136 lines
4.8 KiB
JSON
136 lines
4.8 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20161755",
|
|
"Version": "oval:org.altlinux.errata:def:20161755",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2016-1755: package `node` update to version 4.4.7-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p10"
|
|
],
|
|
"Products": [
|
|
"ALT Server",
|
|
"ALT Virtualization Server",
|
|
"ALT Workstation",
|
|
"ALT Workstation K",
|
|
"ALT Education",
|
|
"Simply Linux",
|
|
"Starterkit"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2016-1755",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2016-1755",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2016-01428",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2016-01428",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2016-1669",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-1669",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades node to version 4.4.7-alt1. \nSecurity Fix(es):\n\n * BDU:2016-01428: Уязвимость браузерного движка V8 и браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие\n\n * CVE-2016-1669: The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Critical",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2016-07-14"
|
|
},
|
|
"Updated": {
|
|
"Date": "2016-07-14"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2016-01428",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://bdu.fstec.ru/vul/2016-01428",
|
|
"Impact": "Critical",
|
|
"Public": "20160515"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2016-1669",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-1669",
|
|
"Impact": "High",
|
|
"Public": "20160514"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:kworkstation:10",
|
|
"cpe:/o:alt:workstation:10",
|
|
"cpe:/o:alt:server:10",
|
|
"cpe:/o:alt:server-v:10",
|
|
"cpe:/o:alt:education:10",
|
|
"cpe:/o:alt:slinux:10",
|
|
"cpe:/o:alt:starterkit:p10",
|
|
"cpe:/o:alt:kworkstation:10.1",
|
|
"cpe:/o:alt:workstation:10.1",
|
|
"cpe:/o:alt:server:10.1",
|
|
"cpe:/o:alt:server-v:10.1",
|
|
"cpe:/o:alt:education:10.1",
|
|
"cpe:/o:alt:slinux:10.1",
|
|
"cpe:/o:alt:starterkit:10.1",
|
|
"cpe:/o:alt:kworkstation:10.2",
|
|
"cpe:/o:alt:workstation:10.2",
|
|
"cpe:/o:alt:server:10.2",
|
|
"cpe:/o:alt:server-v:10.2",
|
|
"cpe:/o:alt:education:10.2",
|
|
"cpe:/o:alt:slinux:10.2",
|
|
"cpe:/o:alt:starterkit:10.2"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:2001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20161755001",
|
|
"Comment": "node is earlier than 0:4.4.7-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20161755002",
|
|
"Comment": "node-devel is earlier than 0:4.4.7-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20161755003",
|
|
"Comment": "node-doc is earlier than 0:4.4.7-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20161755004",
|
|
"Comment": "npm is earlier than 0:2.15.8-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |