pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2019-1832/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

227 lines
11 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20191832",
"Version": "oval:org.altlinux.errata:def:20191832",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-1832: package `kernel-image-std-pae` update to version 4.19.43-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-1832",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-1832",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-01957",
"RefURL": "https://bdu.fstec.ru/vul/2019-01957",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01958",
"RefURL": "https://bdu.fstec.ru/vul/2019-01958",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01959",
"RefURL": "https://bdu.fstec.ru/vul/2019-01959",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01960",
"RefURL": "https://bdu.fstec.ru/vul/2019-01960",
"Source": "BDU"
},
{
"RefID": "CVE-2018-12126",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-12126",
"Source": "CVE"
},
{
"RefID": "CVE-2018-12127",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-12127",
"Source": "CVE"
},
{
"RefID": "CVE-2018-12130",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-12130",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11091",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11091",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-std-pae to version 4.19.43-alt1. \nSecurity Fix(es):\n\n * BDU:2019-01957: Уязвимость процессоров Intel, связанная с микроархитектурной выборкой данных некэшируемой памяти (MDSUM), позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2019-01958: Уязвимость порта загрузки MLPDS микропрограммного обеспечения Intel, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальной информации\n\n * BDU:2019-01959: Уязвимость процессоров Intel, связанная с восстановлением содержимого буферов заполнения (MFBDS), позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2019-01960: Уязвимость буфера данных MSBDS микропрограммного обеспечения Intel, позволяющая нарушителю получить доступ к конфиденциальной информации\n\n * CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf\n\n * CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf\n\n * CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf\n\n * CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-05-15"
},
"Updated": {
"Date": "2019-05-15"
},
"BDUs": [
{
"ID": "BDU:2019-01957",
"CVSS": "AV:L/AC:H/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-203, CWE-385",
"Href": "https://bdu.fstec.ru/vul/2019-01957",
"Impact": "Low",
"Public": "20190306"
},
{
"ID": "BDU:2019-01958",
"CVSS": "AV:L/AC:M/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-203, CWE-385",
"Href": "https://bdu.fstec.ru/vul/2019-01958",
"Impact": "Low",
"Public": "20190306"
},
{
"ID": "BDU:2019-01959",
"CVSS": "AV:L/AC:H/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-203, CWE-385",
"Href": "https://bdu.fstec.ru/vul/2019-01959",
"Impact": "Low",
"Public": "20190306"
},
{
"ID": "BDU:2019-01960",
"CVSS": "AV:L/AC:H/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-203, CWE-385",
"Href": "https://bdu.fstec.ru/vul/2019-01960",
"Impact": "Low",
"Public": "20190306"
}
],
"CVEs": [
{
"ID": "CVE-2018-12126",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-12126",
"Impact": "Low",
"Public": "20190530"
},
{
"ID": "CVE-2018-12127",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-12127",
"Impact": "Low",
"Public": "20190530"
},
{
"ID": "CVE-2018-12130",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-12130",
"Impact": "Low",
"Public": "20190530"
},
{
"ID": "CVE-2019-11091",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11091",
"Impact": "Low",
"Public": "20190530"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20191832001",
"Comment": "kernel-headers-modules-std-pae is earlier than 1:4.19.43-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191832002",
"Comment": "kernel-headers-std-pae is earlier than 1:4.19.43-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191832003",
"Comment": "kernel-image-domU-std-pae is earlier than 1:4.19.43-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191832004",
"Comment": "kernel-image-std-pae is earlier than 1:4.19.43-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191832005",
"Comment": "kernel-modules-drm-ancient-std-pae is earlier than 1:4.19.43-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191832006",
"Comment": "kernel-modules-drm-nouveau-std-pae is earlier than 1:4.19.43-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191832007",
"Comment": "kernel-modules-drm-radeon-std-pae is earlier than 1:4.19.43-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191832008",
"Comment": "kernel-modules-drm-std-pae is earlier than 1:4.19.43-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191832009",
"Comment": "kernel-modules-ide-std-pae is earlier than 1:4.19.43-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191832010",
"Comment": "kernel-modules-kvm-std-pae is earlier than 1:4.19.43-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191832011",
"Comment": "kernel-modules-staging-std-pae is earlier than 1:4.19.43-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191832012",
"Comment": "kernel-modules-v4l-std-pae is earlier than 1:4.19.43-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink