vuln-list-alt/oval/p10/ALT-PU-2020-3215/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20203215",
      "Version": "oval:org.altlinux.errata:def:20203215",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2020-3215: package `samba` update to version 4.12.9-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p10"
            ],
            "Products": [
              "ALT Server",
              "ALT Virtualization Server",
              "ALT Workstation",
              "ALT Workstation K",
              "ALT Education",
              "Simply Linux",
              "Starterkit",
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2020-3215",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2020-3215",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2022-05695",
            "RefURL": "https://bdu.fstec.ru/vul/2022-05695",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2022-05767",
            "RefURL": "https://bdu.fstec.ru/vul/2022-05767",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2022-05769",
            "RefURL": "https://bdu.fstec.ru/vul/2022-05769",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2020-14318",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-14318",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2020-14323",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-14323",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2020-14383",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-14383",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades samba to version 4.12.9-alt1. \nSecurity Fix(es):\n\n * BDU:2022-05695: Уязвимость пакета программ сетевого взаимодействия Samba, связанная с непроверенным состоянием ошибки, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05767: Уязвимость пакета программ сетевого взаимодействия Samba, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05769: Уязвимость пакета программ сетевого взаимодействия Samba, связанная с некорректным присваиванием привилегий, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * CVE-2020-14318: A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.\n\n * CVE-2020-14323: A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.\n\n * CVE-2020-14383: A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2020-11-06"
          },
          "Updated": {
            "Date": "2020-11-06"
          },
          "BDUs": [
            {
              "ID": "BDU:2022-05695",
              "CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
              "CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-391",
              "Href": "https://bdu.fstec.ru/vul/2022-05695",
              "Impact": "Low",
              "Public": "20201029"
            },
            {
              "ID": "BDU:2022-05767",
              "CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
              "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-476",
              "Href": "https://bdu.fstec.ru/vul/2022-05767",
              "Impact": "Low",
              "Public": "20201029"
            },
            {
              "ID": "BDU:2022-05769",
              "CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
              "CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
              "CWE": "CWE-266",
              "Href": "https://bdu.fstec.ru/vul/2022-05769",
              "Impact": "Low",
              "Public": "20201029"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2020-14318",
              "CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-14318",
              "Impact": "Low",
              "Public": "20201203"
            },
            {
              "ID": "CVE-2020-14323",
              "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-476",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-14323",
              "Impact": "Low",
              "Public": "20201029"
            },
            {
              "ID": "CVE-2020-14383",
              "CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "NVD-CWE-Other",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-14383",
              "Impact": "Low",
              "Public": "20201202"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:kworkstation:10",
              "cpe:/o:alt:workstation:10",
              "cpe:/o:alt:server:10",
              "cpe:/o:alt:server-v:10",
              "cpe:/o:alt:education:10",
              "cpe:/o:alt:slinux:10",
              "cpe:/o:alt:starterkit:10",
              "cpe:/o:alt:starterkit:p10",
              "cpe:/o:alt:container:10"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:2001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215001",
                "Comment": "libldb-modules-dc is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215002",
                "Comment": "libnetapi is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215003",
                "Comment": "libnetapi-devel is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215004",
                "Comment": "libsmbclient is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215005",
                "Comment": "libsmbclient-devel is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215006",
                "Comment": "libwbclient is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215007",
                "Comment": "libwbclient-devel is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215008",
                "Comment": "python3-module-samba is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215009",
                "Comment": "python3-module-samba-devel is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215010",
                "Comment": "samba is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215011",
                "Comment": "samba-client is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215012",
                "Comment": "samba-common is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215013",
                "Comment": "samba-common-libs is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215014",
                "Comment": "samba-common-tools is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215015",
                "Comment": "samba-ctdb is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215016",
                "Comment": "samba-ctdb-tests is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215017",
                "Comment": "samba-dc is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215018",
                "Comment": "samba-dc-client is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215019",
                "Comment": "samba-dc-common is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215020",
                "Comment": "samba-dc-libs is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215021",
                "Comment": "samba-dc-mitkrb5 is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215022",
                "Comment": "samba-devel is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215023",
                "Comment": "samba-doc is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215024",
                "Comment": "samba-libs is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215025",
                "Comment": "samba-pidl is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215026",
                "Comment": "samba-test is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215027",
                "Comment": "samba-util-private-headers is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215028",
                "Comment": "samba-vfs-cephfs is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215029",
                "Comment": "samba-vfs-glusterfs is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215030",
                "Comment": "samba-winbind is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215031",
                "Comment": "samba-winbind-clients is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215032",
                "Comment": "samba-winbind-common is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215033",
                "Comment": "samba-winbind-krb5-localauth is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215034",
                "Comment": "samba-winbind-krb5-locator is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215035",
                "Comment": "task-samba-dc is earlier than 0:4.12.9-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20203215036",
                "Comment": "task-samba-dc-mitkrb5 is earlier than 0:4.12.9-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}