pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2019-2050/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

149 lines
6.2 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20192050",
"Version": "oval:org.altlinux.errata:def:20192050",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-2050: package `kernel-image-std-def` update to version 4.19.49-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-2050",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-2050",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-02044",
"RefURL": "https://bdu.fstec.ru/vul/2020-02044",
"Source": "BDU"
},
{
"RefID": "CVE-2019-9500",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9500",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-std-def to version 4.19.49-alt1. \nSecurity Fix(es):\n\n * BDU:2020-02044: Уязвимость функции brcmf_wowl_nd_results драйвер Broadcom brcmfmac WiFi ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность\n\n * CVE-2019-9500: The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-06-13"
},
"Updated": {
"Date": "2019-06-13"
},
"BDUs": [
{
"ID": "BDU:2020-02044",
"CVSS": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"CWE": "CWE-122, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-02044",
"Impact": "High",
"Public": "20190219"
}
],
"CVEs": [
{
"ID": "CVE-2019-9500",
"CVSS": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9500",
"Impact": "High",
"Public": "20200116"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20192050001",
"Comment": "kernel-doc-std is earlier than 1:4.19.49-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192050002",
"Comment": "kernel-headers-modules-std-def is earlier than 1:4.19.49-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192050003",
"Comment": "kernel-headers-std-def is earlier than 1:4.19.49-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192050004",
"Comment": "kernel-image-domU-std-def is earlier than 1:4.19.49-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192050005",
"Comment": "kernel-image-std-def is earlier than 1:4.19.49-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192050006",
"Comment": "kernel-modules-drm-ancient-std-def is earlier than 1:4.19.49-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192050007",
"Comment": "kernel-modules-drm-nouveau-std-def is earlier than 1:4.19.49-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192050008",
"Comment": "kernel-modules-drm-radeon-std-def is earlier than 1:4.19.49-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192050009",
"Comment": "kernel-modules-drm-std-def is earlier than 1:4.19.49-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192050010",
"Comment": "kernel-modules-ide-std-def is earlier than 1:4.19.49-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192050011",
"Comment": "kernel-modules-kvm-std-def is earlier than 1:4.19.49-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192050012",
"Comment": "kernel-modules-staging-std-def is earlier than 1:4.19.49-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192050013",
"Comment": "kernel-modules-v4l-std-def is earlier than 1:4.19.49-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink