vuln-list-alt/oval/c10f1/ALT-PU-2017-2667/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20172667",
      "Version": "oval:org.altlinux.errata:def:20172667",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2017-2667: package `kernel-image-std-pae` update to version 4.4.99-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c10f1"
            ],
            "Products": [
              "ALT SP Workstation",
              "ALT SP Server"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2017-2667",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2017-2667",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2017-02266",
            "RefURL": "https://bdu.fstec.ru/vul/2017-02266",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2017-13080",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-13080",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades kernel-image-std-pae to version 4.4.99-alt1. \nSecurity Fix(es):\n\n * BDU:2017-02266: Уязвимость протокола WPA2, связанная с ошибками управления криптографическими ключами (group key) и позволяющая получить доступ к зашифрованной информации, передаваемой по беспроводной сети\n\n * CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2017-11-18"
          },
          "Updated": {
            "Date": "2017-11-18"
          },
          "BDUs": [
            {
              "ID": "BDU:2017-02266",
              "CVSS": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
              "CVSS3": "AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "CWE": "CWE-320",
              "Href": "https://bdu.fstec.ru/vul/2017-02266",
              "Impact": "High",
              "Public": "20170828"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2017-13080",
              "CVSS": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
              "CVSS3": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "CWE": "CWE-330",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-13080",
              "Impact": "Low",
              "Public": "20171017"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:10",
              "cpe:/o:alt:spserver:10"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:4001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20172667001",
                "Comment": "kernel-headers-modules-std-pae is earlier than 1:4.4.99-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20172667002",
                "Comment": "kernel-headers-std-pae is earlier than 1:4.4.99-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20172667003",
                "Comment": "kernel-image-domU-std-pae is earlier than 1:4.4.99-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20172667004",
                "Comment": "kernel-image-std-pae is earlier than 1:4.4.99-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20172667005",
                "Comment": "kernel-modules-drm-nouveau-std-pae is earlier than 1:4.4.99-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20172667006",
                "Comment": "kernel-modules-drm-radeon-std-pae is earlier than 1:4.4.99-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20172667007",
                "Comment": "kernel-modules-drm-std-pae is earlier than 1:4.4.99-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20172667008",
                "Comment": "kernel-modules-ide-std-pae is earlier than 1:4.4.99-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20172667009",
                "Comment": "kernel-modules-kvm-std-pae is earlier than 1:4.4.99-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20172667010",
                "Comment": "kernel-modules-staging-std-pae is earlier than 1:4.4.99-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20172667011",
                "Comment": "kernel-modules-v4l-std-pae is earlier than 1:4.4.99-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}