100 lines
3.5 KiB
JSON
100 lines
3.5 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20203247",
|
|
"Version": "oval:org.altlinux.errata:def:20203247",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2020-3247: package `firecracker` update to version 0.23.0-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c10f1"
|
|
],
|
|
"Products": [
|
|
"ALT SP Workstation",
|
|
"ALT SP Server"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2020-3247",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-3247",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2020-16843",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-16843",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2020-27174",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-27174",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades firecracker to version 0.23.0-alt1. \nSecurity Fix(es):\n\n * CVE-2020-16843: In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on which the issue is triggered.\n\n * CVE-2020-27174: In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2020-11-10"
|
|
},
|
|
"Updated": {
|
|
"Date": "2020-11-10"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2020-16843",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "NVD-CWE-noinfo",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-16843",
|
|
"Impact": "Low",
|
|
"Public": "20200804"
|
|
},
|
|
{
|
|
"ID": "CVE-2020-27174",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "CWE-401",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-27174",
|
|
"Impact": "High",
|
|
"Public": "20201016"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:10",
|
|
"cpe:/o:alt:spserver:10"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203247001",
|
|
"Comment": "firecracker is earlier than 0:0.23.0-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |