vuln-list-alt/oval/p11/ALT-PU-2019-2382/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20192382",
      "Version": "oval:org.altlinux.errata:def:20192382",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2019-2382: package `kernel-image-std-pae` update to version 4.19.65-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2019-2382",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2019-2382",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2019-02195",
            "RefURL": "https://bdu.fstec.ru/vul/2019-02195",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2019-03627",
            "RefURL": "https://bdu.fstec.ru/vul/2019-03627",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2019-03630",
            "RefURL": "https://bdu.fstec.ru/vul/2019-03630",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2019-04744",
            "RefURL": "https://bdu.fstec.ru/vul/2019-04744",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2019-10207",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-10207",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2019-11478",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11478",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2019-13648",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-13648",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2019-3900",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-3900",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades kernel-image-std-pae to version 4.19.65-alt1. \nSecurity Fix(es):\n\n * BDU:2019-02195: Уязвимость механизма TCP Selective Acknowledgement ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03627: Уязвимость ядра операционной системы Linux, связанная с ошибкой управления ресурсами, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03630: Уязвимость модуля vhost_net ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04744: Уязвимость драйверов drivers/bluetooth/hci_ath.c, drivers/bluetooth/hci_bcm.c, drivers/bluetooth/hci_intel.c, drivers/bluetooth/hci_ldisc.c, drivers/bluetooth/hci_mrvl.c, drivers/bluetooth/hci_qca.c, drivers/bluetooth/hci_uart.h для UART-подключаемых адаптеров Bluetooth ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2019-10207: A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.\n\n * CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.\n\n * CVE-2019-13648: In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.\n\n * CVE-2019-3900: An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2019-08-07"
          },
          "Updated": {
            "Date": "2019-08-07"
          },
          "BDUs": [
            {
              "ID": "BDU:2019-02195",
              "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
              "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-400, CWE-770",
              "Href": "https://bdu.fstec.ru/vul/2019-02195",
              "Impact": "High",
              "Public": "20190615"
            },
            {
              "ID": "BDU:2019-03627",
              "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
              "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-399",
              "Href": "https://bdu.fstec.ru/vul/2019-03627",
              "Impact": "Low",
              "Public": "20190718"
            },
            {
              "ID": "BDU:2019-03630",
              "CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
              "CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-400, CWE-835",
              "Href": "https://bdu.fstec.ru/vul/2019-03630",
              "Impact": "Low",
              "Public": "20190424"
            },
            {
              "ID": "BDU:2019-04744",
              "CVSS": "AV:L/AC:H/Au:N/C:N/I:N/A:C",
              "CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-476",
              "Href": "https://bdu.fstec.ru/vul/2019-04744",
              "Impact": "Low",
              "Public": "20190729"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2019-10207",
              "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-10207",
              "Impact": "Low",
              "Public": "20191125"
            },
            {
              "ID": "CVE-2019-11478",
              "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
              "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-400",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11478",
              "Impact": "High",
              "Public": "20190619"
            },
            {
              "ID": "CVE-2019-13648",
              "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
              "CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-399",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-13648",
              "Impact": "Low",
              "Public": "20190719"
            },
            {
              "ID": "CVE-2019-3900",
              "CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3900",
              "Impact": "High",
              "Public": "20190425"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20192382001",
                "Comment": "kernel-headers-modules-std-pae is earlier than 1:4.19.65-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20192382002",
                "Comment": "kernel-headers-std-pae is earlier than 1:4.19.65-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20192382003",
                "Comment": "kernel-image-domU-std-pae is earlier than 1:4.19.65-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20192382004",
                "Comment": "kernel-image-std-pae is earlier than 1:4.19.65-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20192382005",
                "Comment": "kernel-modules-drm-ancient-std-pae is earlier than 1:4.19.65-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20192382006",
                "Comment": "kernel-modules-drm-nouveau-std-pae is earlier than 1:4.19.65-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20192382007",
                "Comment": "kernel-modules-drm-radeon-std-pae is earlier than 1:4.19.65-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20192382008",
                "Comment": "kernel-modules-drm-std-pae is earlier than 1:4.19.65-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20192382009",
                "Comment": "kernel-modules-ide-std-pae is earlier than 1:4.19.65-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20192382010",
                "Comment": "kernel-modules-kvm-std-pae is earlier than 1:4.19.65-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20192382011",
                "Comment": "kernel-modules-staging-std-pae is earlier than 1:4.19.65-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20192382012",
                "Comment": "kernel-modules-v4l-std-pae is earlier than 1:4.19.65-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}