pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2020-1122/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

245 lines
12 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20201122",
"Version": "oval:org.altlinux.errata:def:20201122",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-1122: package `kernel-image-mp` update to version 5.4.16-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-1122",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-1122",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-04798",
"RefURL": "https://bdu.fstec.ru/vul/2019-04798",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01796",
"RefURL": "https://bdu.fstec.ru/vul/2020-01796",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02140",
"RefURL": "https://bdu.fstec.ru/vul/2020-02140",
"Source": "BDU"
},
{
"RefID": "BDU:2020-03830",
"RefURL": "https://bdu.fstec.ru/vul/2020-03830",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05741",
"RefURL": "https://bdu.fstec.ru/vul/2021-05741",
"Source": "BDU"
},
{
"RefID": "CVE-2019-14896",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14896",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14897",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14897",
"Source": "CVE"
},
{
"RefID": "CVE-2020-12652",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-12652",
"Source": "CVE"
},
{
"RefID": "CVE-2020-14416",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-14416",
"Source": "CVE"
},
{
"RefID": "CVE-2021-43056",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-43056",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-mp to version 5.4.16-alt1. \nSecurity Fix(es):\n\n * BDU:2019-04798: Уязвимость функции add_ie_rates (drivers/net/wireless/marvell/libertas/cfg.c) драйвера Marvell WiFi ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-01796: Уязвимость функции lbs_ibss_join_existing (drivers/net/wireless/marvell/libertas/cfg.c) драйвера Marvell WiFi ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-02140: Уязвимость функции mptctl_ioctl (drivers/message/fusion/mptctl.c) ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2020-03830: Уязвимость ядра операционной системы Linux, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-05741: Уязвимость реализации файла исходного кода arch/powerpc/kvm/book3s_hv_rmhandlers.S ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.\n\n * CVE-2019-14897: A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.\n\n * CVE-2020-12652: The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a \"double fetch\" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states \"The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power.\"\n\n * CVE-2020-14416: In the Linux kernel before 5.4.16, a race condition in tty-\u003edisc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c.\n\n * CVE-2021-43056: An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-02-03"
},
"Updated": {
"Date": "2020-02-03"
},
"BDUs": [
{
"ID": "BDU:2019-04798",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2019-04798",
"Impact": "Critical",
"Public": "20191126"
},
{
"ID": "BDU:2020-01796",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-121, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-01796",
"Impact": "Critical",
"Public": "20191128"
},
{
"ID": "BDU:2020-02140",
"CVSS": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-362",
"Href": "https://bdu.fstec.ru/vul/2020-02140",
"Impact": "Low",
"Public": "20200115"
},
{
"ID": "BDU:2020-03830",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-362, CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-03830",
"Impact": "Low",
"Public": "20200122"
},
{
"ID": "BDU:2021-05741",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-252",
"Href": "https://bdu.fstec.ru/vul/2021-05741",
"Impact": "Low",
"Public": "20211015"
}
],
"CVEs": [
{
"ID": "CVE-2019-14896",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14896",
"Impact": "Critical",
"Public": "20191127"
},
{
"ID": "CVE-2019-14897",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-121",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14897",
"Impact": "Critical",
"Public": "20191129"
},
{
"ID": "CVE-2020-12652",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-12652",
"Impact": "Low",
"Public": "20200505"
},
{
"ID": "CVE-2020-14416",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-14416",
"Impact": "Low",
"Public": "20200618"
},
{
"ID": "CVE-2021-43056",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-43056",
"Impact": "Low",
"Public": "20211028"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20201122001",
"Comment": "kernel-headers-modules-mp is earlier than 0:5.4.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201122002",
"Comment": "kernel-headers-mp is earlier than 0:5.4.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201122003",
"Comment": "kernel-image-mp is earlier than 0:5.4.16-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink