168 lines
6.5 KiB
JSON
168 lines
6.5 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20182713",
|
|
"Version": "oval:org.altlinux.errata:def:20182713",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2018-2713: package `openslp` update to version 2.0.0-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p10"
|
|
],
|
|
"Products": [
|
|
"ALT Server",
|
|
"ALT Virtualization Server",
|
|
"ALT Workstation",
|
|
"ALT Workstation K",
|
|
"ALT Education",
|
|
"Simply Linux",
|
|
"Starterkit",
|
|
"ALT Container"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2018-2713",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-2713",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-09474",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-09474",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2005-0769",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2005-0769",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2010-3609",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2010-3609",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2012-4428",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2012-4428",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2015-5177",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-5177",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades openslp to version 2.0.0-alt1. \nSecurity Fix(es):\n\n * BDU:2015-09474: Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2005-0769: Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attackers to have an unknown impact via malformed SLP packets.\n\n * CVE-2010-3609: The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a \"next extension offset\" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.\n\n * CVE-2012-4428: openslp: SLPIntersectStringList()' Function has a DoS vulnerability\n\n * CVE-2015-5177: Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2018-11-28"
|
|
},
|
|
"Updated": {
|
|
"Date": "2018-11-28"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2015-09474",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-09474",
|
|
"Impact": "High",
|
|
"Public": "20050320"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2005-0769",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"CWE": "NVD-CWE-Other",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2005-0769",
|
|
"Impact": "High",
|
|
"Public": "20050502"
|
|
},
|
|
{
|
|
"ID": "CVE-2010-3609",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
|
"CWE": "NVD-CWE-noinfo",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2010-3609",
|
|
"Impact": "Low",
|
|
"Public": "20110311"
|
|
},
|
|
{
|
|
"ID": "CVE-2012-4428",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "CWE-125",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2012-4428",
|
|
"Impact": "High",
|
|
"Public": "20191202"
|
|
},
|
|
{
|
|
"ID": "CVE-2015-5177",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "CWE-415",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-5177",
|
|
"Impact": "High",
|
|
"Public": "20171022"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:kworkstation:10",
|
|
"cpe:/o:alt:workstation:10",
|
|
"cpe:/o:alt:server:10",
|
|
"cpe:/o:alt:server-v:10",
|
|
"cpe:/o:alt:education:10",
|
|
"cpe:/o:alt:slinux:10",
|
|
"cpe:/o:alt:starterkit:10",
|
|
"cpe:/o:alt:starterkit:p10",
|
|
"cpe:/o:alt:container:10"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:2001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20182713001",
|
|
"Comment": "libopenslp is earlier than 0:2.0.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20182713002",
|
|
"Comment": "libopenslp-devel is earlier than 0:2.0.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20182713003",
|
|
"Comment": "openslp is earlier than 0:2.0.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20182713004",
|
|
"Comment": "openslp-daemon is earlier than 0:2.0.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20182713005",
|
|
"Comment": "openslp-doc is earlier than 0:2.0.0-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |