pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2dae4da41e
vuln-list-alt/oval/c10f1/ALT-PU-2013-1178/definitions.json
pepelyaevip 83c40c9d64 ALT Vulnerability
2024-07-06 03:04:52 +00:00

803 lines
42 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20131178",
"Version": "oval:org.altlinux.errata:def:20131178",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2013-1178: package `kernel-image-el-def` update to version 2.6.32-alt13",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2013-1178",
"RefURL": "https://errata.altlinux.org/ALT-PU-2013-1178",
"Source": "ALTPU"
},
{
"RefID": "BDU:2014-00071",
"RefURL": "https://bdu.fstec.ru/vul/2014-00071",
"Source": "BDU"
},
{
"RefID": "BDU:2014-00075",
"RefURL": "https://bdu.fstec.ru/vul/2014-00075",
"Source": "BDU"
},
{
"RefID": "BDU:2014-00078",
"RefURL": "https://bdu.fstec.ru/vul/2014-00078",
"Source": "BDU"
},
{
"RefID": "BDU:2014-00079",
"RefURL": "https://bdu.fstec.ru/vul/2014-00079",
"Source": "BDU"
},
{
"RefID": "BDU:2014-00080",
"RefURL": "https://bdu.fstec.ru/vul/2014-00080",
"Source": "BDU"
},
{
"RefID": "BDU:2014-00085",
"RefURL": "https://bdu.fstec.ru/vul/2014-00085",
"Source": "BDU"
},
{
"RefID": "BDU:2014-00087",
"RefURL": "https://bdu.fstec.ru/vul/2014-00087",
"Source": "BDU"
},
{
"RefID": "BDU:2014-00092",
"RefURL": "https://bdu.fstec.ru/vul/2014-00092",
"Source": "BDU"
},
{
"RefID": "BDU:2015-03064",
"RefURL": "https://bdu.fstec.ru/vul/2015-03064",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05303",
"RefURL": "https://bdu.fstec.ru/vul/2015-05303",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05304",
"RefURL": "https://bdu.fstec.ru/vul/2015-05304",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05305",
"RefURL": "https://bdu.fstec.ru/vul/2015-05305",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05306",
"RefURL": "https://bdu.fstec.ru/vul/2015-05306",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05307",
"RefURL": "https://bdu.fstec.ru/vul/2015-05307",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05308",
"RefURL": "https://bdu.fstec.ru/vul/2015-05308",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05309",
"RefURL": "https://bdu.fstec.ru/vul/2015-05309",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05310",
"RefURL": "https://bdu.fstec.ru/vul/2015-05310",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05311",
"RefURL": "https://bdu.fstec.ru/vul/2015-05311",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05312",
"RefURL": "https://bdu.fstec.ru/vul/2015-05312",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05313",
"RefURL": "https://bdu.fstec.ru/vul/2015-05313",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05314",
"RefURL": "https://bdu.fstec.ru/vul/2015-05314",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05315",
"RefURL": "https://bdu.fstec.ru/vul/2015-05315",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05542",
"RefURL": "https://bdu.fstec.ru/vul/2015-05542",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05543",
"RefURL": "https://bdu.fstec.ru/vul/2015-05543",
"Source": "BDU"
},
{
"RefID": "CVE-2012-6537",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2012-6537",
"Source": "CVE"
},
{
"RefID": "CVE-2012-6542",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2012-6542",
"Source": "CVE"
},
{
"RefID": "CVE-2012-6545",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2012-6545",
"Source": "CVE"
},
{
"RefID": "CVE-2012-6546",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2012-6546",
"Source": "CVE"
},
{
"RefID": "CVE-2012-6547",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2012-6547",
"Source": "CVE"
},
{
"RefID": "CVE-2013-0228",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-0228",
"Source": "CVE"
},
{
"RefID": "CVE-2013-0268",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-0268",
"Source": "CVE"
},
{
"RefID": "CVE-2013-0343",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-0343",
"Source": "CVE"
},
{
"RefID": "CVE-2013-0349",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-0349",
"Source": "CVE"
},
{
"RefID": "CVE-2013-0871",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-0871",
"Source": "CVE"
},
{
"RefID": "CVE-2013-0913",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-0913",
"Source": "CVE"
},
{
"RefID": "CVE-2013-1767",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1767",
"Source": "CVE"
},
{
"RefID": "CVE-2013-1773",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1773",
"Source": "CVE"
},
{
"RefID": "CVE-2013-1774",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1774",
"Source": "CVE"
},
{
"RefID": "CVE-2013-1792",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1792",
"Source": "CVE"
},
{
"RefID": "CVE-2013-1796",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1796",
"Source": "CVE"
},
{
"RefID": "CVE-2013-1797",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1797",
"Source": "CVE"
},
{
"RefID": "CVE-2013-1798",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1798",
"Source": "CVE"
},
{
"RefID": "CVE-2013-1826",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1826",
"Source": "CVE"
},
{
"RefID": "CVE-2013-1827",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1827",
"Source": "CVE"
},
{
"RefID": "CVE-2013-1928",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1928",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2164",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2164",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2234",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2234",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2851",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2851",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2888",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2888",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2889",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2889",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2892",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2892",
"Source": "CVE"
},
{
"RefID": "CVE-2013-3231",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-3231",
"Source": "CVE"
},
{
"RefID": "CVE-2013-4345",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-4345",
"Source": "CVE"
},
{
"RefID": "CVE-2013-4387",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-4387",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-el-def to version 2.6.32-alt13. \nSecurity Fix(es):\n\n * BDU:2014-00071: Уязвимость операционной системы Linux, позволяющая злоумышленнику получить доступ к конфиденциальной информации из памяти ядра\n\n * BDU:2014-00075: Уязвимость операционной системы Linux, позволяющая злоумышленнику получить доступ к конфиденциальной информации из стековой памяти ядра\n\n * BDU:2014-00078: Уязвимость операционной системы Linux, позволяющая злоумышленнику получить доступ к конфиденциальной информации из стековой памяти ядра\n\n * BDU:2014-00079: Уязвимость операционной системы Linux, позволяющая злоумышленнику получить доступ к конфиденциальной информации из стековой памяти ядра\n\n * BDU:2014-00080: Уязвимость операционной системы Linux, позволяющая злоумышленнику получить доступ к конфиденциальной информации из стековой памяти ядра\n\n * BDU:2014-00085: Уязвимость операционной системы Linux, позволяющая злоумышленнику осуществить доступ к защищаемой информации или вызвать отказ в обслуживании\n\n * BDU:2014-00087: Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать локальный отказ в обслуживании\n\n * BDU:2014-00092: Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании\n\n * BDU:2015-03064: Уязвимости операционной системы Debian GNU/Linux, позволяющие локальному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-05303: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05304: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05305: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05306: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05307: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05308: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05309: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05310: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05311: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05312: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05313: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05314: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05315: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05542: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-05543: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.\n\n * CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument.\n\n * CVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.\n\n * CVE-2012-6546: The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.\n\n * CVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.\n\n * CVE-2013-0228: The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly handle an invalid value in the DS segment register, which allows guest OS users to gain guest OS privileges via a crafted application.\n\n * CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.\n\n * CVE-2013-0343: The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages.\n\n * CVE-2013-0349: The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call.\n\n * CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.\n\n * CVE-2013-0913: Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition.\n\n * CVE-2013-1767: Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option.\n\n * CVE-2013-1773: Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.\n\n * CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter.\n\n * CVE-2013-1792: Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads.\n\n * CVE-2013-1796: The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application.\n\n * CVE-2013-1797: Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.\n\n * CVE-2013-1798: The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.\n\n * CVE-2013-1826: The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability.\n\n * CVE-2013-1827: net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call.\n\n * CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.\n\n * CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.\n\n * CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.\n\n * CVE-2013-2851: Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.\n\n * CVE-2013-2888: Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.\n\n * CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.\n\n * CVE-2013-2892: drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.\n\n * CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.\n\n * CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.\n\n * CVE-2013-4387: net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2013-11-24"
},
"Updated": {
"Date": "2013-11-24"
},
"BDUs": [
{
"ID": "BDU:2014-00071",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2014-00071",
"Impact": "Low",
"Public": "20130315"
},
{
"ID": "BDU:2014-00075",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2014-00075",
"Impact": "Low",
"Public": "20130315"
},
{
"ID": "BDU:2014-00078",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2014-00078",
"Impact": "Low",
"Public": "20130315"
},
{
"ID": "BDU:2014-00079",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2014-00079",
"Impact": "Low",
"Public": "20130315"
},
{
"ID": "BDU:2014-00080",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2014-00080",
"Impact": "Low",
"Public": "20130315"
},
{
"ID": "BDU:2014-00085",
"CVSS": "AV:A/AC:H/Au:N/C:P/I:N/A:P",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2014-00085",
"Impact": "Low",
"Public": "20130228"
},
{
"ID": "BDU:2014-00087",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2014-00087",
"Impact": "Low",
"Public": "20130916"
},
{
"ID": "BDU:2014-00092",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"CWE": "CWE-189",
"Href": "https://bdu.fstec.ru/vul/2014-00092",
"Impact": "Low",
"Public": "20131010"
},
{
"ID": "BDU:2015-03064",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2015-03064",
"Impact": "High",
"Public": "20130218"
},
{
"ID": "BDU:2015-05303",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-05303",
"Impact": "High",
"Public": "20110103"
},
{
"ID": "BDU:2015-05304",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-05304",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05305",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-05305",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05306",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-05306",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05307",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-05307",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05308",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-05308",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05309",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-05309",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05310",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-05310",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05311",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-05311",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05312",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-05312",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05313",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-05313",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05314",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-05314",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05315",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-05315",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05542",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-189",
"Href": "https://bdu.fstec.ru/vul/2015-05542",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05543",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-189",
"Href": "https://bdu.fstec.ru/vul/2015-05543",
"Impact": "High",
"Public": "19700101"
}
],
"CVEs": [
{
"ID": "CVE-2012-6537",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2012-6537",
"Impact": "Low",
"Public": "20130315"
},
{
"ID": "CVE-2012-6542",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2012-6542",
"Impact": "Low",
"Public": "20130315"
},
{
"ID": "CVE-2012-6545",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2012-6545",
"Impact": "Low",
"Public": "20130315"
},
{
"ID": "CVE-2012-6546",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2012-6546",
"Impact": "Low",
"Public": "20130315"
},
{
"ID": "CVE-2012-6547",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2012-6547",
"Impact": "Low",
"Public": "20130315"
},
{
"ID": "CVE-2013-0228",
"CVSS": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"CWE": "CWE-189",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-0228",
"Impact": "Low",
"Public": "20130301"
},
{
"ID": "CVE-2013-0268",
"CVSS": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-0268",
"Impact": "Low",
"Public": "20130218"
},
{
"ID": "CVE-2013-0343",
"CVSS": "AV:A/AC:H/Au:N/C:P/I:N/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-0343",
"Impact": "Low",
"Public": "20130228"
},
{
"ID": "CVE-2013-0349",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-0349",
"Impact": "Low",
"Public": "20130228"
},
{
"ID": "CVE-2013-0871",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-0871",
"Impact": "Low",
"Public": "20130218"
},
{
"ID": "CVE-2013-0913",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-189",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-0913",
"Impact": "High",
"Public": "20130318"
},
{
"ID": "CVE-2013-1767",
"CVSS": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-1767",
"Impact": "Low",
"Public": "20130228"
},
{
"ID": "CVE-2013-1773",
"CVSS": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-1773",
"Impact": "Low",
"Public": "20130228"
},
{
"ID": "CVE-2013-1774",
"CVSS": "AV:L/AC:H/Au:N/C:N/I:N/A:C",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-1774",
"Impact": "Low",
"Public": "20130228"
},
{
"ID": "CVE-2013-1792",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-1792",
"Impact": "Low",
"Public": "20130322"
},
{
"ID": "CVE-2013-1796",
"CVSS": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-1796",
"Impact": "Low",
"Public": "20130322"
},
{
"ID": "CVE-2013-1797",
"CVSS": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-1797",
"Impact": "Low",
"Public": "20130322"
},
{
"ID": "CVE-2013-1798",
"CVSS": "AV:A/AC:H/Au:N/C:C/I:N/A:C",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-1798",
"Impact": "Low",
"Public": "20130322"
},
{
"ID": "CVE-2013-1826",
"CVSS": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-1826",
"Impact": "Low",
"Public": "20130322"
},
{
"ID": "CVE-2013-1827",
"CVSS": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-1827",
"Impact": "Low",
"Public": "20130322"
},
{
"ID": "CVE-2013-1928",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-1928",
"Impact": "Low",
"Public": "20130429"
},
{
"ID": "CVE-2013-2164",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2164",
"Impact": "Low",
"Public": "20130704"
},
{
"ID": "CVE-2013-2234",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2234",
"Impact": "Low",
"Public": "20130704"
},
{
"ID": "CVE-2013-2851",
"CVSS": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"CWE": "CWE-134",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2851",
"Impact": "Low",
"Public": "20130607"
},
{
"ID": "CVE-2013-2888",
"CVSS": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2888",
"Impact": "Low",
"Public": "20130916"
},
{
"ID": "CVE-2013-2889",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2889",
"Impact": "Low",
"Public": "20130916"
},
{
"ID": "CVE-2013-2892",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2892",
"Impact": "Low",
"Public": "20130916"
},
{
"ID": "CVE-2013-3231",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-3231",
"Impact": "Low",
"Public": "20130422"
},
{
"ID": "CVE-2013-4345",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"CWE": "CWE-189",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-4345",
"Impact": "Low",
"Public": "20131010"
},
{
"ID": "CVE-2013-4387",
"CVSS": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-4387",
"Impact": "Low",
"Public": "20131010"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20131178001",
"Comment": "firmware-kernel-el-def is earlier than 0:2.6.32-alt13"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20131178002",
"Comment": "kernel-doc-el-def is earlier than 0:2.6.32-alt13"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20131178003",
"Comment": "kernel-docbook-el-def is earlier than 0:2.6.32-alt13"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20131178004",
"Comment": "kernel-headers-el-def is earlier than 0:2.6.32-alt13"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20131178005",
"Comment": "kernel-headers-modules-el-def is earlier than 0:2.6.32-alt13"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20131178006",
"Comment": "kernel-image-el-def is earlier than 0:2.6.32-alt13"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20131178007",
"Comment": "kernel-man-el-def is earlier than 0:2.6.32-alt13"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20131178008",
"Comment": "kernel-src-el-def is earlier than 0:2.6.32-alt13"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink