pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2024-4301/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

256 lines
11 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20244301",
"Version": "oval:org.altlinux.errata:def:20244301",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-4301: package `libvirt` update to version 9.7.0-alt2.p10.2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-4301",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-4301",
"Source": "ALTPU"
},
{
"RefID": "CVE-2024-2494",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-2494",
"Source": "CVE"
}
],
"Description": "This update upgrades libvirt to version 9.7.0-alt2.p10.2. \nSecurity Fix(es):\n\n * CVE-2024-2494: A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-03-26"
},
"Updated": {
"Date": "2024-03-26"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2024-2494",
"CWE": "CWE-789",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-2494",
"Impact": "None",
"Public": "20240321"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20244301001",
"Comment": "libvirt is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301002",
"Comment": "libvirt-admin is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301003",
"Comment": "libvirt-client is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301004",
"Comment": "libvirt-client-qemu is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301005",
"Comment": "libvirt-daemon is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301006",
"Comment": "libvirt-daemon-config-network is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301007",
"Comment": "libvirt-daemon-config-nwfilter is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301008",
"Comment": "libvirt-daemon-driver-interface is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301009",
"Comment": "libvirt-daemon-driver-lxc is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301010",
"Comment": "libvirt-daemon-driver-network is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301011",
"Comment": "libvirt-daemon-driver-nodedev is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301012",
"Comment": "libvirt-daemon-driver-nwfilter is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301013",
"Comment": "libvirt-daemon-driver-qemu is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301014",
"Comment": "libvirt-daemon-driver-secret is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301015",
"Comment": "libvirt-daemon-driver-storage is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301016",
"Comment": "libvirt-daemon-driver-storage-core is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301017",
"Comment": "libvirt-daemon-driver-storage-disk is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301018",
"Comment": "libvirt-daemon-driver-storage-fs is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301019",
"Comment": "libvirt-daemon-driver-storage-gluster is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301020",
"Comment": "libvirt-daemon-driver-storage-iscsi is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301021",
"Comment": "libvirt-daemon-driver-storage-iscsi-direct is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301022",
"Comment": "libvirt-daemon-driver-storage-logical is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301023",
"Comment": "libvirt-daemon-driver-storage-mpath is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301024",
"Comment": "libvirt-daemon-driver-storage-rbd is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301025",
"Comment": "libvirt-daemon-driver-storage-scsi is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301026",
"Comment": "libvirt-daemon-driver-storage-zfs is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301027",
"Comment": "libvirt-daemon-driver-vbox is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301028",
"Comment": "libvirt-devel is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301029",
"Comment": "libvirt-docs is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301030",
"Comment": "libvirt-kvm is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301031",
"Comment": "libvirt-libs is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301032",
"Comment": "libvirt-lock-sanlock is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301033",
"Comment": "libvirt-login-shell is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301034",
"Comment": "libvirt-lxc is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301035",
"Comment": "libvirt-qemu is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301036",
"Comment": "libvirt-qemu-common is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301037",
"Comment": "libvirt-vbox is earlier than 0:9.7.0-alt2.p10.2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244301038",
"Comment": "nss-libvirt is earlier than 0:9.7.0-alt2.p10.2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink