pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2018-2253/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

293 lines
14 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20182253",
"Version": "oval:org.altlinux.errata:def:20182253",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-2253: package `firmware-intel-ucode` update to version 7-alt1.20180807.a",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-2253",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-2253",
"Source": "ALTPU"
},
{
"RefID": "BDU:2018-00001",
"RefURL": "https://bdu.fstec.ru/vul/2018-00001",
"Source": "BDU"
},
{
"RefID": "BDU:2018-00002",
"RefURL": "https://bdu.fstec.ru/vul/2018-00002",
"Source": "BDU"
},
{
"RefID": "BDU:2018-00994",
"RefURL": "https://bdu.fstec.ru/vul/2018-00994",
"Source": "BDU"
},
{
"RefID": "BDU:2018-00995",
"RefURL": "https://bdu.fstec.ru/vul/2018-00995",
"Source": "BDU"
},
{
"RefID": "BDU:2018-00996",
"RefURL": "https://bdu.fstec.ru/vul/2018-00996",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00768",
"RefURL": "https://bdu.fstec.ru/vul/2019-00768",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01065",
"RefURL": "https://bdu.fstec.ru/vul/2019-01065",
"Source": "BDU"
},
{
"RefID": "CVE-2017-5753",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5753",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5754",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5754",
"Source": "CVE"
},
{
"RefID": "CVE-2018-3615",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-3615",
"Source": "CVE"
},
{
"RefID": "CVE-2018-3620",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-3620",
"Source": "CVE"
},
{
"RefID": "CVE-2018-3639",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-3639",
"Source": "CVE"
},
{
"RefID": "CVE-2018-3640",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-3640",
"Source": "CVE"
},
{
"RefID": "CVE-2018-3646",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-3646",
"Source": "CVE"
}
],
"Description": "This update upgrades firmware-intel-ucode to version 7-alt1.20180807.a. \nSecurity Fix(es):\n\n * BDU:2018-00001: Уязвимость процессоров Intel и АRM, вызванная ошибкой контроля доступа к памяти при спекулятивном выполнении инструкций процессора, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2018-00002: Уязвимость процессоров Intel, ARM и AMD, связанная с особенностями функционирования модуля прогнозирования ветвлений, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2018-00994: Уязвимость реализации технологии Software Guard eXtensions процессоров Intel, позволяющая получить несанкционированный доступ к данным, размещённым в защищённой области\n\n * BDU:2018-00995: Уязвимость процессоров Intel, связанная с возможностью спекулятивного выполнения команд и позволяющая нарушителю получить несанкционированный доступ к памяти ядра операционной системы или SMM-памяти\n\n * BDU:2018-00996: Уязвимость процессоров Intel, связанная с возможностью спекулятивного выполнения команд и позволяющая нарушителю преодолеть механизм изоляции памяти виртуальных машин\n\n * BDU:2019-00768: Уязвимость процессоров Intel и ARM, связанная с использованием спекулятивного выполнения и чтения из памяти до возврата адресов предыдущих операций записи в память, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2019-01065: Уязвимость процессоров Intel и ARM, связанная с использованием спекулятивного считывания системных регистров, позволяющая нарушителю раскрыть защищаемую информацию\n\n * CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n\n * CVE-2017-5754: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.\n\n * CVE-2018-3615: Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.\n\n * CVE-2018-3620: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.\n\n * CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.\n\n * CVE-2018-3640: Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.\n\n * CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-08-30"
},
"Updated": {
"Date": "2018-08-30"
},
"BDUs": [
{
"ID": "BDU:2018-00001",
"CVSS": "AV:L/AC:M/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-264",
"Href": "https://bdu.fstec.ru/vul/2018-00001",
"Impact": "Low",
"Public": "20171222"
},
{
"ID": "BDU:2018-00002",
"CVSS": "AV:L/AC:M/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-203, CWE-264",
"Href": "https://bdu.fstec.ru/vul/2018-00002",
"Impact": "Low",
"Public": "20180107"
},
{
"ID": "BDU:2018-00994",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:P/A:N",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"CWE": "CWE-524",
"Href": "https://bdu.fstec.ru/vul/2018-00994",
"Impact": "High",
"Public": "20180103"
},
{
"ID": "BDU:2018-00995",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-524",
"Href": "https://bdu.fstec.ru/vul/2018-00995",
"Impact": "High",
"Public": "20180103"
},
{
"ID": "BDU:2018-00996",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-208, CWE-524",
"Href": "https://bdu.fstec.ru/vul/2018-00996",
"Impact": "High",
"Public": "20180103"
},
{
"ID": "BDU:2019-00768",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-203",
"Href": "https://bdu.fstec.ru/vul/2019-00768",
"Impact": "Low",
"Public": "20180503"
},
{
"ID": "BDU:2019-01065",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2019-01065",
"Impact": "Low",
"Public": "20180911"
}
],
"CVEs": [
{
"ID": "CVE-2017-5753",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-203",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5753",
"Impact": "Low",
"Public": "20180104"
},
{
"ID": "CVE-2017-5754",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5754",
"Impact": "Low",
"Public": "20180104"
},
{
"ID": "CVE-2018-3615",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
"CWE": "CWE-203",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-3615",
"Impact": "Low",
"Public": "20180814"
},
{
"ID": "CVE-2018-3620",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-203",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-3620",
"Impact": "Low",
"Public": "20180814"
},
{
"ID": "CVE-2018-3639",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-203",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-3639",
"Impact": "Low",
"Public": "20180522"
},
{
"ID": "CVE-2018-3640",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-203",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-3640",
"Impact": "Low",
"Public": "20180522"
},
{
"ID": "CVE-2018-3646",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-3646",
"Impact": "Low",
"Public": "20180814"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20182253001",
"Comment": "firmware-intel-ucode is earlier than 2:7-alt1.20180807.a"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink