115 lines
3.8 KiB
JSON
115 lines
3.8 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20171846",
|
|
"Version": "oval:org.altlinux.errata:def:20171846",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2017-1846: package `nginx` update to version 1.12.1-alt1.S1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p9"
|
|
],
|
|
"Products": [
|
|
"ALT Server",
|
|
"ALT Virtualization Server",
|
|
"ALT Workstation",
|
|
"ALT Workstation K",
|
|
"ALT Education",
|
|
"Simply Linux",
|
|
"Starterkit"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2017-1846",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-1846",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-7529",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-7529",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades nginx to version 1.12.1-alt1.S1. \nSecurity Fix(es):\n\n * CVE-2017-7529: Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2017-07-11"
|
|
},
|
|
"Updated": {
|
|
"Date": "2017-07-11"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2017-7529",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-7529",
|
|
"Impact": "High",
|
|
"Public": "20170713"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:kworkstation:9",
|
|
"cpe:/o:alt:workstation:9",
|
|
"cpe:/o:alt:server:9",
|
|
"cpe:/o:alt:server-v:9",
|
|
"cpe:/o:alt:education:9",
|
|
"cpe:/o:alt:slinux:9",
|
|
"cpe:/o:alt:starterkit:p9"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:1001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171846001",
|
|
"Comment": "nginx is earlier than 0:1.12.1-alt1.S1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171846002",
|
|
"Comment": "nginx-geoip is earlier than 0:1.12.1-alt1.S1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171846003",
|
|
"Comment": "nginx-image_filter is earlier than 0:1.12.1-alt1.S1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171846004",
|
|
"Comment": "nginx-perl is earlier than 0:1.12.1-alt1.S1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171846005",
|
|
"Comment": "nginx-spnego is earlier than 0:1.12.1-alt1.S1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171846006",
|
|
"Comment": "nginx-xslt is earlier than 0:1.12.1-alt1.S1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |