pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2019-2764/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

283 lines
14 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20192764",
"Version": "oval:org.altlinux.errata:def:20192764",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-2764: package `kernel-image-std-def` update to version 4.19.75-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-2764",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-2764",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-04677",
"RefURL": "https://bdu.fstec.ru/vul/2019-04677",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01344",
"RefURL": "https://bdu.fstec.ru/vul/2020-01344",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01862",
"RefURL": "https://bdu.fstec.ru/vul/2020-01862",
"Source": "BDU"
},
{
"RefID": "BDU:2020-03327",
"RefURL": "https://bdu.fstec.ru/vul/2020-03327",
"Source": "BDU"
},
{
"RefID": "BDU:2020-03328",
"RefURL": "https://bdu.fstec.ru/vul/2020-03328",
"Source": "BDU"
},
{
"RefID": "BDU:2020-03329",
"RefURL": "https://bdu.fstec.ru/vul/2020-03329",
"Source": "BDU"
},
{
"RefID": "CVE-2019-14814",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14814",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14815",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14815",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14816",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14816",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14821",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14821",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15504",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15504",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15505",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15505",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-std-def to version 4.19.75-alt1. \nSecurity Fix(es):\n\n * BDU:2019-04677: Уязвимость функции Coalesced_MMIO ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность\n\n * BDU:2020-01344: Уязвимость компонента drivers/media/usb/dvb-usb/technisat-usb2.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании\n\n * BDU:2020-01862: Уязвимость функции в drivers/net/wireless/rsi/rsi_91x_usb.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2020-03327: Уязвимость функции mwifiex_update_vs_ie() драйвера Wi-Fi Marvell ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * BDU:2020-03328: Уязвимость функции mwifiex_set_uap_rates() драйвера Wi-Fi Marvell ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * BDU:2020-03329: Уязвимость функции mwifiex_set_wmm_params() драйвера Wi-Fi Marvell ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * CVE-2019-14814: There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.\n\n * CVE-2019-14815: A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.\n\n * CVE-2019-14816: There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.\n\n * CVE-2019-14821: An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring-\u003efirst' and 'ring-\u003elast' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.\n\n * CVE-2019-15504: drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).\n\n * CVE-2019-15505: drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-09-22"
},
"Updated": {
"Date": "2019-09-22"
},
"BDUs": [
{
"ID": "BDU:2019-04677",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2019-04677",
"Impact": "High",
"Public": "20190918"
},
{
"ID": "BDU:2020-01344",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2020-01344",
"Impact": "Critical",
"Public": "20190722"
},
{
"ID": "BDU:2020-01862",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-415",
"Href": "https://bdu.fstec.ru/vul/2020-01862",
"Impact": "Critical",
"Public": "20190822"
},
{
"ID": "BDU:2020-03327",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120, CWE-122, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-03327",
"Impact": "High",
"Public": "20190903"
},
{
"ID": "BDU:2020-03328",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120, CWE-122, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-03328",
"Impact": "High",
"Public": "20190903"
},
{
"ID": "BDU:2020-03329",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-03329",
"Impact": "High",
"Public": "20190903"
}
],
"CVEs": [
{
"ID": "CVE-2019-14814",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14814",
"Impact": "High",
"Public": "20190920"
},
{
"ID": "CVE-2019-14815",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14815",
"Impact": "High",
"Public": "20191125"
},
{
"ID": "CVE-2019-14816",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14816",
"Impact": "High",
"Public": "20190920"
},
{
"ID": "CVE-2019-14821",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14821",
"Impact": "High",
"Public": "20190919"
},
{
"ID": "CVE-2019-15504",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-415",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15504",
"Impact": "Critical",
"Public": "20190823"
},
{
"ID": "CVE-2019-15505",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15505",
"Impact": "Critical",
"Public": "20190823"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20192764001",
"Comment": "kernel-doc-std is earlier than 1:4.19.75-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192764002",
"Comment": "kernel-headers-modules-std-def is earlier than 1:4.19.75-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192764003",
"Comment": "kernel-headers-std-def is earlier than 1:4.19.75-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192764004",
"Comment": "kernel-image-domU-std-def is earlier than 1:4.19.75-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192764005",
"Comment": "kernel-image-std-def is earlier than 1:4.19.75-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192764006",
"Comment": "kernel-modules-drm-ancient-std-def is earlier than 1:4.19.75-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192764007",
"Comment": "kernel-modules-drm-nouveau-std-def is earlier than 1:4.19.75-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192764008",
"Comment": "kernel-modules-drm-radeon-std-def is earlier than 1:4.19.75-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192764009",
"Comment": "kernel-modules-drm-std-def is earlier than 1:4.19.75-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192764010",
"Comment": "kernel-modules-ide-std-def is earlier than 1:4.19.75-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192764011",
"Comment": "kernel-modules-kvm-std-def is earlier than 1:4.19.75-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192764012",
"Comment": "kernel-modules-staging-std-def is earlier than 1:4.19.75-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192764013",
"Comment": "kernel-modules-v4l-std-def is earlier than 1:4.19.75-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink