pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2020-3360/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

145 lines
5.4 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20203360",
"Version": "oval:org.altlinux.errata:def:20203360",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-3360: package `ruby` update to version 2.7.2-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-3360",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-3360",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-01472",
"RefURL": "https://bdu.fstec.ru/vul/2021-01472",
"Source": "BDU"
},
{
"RefID": "CVE-2020-25613",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25613",
"Source": "CVE"
}
],
"Description": "This update upgrades ruby to version 2.7.2-alt1. \nSecurity Fix(es):\n\n * BDU:2021-01472: Уязвимость библиотеки WEBrick языка программирования Ruby, связанная с некорректной проверкой значения заголовка, позволяющая нарушителю оказать воздействие на целостность данных\n\n * CVE-2020-25613: An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-11-19"
},
"Updated": {
"Date": "2020-11-19"
},
"BDUs": [
{
"ID": "BDU:2021-01472",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-444",
"Href": "https://bdu.fstec.ru/vul/2021-01472",
"Impact": "High",
"Public": "20201014"
}
],
"CVEs": [
{
"ID": "CVE-2020-25613",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-444",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25613",
"Impact": "High",
"Public": "20201006"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20203360001",
"Comment": "erb is earlier than 0:2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203360002",
"Comment": "gem is earlier than 2:3.1.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203360003",
"Comment": "irb is earlier than 0:2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203360004",
"Comment": "libruby is earlier than 0:2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203360005",
"Comment": "libruby-devel is earlier than 0:2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203360006",
"Comment": "libruby-devel-static is earlier than 0:2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203360007",
"Comment": "ri-doc is earlier than 0:2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203360008",
"Comment": "ruby is earlier than 0:2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203360009",
"Comment": "ruby-doc is earlier than 0:2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203360010",
"Comment": "ruby-miniruby-src is earlier than 0:2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203360011",
"Comment": "ruby-mspec is earlier than 0:2.7.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203360012",
"Comment": "ruby-stdlibs is earlier than 0:2.7.2-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink