pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2019-2645/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

233 lines
9.3 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20192645",
"Version": "oval:org.altlinux.errata:def:20192645",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-2645: package `systemd` update to version 243-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-2645",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-2645",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-05729",
"RefURL": "https://bdu.fstec.ru/vul/2020-05729",
"Source": "BDU"
},
{
"RefID": "CVE-2018-20839",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-20839",
"Source": "CVE"
},
{
"RefID": "CVE-2019-20386",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-20386",
"Source": "CVE"
}
],
"Description": "This update upgrades systemd to version 243-alt1. \nSecurity Fix(es):\n\n * BDU:2020-05729: Уязвимость подсистемы инициализации и управления службами в Linux systemd, связанная с неосвобождением ресурса после истечения действительного срока его эксплуатации, позволяющая нарушителю вызвать отказ в обслуживаниии\n\n * CVE-2018-20839: systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.\n\n * CVE-2019-20386: An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-09-05"
},
"Updated": {
"Date": "2019-09-05"
},
"BDUs": [
{
"ID": "BDU:2020-05729",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-772",
"Href": "https://bdu.fstec.ru/vul/2020-05729",
"Impact": "Low",
"Public": "20200121"
}
],
"CVEs": [
{
"ID": "CVE-2018-20839",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-20839",
"Impact": "Low",
"Public": "20190517"
},
{
"ID": "CVE-2019-20386",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-20386",
"Impact": "Low",
"Public": "20200121"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20192645001",
"Comment": "bash-completion-systemd is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645002",
"Comment": "bash-completion-udev is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645003",
"Comment": "libnss-myhostname is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645004",
"Comment": "libnss-mymachines is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645005",
"Comment": "libnss-resolve is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645006",
"Comment": "libnss-systemd is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645007",
"Comment": "libsystemd is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645008",
"Comment": "libsystemd-devel is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645009",
"Comment": "libsystemd-devel-static is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645010",
"Comment": "libudev-devel is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645011",
"Comment": "libudev-devel-static is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645012",
"Comment": "libudev1 is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645013",
"Comment": "pam_systemd is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645014",
"Comment": "systemd is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645015",
"Comment": "systemd-analyze is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645016",
"Comment": "systemd-container is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645017",
"Comment": "systemd-coredump is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645018",
"Comment": "systemd-journal-remote is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645019",
"Comment": "systemd-networkd is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645020",
"Comment": "systemd-portable is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645021",
"Comment": "systemd-services is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645022",
"Comment": "systemd-stateless is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645023",
"Comment": "systemd-sysvinit is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645024",
"Comment": "systemd-timesyncd is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645025",
"Comment": "systemd-utils is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645026",
"Comment": "udev is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645027",
"Comment": "udev-extras is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645028",
"Comment": "udev-hwdb is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645029",
"Comment": "udev-rules is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645030",
"Comment": "zsh-completion-systemd is earlier than 1:243-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192645031",
"Comment": "zsh-completion-udev is earlier than 1:243-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink