pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2019-3351/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

199 lines
7.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20193351",
"Version": "oval:org.altlinux.errata:def:20193351",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-3351: package `systemd` update to version 244.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-3351",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-3351",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-02039",
"RefURL": "https://bdu.fstec.ru/vul/2020-02039",
"Source": "BDU"
},
{
"RefID": "CVE-2020-1712",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-1712",
"Source": "CVE"
}
],
"Description": "This update upgrades systemd to version 244.1-alt1. \nSecurity Fix(es):\n\n * BDU:2020-02039: Уязвимость системы инициализации Linux systemd, связанная с обращением к памяти после ее освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2020-1712: A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-12-20"
},
"Updated": {
"Date": "2019-12-20"
},
"BDUs": [
{
"ID": "BDU:2020-02039",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-02039",
"Impact": "Low",
"Public": "20200205"
}
],
"CVEs": [
{
"ID": "CVE-2020-1712",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-1712",
"Impact": "High",
"Public": "20200331"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20193351001",
"Comment": "libnss-myhostname is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351002",
"Comment": "libnss-mymachines is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351003",
"Comment": "libnss-resolve is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351004",
"Comment": "libnss-systemd is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351005",
"Comment": "libsystemd is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351006",
"Comment": "libsystemd-devel is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351007",
"Comment": "libsystemd-devel-static is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351008",
"Comment": "libudev-devel is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351009",
"Comment": "libudev-devel-static is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351010",
"Comment": "libudev1 is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351011",
"Comment": "pam_systemd is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351012",
"Comment": "systemd is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351013",
"Comment": "systemd-analyze is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351014",
"Comment": "systemd-container is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351015",
"Comment": "systemd-coredump is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351016",
"Comment": "systemd-journal-remote is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351017",
"Comment": "systemd-networkd is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351018",
"Comment": "systemd-portable is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351019",
"Comment": "systemd-services is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351020",
"Comment": "systemd-stateless is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351021",
"Comment": "systemd-sysvinit is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351022",
"Comment": "systemd-timesyncd is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351023",
"Comment": "systemd-utils is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351024",
"Comment": "udev is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351025",
"Comment": "udev-hwdb is earlier than 1:244.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193351026",
"Comment": "udev-rules is earlier than 1:244.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink