ALT Vulnerability

2024-11-28 15:05:45 +00:00 · 2024-11-28 15:05:45 +00:00 · 3edda6c083
commit 3edda6c083
parent 0188fa16d4
5 changed files with 20 additions and 20 deletions
--- a/oval/c10f1/ALT-PU-2024-11524/definitions.json
+++ b/oval/c10f1/ALT-PU-2024-11524/definitions.json
--- a/oval/p10/ALT-PU-2024-10465/definitions.json
+++ b/oval/p10/ALT-PU-2024-10465/definitions.json
@ -45,7 +45,7 @@
            "Source": "CVE"
          }
        ],
-        "Description": "This update upgrades kernel-image-std-def to version 5.10.223-alt1. \nSecurity Fix(es):\n\n * BDU:2024-05829: Уязвимость функции kfree_sensitive ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию\n\n * CVE-2024-41007: In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: avoid too many retransmit packets\n\nIf a TCP socket is using TCP_USER_TIMEOUT, and the other peer\nretracted its window to zero, tcp_retransmit_timer() can\nretransmit a packet every two jiffies (2 ms for HZ=1000),\nfor about 4 minutes after TCP_USER_TIMEOUT has 'expired'.\n\nThe fix is to make sure tcp_rtx_probe0_timed_out() takes\nicsk-\u003eicsk_user_timeout into account.\n\nBefore blamed commit, the socket would not timeout after\nicsk-\u003eicsk_user_timeout, but would use standard exponential\nbackoff for the retransmits.\n\nAlso worth noting that before commit e89688e3e978 (\"net: tcp:\nfix unexcepted socket die when snd_wnd is 0\"), the issue\nwould last 2 minutes instead of 4.\n\n * CVE-2024-42229: In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aead,cipher - zeroize key buffer after use\n\nI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding\ncryptographic information should be zeroized once they are no longer\nneeded. Accomplish this by using kfree_sensitive for buffers that\npreviously held the private key.",
+        "Description": "This update upgrades kernel-image-std-def to version 5.10.223-alt1. \nSecurity Fix(es):\n\n * BDU:2024-05829: Уязвимость функции kfree_sensitive ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2024-41007: In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: avoid too many retransmit packets\n\nIf a TCP socket is using TCP_USER_TIMEOUT, and the other peer\nretracted its window to zero, tcp_retransmit_timer() can\nretransmit a packet every two jiffies (2 ms for HZ=1000),\nfor about 4 minutes after TCP_USER_TIMEOUT has 'expired'.\n\nThe fix is to make sure tcp_rtx_probe0_timed_out() takes\nicsk-\u003eicsk_user_timeout into account.\n\nBefore blamed commit, the socket would not timeout after\nicsk-\u003eicsk_user_timeout, but would use standard exponential\nbackoff for the retransmits.\n\nAlso worth noting that before commit e89688e3e978 (\"net: tcp:\nfix unexcepted socket die when snd_wnd is 0\"), the issue\nwould last 2 minutes instead of 4.\n\n * CVE-2024-42229: In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aead,cipher - zeroize key buffer after use\n\nI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding\ncryptographic information should be zeroized once they are no longer\nneeded. Accomplish this by using kfree_sensitive for buffers that\npreviously held the private key.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
--- a/oval/p10/ALT-PU-2024-10668/definitions.json
+++ b/oval/p10/ALT-PU-2024-10668/definitions.json
@ -45,7 +45,7 @@
            "Source": "CVE"
          }
        ],
-        "Description": "This update upgrades kernel-image-rt to version 5.10.222-alt1.rt114. \nSecurity Fix(es):\n\n * BDU:2024-05829: Уязвимость функции kfree_sensitive ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию\n\n * CVE-2024-41007: In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: avoid too many retransmit packets\n\nIf a TCP socket is using TCP_USER_TIMEOUT, and the other peer\nretracted its window to zero, tcp_retransmit_timer() can\nretransmit a packet every two jiffies (2 ms for HZ=1000),\nfor about 4 minutes after TCP_USER_TIMEOUT has 'expired'.\n\nThe fix is to make sure tcp_rtx_probe0_timed_out() takes\nicsk-\u003eicsk_user_timeout into account.\n\nBefore blamed commit, the socket would not timeout after\nicsk-\u003eicsk_user_timeout, but would use standard exponential\nbackoff for the retransmits.\n\nAlso worth noting that before commit e89688e3e978 (\"net: tcp:\nfix unexcepted socket die when snd_wnd is 0\"), the issue\nwould last 2 minutes instead of 4.\n\n * CVE-2024-42229: In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aead,cipher - zeroize key buffer after use\n\nI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding\ncryptographic information should be zeroized once they are no longer\nneeded. Accomplish this by using kfree_sensitive for buffers that\npreviously held the private key.",
+        "Description": "This update upgrades kernel-image-rt to version 5.10.222-alt1.rt114. \nSecurity Fix(es):\n\n * BDU:2024-05829: Уязвимость функции kfree_sensitive ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2024-41007: In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: avoid too many retransmit packets\n\nIf a TCP socket is using TCP_USER_TIMEOUT, and the other peer\nretracted its window to zero, tcp_retransmit_timer() can\nretransmit a packet every two jiffies (2 ms for HZ=1000),\nfor about 4 minutes after TCP_USER_TIMEOUT has 'expired'.\n\nThe fix is to make sure tcp_rtx_probe0_timed_out() takes\nicsk-\u003eicsk_user_timeout into account.\n\nBefore blamed commit, the socket would not timeout after\nicsk-\u003eicsk_user_timeout, but would use standard exponential\nbackoff for the retransmits.\n\nAlso worth noting that before commit e89688e3e978 (\"net: tcp:\nfix unexcepted socket die when snd_wnd is 0\"), the issue\nwould last 2 minutes instead of 4.\n\n * CVE-2024-42229: In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aead,cipher - zeroize key buffer after use\n\nI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding\ncryptographic information should be zeroized once they are no longer\nneeded. Accomplish this by using kfree_sensitive for buffers that\npreviously held the private key.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
--- a/oval/p10/ALT-PU-2024-14046/definitions.json
+++ b/oval/p10/ALT-PU-2024-14046/definitions.json
--- a/oval/p9/ALT-PU-2024-12537/definitions.json
+++ b/oval/p9/ALT-PU-2024-12537/definitions.json