vuln-list-alt/oval/c9f2/ALT-PU-2017-1755/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20171755",
      "Version": "oval:org.altlinux.errata:def:20171755",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2017-1755: package `kernel-image-std-def` update to version 4.9.33-alt3",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c9f2"
            ],
            "Products": [
              "ALT SPWorkstation",
              "ALT SPServer"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2017-1755",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2017-1755",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2017-01479",
            "RefURL": "https://bdu.fstec.ru/vul/2017-01479",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2017-1000364",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000364",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades kernel-image-std-def to version 4.9.33-alt3. \nSecurity Fix(es):\n\n * BDU:2017-01479: Уязвимость в реализации механизма Stack Guard-Page ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be \"jumped\" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2017-06-19"
          },
          "Updated": {
            "Date": "2017-06-19"
          },
          "BDUs": [
            {
              "ID": "BDU:2017-01479",
              "CVSS": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
              "CVSS3": "AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-119",
              "Href": "https://bdu.fstec.ru/vul/2017-01479",
              "Impact": "High",
              "Public": "20170618"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2017-1000364",
              "CVSS": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
              "CVSS3": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-119",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000364",
              "Impact": "High",
              "Public": "20170619"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:8.4",
              "cpe:/o:alt:spserver:8.4"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:4001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171755001",
                "Comment": "kernel-doc-std is earlier than 1:4.9.33-alt3"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171755002",
                "Comment": "kernel-headers-modules-std-def is earlier than 1:4.9.33-alt3"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171755003",
                "Comment": "kernel-headers-std-def is earlier than 1:4.9.33-alt3"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171755004",
                "Comment": "kernel-image-domU-std-def is earlier than 1:4.9.33-alt3"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171755005",
                "Comment": "kernel-image-std-def is earlier than 1:4.9.33-alt3"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171755006",
                "Comment": "kernel-modules-drm-nouveau-std-def is earlier than 1:4.9.33-alt3"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171755007",
                "Comment": "kernel-modules-drm-radeon-std-def is earlier than 1:4.9.33-alt3"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171755008",
                "Comment": "kernel-modules-drm-std-def is earlier than 1:4.9.33-alt3"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171755009",
                "Comment": "kernel-modules-ide-std-def is earlier than 1:4.9.33-alt3"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171755010",
                "Comment": "kernel-modules-kvm-std-def is earlier than 1:4.9.33-alt3"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171755011",
                "Comment": "kernel-modules-staging-std-def is earlier than 1:4.9.33-alt3"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171755012",
                "Comment": "kernel-modules-v4l-std-def is earlier than 1:4.9.33-alt3"
              }
            ]
          }
        ]
      }
    }
  ]
}