pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2014-1375/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

235 lines
11 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20141375",
"Version": "oval:org.altlinux.errata:def:20141375",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2014-1375: package `kernel-image-el-def` update to version 2.6.32-alt20",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2014-1375",
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-1375",
"Source": "ALTPU"
},
{
"RefID": "BDU:2014-00054",
"RefURL": "https://bdu.fstec.ru/vul/2014-00054",
"Source": "BDU"
},
{
"RefID": "BDU:2014-00061",
"RefURL": "https://bdu.fstec.ru/vul/2014-00061",
"Source": "BDU"
},
{
"RefID": "BDU:2014-00102",
"RefURL": "https://bdu.fstec.ru/vul/2014-00102",
"Source": "BDU"
},
{
"RefID": "BDU:2015-04307",
"RefURL": "https://bdu.fstec.ru/vul/2015-04307",
"Source": "BDU"
},
{
"RefID": "BDU:2015-04308",
"RefURL": "https://bdu.fstec.ru/vul/2015-04308",
"Source": "BDU"
},
{
"RefID": "BDU:2015-04309",
"RefURL": "https://bdu.fstec.ru/vul/2015-04309",
"Source": "BDU"
},
{
"RefID": "BDU:2015-04310",
"RefURL": "https://bdu.fstec.ru/vul/2015-04310",
"Source": "BDU"
},
{
"RefID": "CVE-2013-1860",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1860",
"Source": "CVE"
},
{
"RefID": "CVE-2014-0055",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0055",
"Source": "CVE"
},
{
"RefID": "CVE-2014-0069",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0069",
"Source": "CVE"
},
{
"RefID": "CVE-2014-0101",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0101",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-el-def to version 2.6.32-alt20. \nSecurity Fix(es):\n\n * BDU:2014-00054: Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании, повысить свои привилегии или выполнить произвольный код\n\n * BDU:2014-00061: Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании\n\n * BDU:2014-00102: Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании\n\n * BDU:2015-04307: Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-04308: Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-04309: Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-04310: Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2013-1860: Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device.\n\n * CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors.\n\n * CVE-2014-0069: The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.\n\n * CVE-2014-0101: The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2014-03-26"
},
"Updated": {
"Date": "2014-03-26"
},
"BDUs": [
{
"ID": "BDU:2014-00054",
"CVSS": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2014-00054",
"Impact": "Low",
"Public": "20140228"
},
{
"ID": "BDU:2014-00061",
"CVSS": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
"CWE": "CWE-465",
"Href": "https://bdu.fstec.ru/vul/2014-00061",
"Impact": "Low",
"Public": "20140326"
},
{
"ID": "BDU:2014-00102",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2014-00102",
"Impact": "High",
"Public": "20140311"
},
{
"ID": "BDU:2015-04307",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-04307",
"Impact": "Critical",
"Public": "20130122"
},
{
"ID": "BDU:2015-04308",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-04308",
"Impact": "Critical"
},
{
"ID": "BDU:2015-04309",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-04309",
"Impact": "Critical"
},
{
"ID": "BDU:2015-04310",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-04310",
"Impact": "Critical"
}
],
"CVEs": [
{
"ID": "CVE-2013-1860",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-1860",
"Impact": "Low",
"Public": "20130322"
},
{
"ID": "CVE-2014-0055",
"CVSS": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0055",
"Impact": "Low",
"Public": "20140326"
},
{
"ID": "CVE-2014-0069",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0069",
"Impact": "High",
"Public": "20140228"
},
{
"ID": "CVE-2014-0101",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0101",
"Impact": "High",
"Public": "20140311"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20141375001",
"Comment": "firmware-kernel-el-def is earlier than 0:2.6.32-alt20"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141375002",
"Comment": "kernel-doc-el-def is earlier than 0:2.6.32-alt20"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141375003",
"Comment": "kernel-docbook-el-def is earlier than 0:2.6.32-alt20"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141375004",
"Comment": "kernel-headers-el-def is earlier than 0:2.6.32-alt20"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141375005",
"Comment": "kernel-headers-modules-el-def is earlier than 0:2.6.32-alt20"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141375006",
"Comment": "kernel-image-el-def is earlier than 0:2.6.32-alt20"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141375007",
"Comment": "kernel-man-el-def is earlier than 0:2.6.32-alt20"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141375008",
"Comment": "kernel-src-el-def is earlier than 0:2.6.32-alt20"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink