vuln-list-alt/oval/p10/ALT-PU-2021-2260/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20212260",
      "Version": "oval:org.altlinux.errata:def:20212260",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2021-2260: package `rust` update to version 1.53.0-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p10"
            ],
            "Products": [
              "ALT Server",
              "ALT Virtualization Server",
              "ALT Workstation",
              "ALT Workstation K",
              "ALT Education",
              "Simply Linux",
              "Starterkit"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2021-2260",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2021-2260",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2022-01689",
            "RefURL": "https://bdu.fstec.ru/vul/2022-01689",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2021-29922",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-29922",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades rust to version 1.53.0-alt1. \nSecurity Fix(es):\n\n * BDU:2022-01689: Уязвимость компонента library/std/src/net/parser.rs языка программирования Rust, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании\n\n * CVE-2021-29922: library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Critical",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2021-07-16"
          },
          "Updated": {
            "Date": "2021-07-16"
          },
          "BDUs": [
            {
              "ID": "BDU:2022-01689",
              "CVSS": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
              "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
              "CWE": "CWE-284",
              "Href": "https://bdu.fstec.ru/vul/2022-01689",
              "Impact": "Critical",
              "Public": "20210329"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2021-29922",
              "CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
              "CWE": "NVD-CWE-noinfo",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-29922",
              "Impact": "Critical",
              "Public": "20210807"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:kworkstation:10",
              "cpe:/o:alt:workstation:10",
              "cpe:/o:alt:server:10",
              "cpe:/o:alt:server-v:10",
              "cpe:/o:alt:education:10",
              "cpe:/o:alt:slinux:10",
              "cpe:/o:alt:starterkit:p10",
              "cpe:/o:alt:kworkstation:10.1",
              "cpe:/o:alt:workstation:10.1",
              "cpe:/o:alt:server:10.1",
              "cpe:/o:alt:server-v:10.1",
              "cpe:/o:alt:education:10.1",
              "cpe:/o:alt:slinux:10.1",
              "cpe:/o:alt:starterkit:10.1",
              "cpe:/o:alt:kworkstation:10.2",
              "cpe:/o:alt:workstation:10.2",
              "cpe:/o:alt:server:10.2",
              "cpe:/o:alt:server-v:10.2",
              "cpe:/o:alt:education:10.2",
              "cpe:/o:alt:slinux:10.2",
              "cpe:/o:alt:starterkit:10.2"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:2001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20212260001",
                "Comment": "clippy is earlier than 1:1.53.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20212260002",
                "Comment": "rls is earlier than 1:1.53.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20212260003",
                "Comment": "rust is earlier than 1:1.53.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20212260004",
                "Comment": "rust-analysis is earlier than 1:1.53.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20212260005",
                "Comment": "rust-cargo is earlier than 1:1.53.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20212260006",
                "Comment": "rust-cargo-doc is earlier than 1:1.53.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20212260007",
                "Comment": "rust-doc is earlier than 1:1.53.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20212260008",
                "Comment": "rust-gdb is earlier than 1:1.53.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20212260009",
                "Comment": "rust-src is earlier than 1:1.53.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20212260010",
                "Comment": "rustfmt is earlier than 1:1.53.0-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}