vuln-list-alt/oval/p9/ALT-PU-2017-1107/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20171107",
      "Version": "oval:org.altlinux.errata:def:20171107",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2017-1107: package `firejail` update to version 0.9.44.8-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p9"
            ],
            "Products": [
              "ALT Server",
              "ALT Virtualization Server",
              "ALT Workstation",
              "ALT Workstation K",
              "ALT Education",
              "Simply Linux",
              "Starterkit"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2017-1107",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2017-1107",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2017-5940",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5940",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades firejail to version 0.9.44.8-alt1. \nSecurity Fix(es):\n\n * CVE-2017-5940: Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2017-01-31"
          },
          "Updated": {
            "Date": "2017-01-31"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2017-5940",
              "CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
              "CWE": "CWE-269",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5940",
              "Impact": "High",
              "Public": "20170209"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:kworkstation:9",
              "cpe:/o:alt:workstation:9",
              "cpe:/o:alt:server:9",
              "cpe:/o:alt:server-v:9",
              "cpe:/o:alt:education:9",
              "cpe:/o:alt:slinux:9",
              "cpe:/o:alt:starterkit:p9",
              "cpe:/o:alt:kworkstation:9.1",
              "cpe:/o:alt:workstation:9.1",
              "cpe:/o:alt:server:9.1",
              "cpe:/o:alt:server-v:9.1",
              "cpe:/o:alt:education:9.1",
              "cpe:/o:alt:slinux:9.1",
              "cpe:/o:alt:starterkit:9.1",
              "cpe:/o:alt:kworkstation:9.2",
              "cpe:/o:alt:workstation:9.2",
              "cpe:/o:alt:server:9.2",
              "cpe:/o:alt:server-v:9.2",
              "cpe:/o:alt:education:9.2",
              "cpe:/o:alt:slinux:9.2",
              "cpe:/o:alt:starterkit:9.2"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:1001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171107001",
                "Comment": "firejail is earlier than 0:0.9.44.8-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}