174 lines
6.5 KiB
JSON
174 lines
6.5 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20211756",
|
|
"Version": "oval:org.altlinux.errata:def:20211756",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2021-1756: package `avahi` update to version 0.8-alt2",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p9"
|
|
],
|
|
"Products": [
|
|
"ALT Server",
|
|
"ALT Virtualization Server",
|
|
"ALT Workstation",
|
|
"ALT Workstation K",
|
|
"ALT Education",
|
|
"Simply Linux",
|
|
"Starterkit"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2021-1756",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1756",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2022-05709",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2022-05709",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2021-3468",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3468",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades avahi to version 0.8-alt2. \nSecurity Fix(es):\n\n * BDU:2022-05709: Уязвимость функции client_work системы обнаружения сервисов в локальной сети Avahi, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2021-3468: A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.\n\n * #39357: Зависает avahi-daemon CVE-2021-3468",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Low",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2021-04-30"
|
|
},
|
|
"Updated": {
|
|
"Date": "2021-04-30"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2022-05709",
|
|
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
|
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "CWE-835",
|
|
"Href": "https://bdu.fstec.ru/vul/2022-05709",
|
|
"Impact": "Low",
|
|
"Public": "20210310"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2021-3468",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
|
|
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "CWE-835",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3468",
|
|
"Impact": "Low",
|
|
"Public": "20210602"
|
|
}
|
|
],
|
|
"Bugzilla": [
|
|
{
|
|
"ID": "39357",
|
|
"Href": "https://bugzilla.altlinux.org/39357",
|
|
"Data": "Зависает avahi-daemon CVE-2021-3468"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:kworkstation:9",
|
|
"cpe:/o:alt:workstation:9",
|
|
"cpe:/o:alt:server:9",
|
|
"cpe:/o:alt:server-v:9",
|
|
"cpe:/o:alt:education:9",
|
|
"cpe:/o:alt:slinux:9",
|
|
"cpe:/o:alt:starterkit:p9"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:1001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211756001",
|
|
"Comment": "avahi is earlier than 0:0.8-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211756002",
|
|
"Comment": "avahi-autoipd is earlier than 0:0.8-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211756003",
|
|
"Comment": "avahi-bookmarks is earlier than 0:0.8-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211756004",
|
|
"Comment": "avahi-daemon is earlier than 0:0.8-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211756005",
|
|
"Comment": "avahi-dnsconfd is earlier than 0:0.8-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211756006",
|
|
"Comment": "avahi-tools is earlier than 0:0.8-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211756007",
|
|
"Comment": "avahi-ui is earlier than 0:0.8-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211756008",
|
|
"Comment": "libavahi is earlier than 0:0.8-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211756009",
|
|
"Comment": "libavahi-devel is earlier than 0:0.8-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211756010",
|
|
"Comment": "libavahi-glib is earlier than 0:0.8-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211756011",
|
|
"Comment": "libavahi-gobject is earlier than 0:0.8-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211756012",
|
|
"Comment": "libavahi-libevent is earlier than 0:0.8-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211756013",
|
|
"Comment": "libavahi-qt5 is earlier than 0:0.8-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211756014",
|
|
"Comment": "libavahi-ui is earlier than 0:0.8-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211756015",
|
|
"Comment": "python3-module-avahi is earlier than 0:0.8-alt2"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |