pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p11/ALT-PU-2022-2913/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

173 lines
7.8 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20222913",
"Version": "oval:org.altlinux.errata:def:20222913",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-2913: package `kernel-image-un-def` update to version 5.19.17-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-2913",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-2913",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-06620",
"RefURL": "https://bdu.fstec.ru/vul/2022-06620",
"Source": "BDU"
},
{
"RefID": "BDU:2023-00360",
"RefURL": "https://bdu.fstec.ru/vul/2023-00360",
"Source": "BDU"
},
{
"RefID": "CVE-2022-3541",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-3541",
"Source": "CVE"
},
{
"RefID": "CVE-2022-3565",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-3565",
"Source": "CVE"
},
{
"RefID": "CVE-2022-43945",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-43945",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-un-def to version 5.19.17-alt1. \nSecurity Fix(es):\n\n * BDU:2022-06620: Уязвимость функции del_timer компонента drivers/isdn/mISDN/l1oip_core.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-00360: Уязвимость сетевой файловой системы Network File System (NFS) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2022-3541: A vulnerability classified as critical has been found in Linux Kernel. This affects the function spl2sw_nvmem_get_mac_address of the file drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211041 was assigned to this vulnerability.\n\n * CVE-2022-3565: A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.\n\n * CVE-2022-43945: The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-10-24"
},
"Updated": {
"Date": "2022-10-24"
},
"BDUs": [
{
"ID": "BDU:2022-06620",
"CVSS": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-06620",
"Impact": "High",
"Public": "20211017"
},
{
"ID": "BDU:2023-00360",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-131, CWE-770",
"Href": "https://bdu.fstec.ru/vul/2023-00360",
"Impact": "High",
"Public": "20220926"
}
],
"CVEs": [
{
"ID": "CVE-2022-3541",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-3541",
"Impact": "High",
"Public": "20221017"
},
{
"ID": "CVE-2022-3565",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-662",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-3565",
"Impact": "High",
"Public": "20221017"
},
{
"ID": "CVE-2022-43945",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-43945",
"Impact": "High",
"Public": "20221104"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20222913001",
"Comment": "kernel-doc-un is earlier than 1:5.19.17-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222913002",
"Comment": "kernel-headers-modules-un-def is earlier than 1:5.19.17-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222913003",
"Comment": "kernel-headers-un-def is earlier than 1:5.19.17-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222913004",
"Comment": "kernel-image-domU-un-def is earlier than 1:5.19.17-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222913005",
"Comment": "kernel-image-un-def is earlier than 1:5.19.17-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222913006",
"Comment": "kernel-image-un-def-checkinstall is earlier than 1:5.19.17-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222913007",
"Comment": "kernel-modules-drm-ancient-un-def is earlier than 1:5.19.17-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222913008",
"Comment": "kernel-modules-drm-nouveau-un-def is earlier than 1:5.19.17-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222913009",
"Comment": "kernel-modules-drm-un-def is earlier than 1:5.19.17-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222913010",
"Comment": "kernel-modules-staging-un-def is earlier than 1:5.19.17-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink