pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2022-2350/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

331 lines
14 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20222350",
"Version": "oval:org.altlinux.errata:def:20222350",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-2350: package `ceph` update to version 16.2.10-alt1.p10",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-2350",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-2350",
"Source": "ALTPU"
},
{
"RefID": "CVE-2020-25678",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25678",
"Source": "CVE"
},
{
"RefID": "CVE-2022-0670",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-0670",
"Source": "CVE"
}
],
"Description": "This update upgrades ceph to version 16.2.10-alt1.p10. \nSecurity Fix(es):\n\n * CVE-2020-25678: A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.\n\n * CVE-2022-0670: A flaw was found in Openstack manilla owning a Ceph File system \"share\", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the \"volumes\" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-08-05"
},
"Updated": {
"Date": "2022-08-05"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2020-25678",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-312",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25678",
"Impact": "Low",
"Public": "20210108"
},
{
"ID": "CVE-2022-0670",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-0670",
"Impact": "Critical",
"Public": "20220725"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20222350001",
"Comment": "ceph is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350002",
"Comment": "ceph-base is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350003",
"Comment": "ceph-common is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350004",
"Comment": "ceph-devel is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350005",
"Comment": "ceph-fuse is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350006",
"Comment": "ceph-immutable-object-cache is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350007",
"Comment": "ceph-mds is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350008",
"Comment": "ceph-mgr is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350009",
"Comment": "ceph-mgr-cephadm is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350010",
"Comment": "ceph-mgr-dashboard is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350011",
"Comment": "ceph-mgr-diskprediction-local is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350012",
"Comment": "ceph-mgr-influx is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350013",
"Comment": "ceph-mgr-insights is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350014",
"Comment": "ceph-mgr-k8sevents is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350015",
"Comment": "ceph-mgr-modules-core is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350016",
"Comment": "ceph-mgr-prometheus is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350017",
"Comment": "ceph-mgr-restful is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350018",
"Comment": "ceph-mgr-rook is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350019",
"Comment": "ceph-mgr-telegraf is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350020",
"Comment": "ceph-mgr-zabbix is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350021",
"Comment": "ceph-mon is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350022",
"Comment": "ceph-osd is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350023",
"Comment": "ceph-prometheus-alerts is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350024",
"Comment": "ceph-radosgw is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350025",
"Comment": "ceph-resource-agents is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350026",
"Comment": "cephadm is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350027",
"Comment": "cephfs-mirror is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350028",
"Comment": "cephfs-shell is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350029",
"Comment": "cephfs-top is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350030",
"Comment": "grafana-dashboards-ceph is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350031",
"Comment": "libcephfs-devel is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350032",
"Comment": "libcephfs2 is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350033",
"Comment": "libcephsqlite is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350034",
"Comment": "libcephsqlite-devel is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350035",
"Comment": "librados-devel is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350036",
"Comment": "librados2 is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350037",
"Comment": "libradosstriper-devel is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350038",
"Comment": "libradosstriper1 is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350039",
"Comment": "librbd-devel is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350040",
"Comment": "librbd1 is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350041",
"Comment": "librgw-devel is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350042",
"Comment": "librgw2 is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350043",
"Comment": "python3-module-ceph is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350044",
"Comment": "python3-module-ceph-argparse is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350045",
"Comment": "python3-module-ceph-common is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350046",
"Comment": "python3-module-ceph_volume is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350047",
"Comment": "python3-module-cephfs is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350048",
"Comment": "python3-module-rados is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350049",
"Comment": "python3-module-rbd is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350050",
"Comment": "python3-module-rgw is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350051",
"Comment": "rbd-fuse is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350052",
"Comment": "rbd-mirror is earlier than 0:16.2.10-alt1.p10"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222350053",
"Comment": "rbd-nbd is earlier than 0:16.2.10-alt1.p10"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink