pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2020-1424/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

192 lines
8.2 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20201424",
"Version": "oval:org.altlinux.errata:def:20201424",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-1424: package `kernel-image-mp` update to version 5.5.8-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-1424",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-1424",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-01075",
"RefURL": "https://bdu.fstec.ru/vul/2020-01075",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01076",
"RefURL": "https://bdu.fstec.ru/vul/2020-01076",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02707",
"RefURL": "https://bdu.fstec.ru/vul/2020-02707",
"Source": "BDU"
},
{
"RefID": "BDU:2022-04742",
"RefURL": "https://bdu.fstec.ru/vul/2022-04742",
"Source": "BDU"
},
{
"RefID": "CVE-2020-10942",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-10942",
"Source": "CVE"
},
{
"RefID": "CVE-2020-36558",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-36558",
"Source": "CVE"
},
{
"RefID": "CVE-2020-9383",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-9383",
"Source": "CVE"
},
{
"RefID": "CVE-2020-9391",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-9391",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-mp to version 5.5.8-alt1. \nSecurity Fix(es):\n\n * BDU:2020-01075: Уязвимость функции rwsem_down_write_slowpath (kernel/locking/rwsem.c) ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании\n\n * BDU:2020-01076: Уязвимость архитектуры AArch64 ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02707: Уязвимость функции get_raw_socket (drivers/vhost/net.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-04742: Уязвимость реализации вызова VT_RESIZEX ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2020-10942: In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.\n\n * CVE-2020-36558: A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.\n\n * CVE-2020-9383: An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.\n\n * CVE-2020-9391: An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-03-06"
},
"Updated": {
"Date": "2020-03-06"
},
"BDUs": [
{
"ID": "BDU:2020-01075",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2020-01075",
"Impact": "High",
"Public": "20200224"
},
{
"ID": "BDU:2020-01076",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-119, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-01076",
"Impact": "Low",
"Public": "20200220"
},
{
"ID": "BDU:2020-02707",
"CVSS": "AV:L/AC:H/Au:S/C:N/I:P/A:C",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"CWE": "CWE-119, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-02707",
"Impact": "Low",
"Public": "20200222"
},
{
"ID": "BDU:2022-04742",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-362, CWE-476",
"Href": "https://bdu.fstec.ru/vul/2022-04742",
"Impact": "Low",
"Public": "20200212"
}
],
"CVEs": [
{
"ID": "CVE-2020-10942",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:P/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-10942",
"Impact": "Low",
"Public": "20200324"
},
{
"ID": "CVE-2020-36558",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-36558",
"Impact": "Low",
"Public": "20220721"
},
{
"ID": "CVE-2020-9383",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-9383",
"Impact": "High",
"Public": "20200225"
},
{
"ID": "CVE-2020-9391",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-9391",
"Impact": "Low",
"Public": "20200225"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20201424001",
"Comment": "kernel-headers-modules-mp is earlier than 0:5.5.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201424002",
"Comment": "kernel-headers-mp is earlier than 0:5.5.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201424003",
"Comment": "kernel-image-mp is earlier than 0:5.5.8-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink