168 lines
7.1 KiB
JSON
168 lines
7.1 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20221462",
|
||
"Version": "oval:org.altlinux.errata:def:20221462",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2022-1462: package `kernel-image-rt` update to version 5.10.104-alt1.rt63",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch c10f1"
|
||
],
|
||
"Products": [
|
||
"ALT SP Workstation",
|
||
"ALT SP Server"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2022-1462",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-1462",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2022-01166",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2022-01166",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2022-02968",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2022-02968",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2022-05848",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2022-05848",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2022-0847",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-0847",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2022-29156",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-29156",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2022-2964",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2964",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades kernel-image-rt to version 5.10.104-alt1.rt63. \nSecurity Fix(es):\n\n * BDU:2022-01166: Уязвимость функций copy_page_to_iter_pipe и push_pipe ядра операционной системы Linux, позволяющая нарушителю перезаписать содержимое страничного кэша произвольных файлов\n\n * BDU:2022-02968: Уязвимость функции rtrs_clt_dev_release (drivers/infiniband/ulp/rtrs/rtrs-clt.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05848: Уязвимость драйвера ядра операционной системы Linux для устройств USB 2.0/3.0 Gigabit Ethernet на базе ASIX AX88179_178A, позволяющая нарушителю получить потенциально конфиденциальную информацию\n\n * CVE-2022-0847: A flaw was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.\n\n * CVE-2022-29156: drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.\n\n * CVE-2022-2964: A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "High",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2022-03-11"
|
||
},
|
||
"Updated": {
|
||
"Date": "2022-03-11"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2022-01166",
|
||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-281, CWE-665",
|
||
"Href": "https://bdu.fstec.ru/vul/2022-01166",
|
||
"Impact": "High",
|
||
"Public": "20220307"
|
||
},
|
||
{
|
||
"ID": "BDU:2022-02968",
|
||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-415",
|
||
"Href": "https://bdu.fstec.ru/vul/2022-02968",
|
||
"Impact": "High",
|
||
"Public": "20220218"
|
||
},
|
||
{
|
||
"ID": "BDU:2022-05848",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-787",
|
||
"Href": "https://bdu.fstec.ru/vul/2022-05848",
|
||
"Impact": "High",
|
||
"Public": "20220909"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2022-0847",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-665",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-0847",
|
||
"Impact": "High",
|
||
"Public": "20220310"
|
||
},
|
||
{
|
||
"ID": "CVE-2022-29156",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-415",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-29156",
|
||
"Impact": "High",
|
||
"Public": "20220413"
|
||
},
|
||
{
|
||
"ID": "CVE-2022-2964",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-119",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2964",
|
||
"Impact": "High",
|
||
"Public": "20220909"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:spworkstation:10",
|
||
"cpe:/o:alt:spserver:10"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20221462001",
|
||
"Comment": "kernel-headers-modules-rt is earlier than 0:5.10.104-alt1.rt63"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20221462002",
|
||
"Comment": "kernel-headers-rt is earlier than 0:5.10.104-alt1.rt63"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20221462003",
|
||
"Comment": "kernel-image-rt is earlier than 0:5.10.104-alt1.rt63"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20221462004",
|
||
"Comment": "kernel-image-rt-checkinstall is earlier than 0:5.10.104-alt1.rt63"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |