pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
307fb8e080
vuln-list-alt/oval/c10f1/ALT-PU-2019-2655/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

375 lines
18 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20192655",
"Version": "oval:org.altlinux.errata:def:20192655",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-2655: package `kernel-image-mp` update to version 5.2.12-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-2655",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-2655",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-03220",
"RefURL": "https://bdu.fstec.ru/vul/2019-03220",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00236",
"RefURL": "https://bdu.fstec.ru/vul/2020-00236",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00286",
"RefURL": "https://bdu.fstec.ru/vul/2020-00286",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00289",
"RefURL": "https://bdu.fstec.ru/vul/2020-00289",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00291",
"RefURL": "https://bdu.fstec.ru/vul/2020-00291",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00295",
"RefURL": "https://bdu.fstec.ru/vul/2020-00295",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00297",
"RefURL": "https://bdu.fstec.ru/vul/2020-00297",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00298",
"RefURL": "https://bdu.fstec.ru/vul/2020-00298",
"Source": "BDU"
},
{
"RefID": "BDU:2021-06411",
"RefURL": "https://bdu.fstec.ru/vul/2021-06411",
"Source": "BDU"
},
{
"RefID": "CVE-2019-15098",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15098",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15117",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15117",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15118",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15118",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15291",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15291",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15538",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15538",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15902",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15902",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19527",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19527",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19530",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19530",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19531",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19531",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19535",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19535",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19536",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19536",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19537",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19537",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-mp to version 5.2.12-alt1. \nSecurity Fix(es):\n\n * BDU:2019-03220: Уязвимость драйвера drivers/net/wireless/ath/ath6kl/usb.c ядра операционных систем Linux, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00236: Уязвимость подсистемы ptrace ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2020-00286: Уязвимость драйвера drivers/usb/class/cdc-acm.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00289: Уязвимость драйвера drivers/usb/core/file.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00291: Уязвимость драйвера drivers/net/can/usb/peak_usb/pcan_usb_fd.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2020-00295: Уязвимость драйвера drivers/hid/usbhid/hiddev.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00297: Уязвимость драйвера drivers/usb/misc/yurex.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии\n\n * BDU:2020-00298: Уязвимость драйвера drivers/net/can/usb/peak_usb/pcan_usb_pro.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2021-06411: Уязвимость компонента sound/usb/mixer.c ядра операционной системы Linux, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании\n\n * CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.\n\n * CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.\n\n * CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.\n\n * CVE-2019-15291: An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.\n\n * CVE-2019-15538: An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.\n\n * CVE-2019-15902: A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream \"x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()\" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.\n\n * CVE-2019-19527: In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.\n\n * CVE-2019-19530: In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.\n\n * CVE-2019-19531: In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca.\n\n * CVE-2019-19535: In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.\n\n * CVE-2019-19536: In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.\n\n * CVE-2019-19537: In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-09-06"
},
"Updated": {
"Date": "2019-09-06"
},
"BDUs": [
{
"ID": "BDU:2019-03220",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2019-03220",
"Impact": "Low",
"Public": "20190814"
},
{
"ID": "BDU:2020-00236",
"CVSS": "AV:L/AC:H/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2020-00236",
"Impact": "Low",
"Public": "20190904"
},
{
"ID": "BDU:2020-00286",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00286",
"Impact": "Low",
"Public": "20190815"
},
{
"ID": "BDU:2020-00289",
"CVSS": "AV:L/AC:H/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-362",
"Href": "https://bdu.fstec.ru/vul/2020-00289",
"Impact": "Low",
"Public": "20190812"
},
{
"ID": "BDU:2020-00291",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-908, CWE-909",
"Href": "https://bdu.fstec.ru/vul/2020-00291",
"Impact": "Low",
"Public": "20190802"
},
{
"ID": "BDU:2020-00295",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00295",
"Impact": "Low",
"Public": "20190806"
},
{
"ID": "BDU:2020-00297",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00297",
"Impact": "Low",
"Public": "20190805"
},
{
"ID": "BDU:2020-00298",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-909",
"Href": "https://bdu.fstec.ru/vul/2020-00298",
"Impact": "Low",
"Public": "20190802"
},
{
"ID": "BDU:2021-06411",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2021-06411",
"Impact": "High",
"Public": "20190814"
}
],
"CVEs": [
{
"ID": "CVE-2019-15098",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15098",
"Impact": "Low",
"Public": "20190816"
},
{
"ID": "CVE-2019-15117",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15117",
"Impact": "High",
"Public": "20190816"
},
{
"ID": "CVE-2019-15118",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15118",
"Impact": "Low",
"Public": "20190816"
},
{
"ID": "CVE-2019-15291",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15291",
"Impact": "Low",
"Public": "20190820"
},
{
"ID": "CVE-2019-15538",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15538",
"Impact": "High",
"Public": "20190825"
},
{
"ID": "CVE-2019-15902",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15902",
"Impact": "Low",
"Public": "20190904"
},
{
"ID": "CVE-2019-19527",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19527",
"Impact": "Low",
"Public": "20191203"
},
{
"ID": "CVE-2019-19530",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19530",
"Impact": "Low",
"Public": "20191203"
},
{
"ID": "CVE-2019-19531",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19531",
"Impact": "Low",
"Public": "20191203"
},
{
"ID": "CVE-2019-19535",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-908",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19535",
"Impact": "Low",
"Public": "20191203"
},
{
"ID": "CVE-2019-19536",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-909",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19536",
"Impact": "Low",
"Public": "20191203"
},
{
"ID": "CVE-2019-19537",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19537",
"Impact": "Low",
"Public": "20191203"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20192655001",
"Comment": "kernel-headers-modules-mp is earlier than 0:5.2.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192655002",
"Comment": "kernel-headers-mp is earlier than 0:5.2.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192655003",
"Comment": "kernel-image-mp is earlier than 0:5.2.12-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink