324 lines
16 KiB
JSON
324 lines
16 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20142297",
|
||
"Version": "oval:org.altlinux.errata:def:20142297",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2014-2297: package `kernel-image-un-def` update to version 3.17.1-alt1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch c10f1"
|
||
],
|
||
"Products": [
|
||
"ALT SP Workstation",
|
||
"ALT SP Server"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2014-2297",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-2297",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2017-01159",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2017-01159",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2019-04676",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2019-04676",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2019-04677",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2019-04677",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-03057",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-03057",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2014-3180",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-3180",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2014-7970",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-7970",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2014-7975",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-7975",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2014-8086",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-8086",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2014-9904",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-9904",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2015-3288",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-3288",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2015-9004",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-9004",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-3139",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-3139",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2019-14821",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14821",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2019-14835",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14835",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2020-10732",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-10732",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades kernel-image-un-def to version 3.17.1-alt1. \nSecurity Fix(es):\n\n * BDU:2017-01159: Уязвимость компонента kernel/events/core.c ядра операционной системы Android, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2019-04676: Уязвимость ядра Linux, связанная с переполнения буфера виртуальной памяти, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность\n\n * BDU:2019-04677: Уязвимость функции Coalesced_MMIO ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность\n\n * BDU:2021-03057: Уязвимость функции fill_thread_core_info() ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию и вызвать отказ в обслуживании\n\n * CVE-2014-3180: In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable\n\n * CVE-2014-7970: The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call.\n\n * CVE-2014-7975: The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call.\n\n * CVE-2014-8086: Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.\n\n * CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.\n\n * CVE-2015-3288: mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero.\n\n * CVE-2015-9004: kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.\n\n * CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.\n\n * CVE-2019-14821: An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring-\u003efirst' and 'ring-\u003elast' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.\n\n * CVE-2019-14835: A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.\n\n * CVE-2020-10732: A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "Critical",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2014-10-23"
|
||
},
|
||
"Updated": {
|
||
"Date": "2014-10-23"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2017-01159",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-264",
|
||
"Href": "https://bdu.fstec.ru/vul/2017-01159",
|
||
"Impact": "Critical",
|
||
"Public": "20170503"
|
||
},
|
||
{
|
||
"ID": "BDU:2019-04676",
|
||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-120",
|
||
"Href": "https://bdu.fstec.ru/vul/2019-04676",
|
||
"Impact": "High",
|
||
"Public": "20190911"
|
||
},
|
||
{
|
||
"ID": "BDU:2019-04677",
|
||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
||
"CWE": "CWE-787",
|
||
"Href": "https://bdu.fstec.ru/vul/2019-04677",
|
||
"Impact": "High",
|
||
"Public": "20190918"
|
||
},
|
||
{
|
||
"ID": "BDU:2021-03057",
|
||
"CVSS": "AV:L/AC:L/Au:S/C:P/I:N/A:P",
|
||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
||
"CWE": "CWE-200, CWE-908",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-03057",
|
||
"Impact": "Low",
|
||
"Public": "20200528"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2014-3180",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
|
||
"CWE": "CWE-125",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-3180",
|
||
"Impact": "Critical",
|
||
"Public": "20191106"
|
||
},
|
||
{
|
||
"ID": "CVE-2014-7970",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-400",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-7970",
|
||
"Impact": "Low",
|
||
"Public": "20141013"
|
||
},
|
||
{
|
||
"ID": "CVE-2014-7975",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "NVD-CWE-noinfo",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-7975",
|
||
"Impact": "Low",
|
||
"Public": "20141013"
|
||
},
|
||
{
|
||
"ID": "CVE-2014-8086",
|
||
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-362",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-8086",
|
||
"Impact": "Low",
|
||
"Public": "20141013"
|
||
},
|
||
{
|
||
"ID": "CVE-2014-9904",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "NVD-CWE-Other",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-9904",
|
||
"Impact": "High",
|
||
"Public": "20160627"
|
||
},
|
||
{
|
||
"ID": "CVE-2015-3288",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-20",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-3288",
|
||
"Impact": "High",
|
||
"Public": "20161016"
|
||
},
|
||
{
|
||
"ID": "CVE-2015-9004",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-264",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-9004",
|
||
"Impact": "High",
|
||
"Public": "20170502"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-3139",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
|
||
"CVSS3": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "NVD-CWE-Other",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-3139",
|
||
"Impact": "Low",
|
||
"Public": "20160427"
|
||
},
|
||
{
|
||
"ID": "CVE-2019-14821",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14821",
|
||
"Impact": "High",
|
||
"Public": "20190919"
|
||
},
|
||
{
|
||
"ID": "CVE-2019-14835",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14835",
|
||
"Impact": "High",
|
||
"Public": "20190917"
|
||
},
|
||
{
|
||
"ID": "CVE-2020-10732",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-10732",
|
||
"Impact": "Low",
|
||
"Public": "20200612"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:spworkstation:10",
|
||
"cpe:/o:alt:spserver:10"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:5001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20142297001",
|
||
"Comment": "kernel-doc-un is earlier than 1:3.17.1-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20142297002",
|
||
"Comment": "kernel-headers-modules-un-def is earlier than 1:3.17.1-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20142297003",
|
||
"Comment": "kernel-headers-un-def is earlier than 1:3.17.1-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20142297004",
|
||
"Comment": "kernel-image-domU-un-def is earlier than 1:3.17.1-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20142297005",
|
||
"Comment": "kernel-image-un-def is earlier than 1:3.17.1-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20142297006",
|
||
"Comment": "kernel-modules-drm-nouveau-un-def is earlier than 1:3.17.1-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20142297007",
|
||
"Comment": "kernel-modules-drm-radeon-un-def is earlier than 1:3.17.1-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20142297008",
|
||
"Comment": "kernel-modules-drm-un-def is earlier than 1:3.17.1-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20142297009",
|
||
"Comment": "kernel-modules-ide-un-def is earlier than 1:3.17.1-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20142297010",
|
||
"Comment": "kernel-modules-kvm-un-def is earlier than 1:3.17.1-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20142297011",
|
||
"Comment": "kernel-modules-staging-un-def is earlier than 1:3.17.1-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20142297012",
|
||
"Comment": "kernel-modules-v4l-un-def is earlier than 1:3.17.1-alt1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |