": "High",
"Public": "20160303"
},
{
"ID": "CVE-2016-2086",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2086",
"Impact": "High",
"Public": "20160407"
},
{
"ID": "CVE-2016-2216",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2216",
"Impact": "High",
"Public": "20160407"
},
{
"ID": "CVE-2016-3956",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-3956",
"Impact": "High",
"Public": "20160702"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20161328001",
"Comment": "node is earlier than 0:4.4.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161328002",
"Comment": "node-devel is earlier than 0:4.4.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161328003",
"Comment": "node-doc is earlier than 0:4.4.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161328004",
"Comment": "npm is earlier than 0:2.15.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink