pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5346325857
vuln-list-alt/oval/c9f2/ALT-PU-2014-1262/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

238 lines
11 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20141262",
"Version": "oval:org.altlinux.errata:def:20141262",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2014-1262: package `libvirt` update to version 1.2.2-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2014-1262",
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-1262",
"Source": "ALTPU"
},
{
"RefID": "CVE-2013-6436",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6436",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6456",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6456",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6457",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6457",
"Source": "CVE"
},
{
"RefID": "CVE-2013-6458",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6458",
"Source": "CVE"
},
{
"RefID": "CVE-2014-0028",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0028",
"Source": "CVE"
},
{
"RefID": "CVE-2014-1447",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-1447",
"Source": "CVE"
}
],
"Description": "This update upgrades libvirt to version 1.2.2-alt1. \nSecurity Fix(es):\n\n * CVE-2013-6436: The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the \"virsh memtune\" command.\n\n * CVE-2013-6456: The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to \"paths under /proc/$PID/root\" and the virInitctlSetRunLevel function.\n\n * CVE-2013-6457: The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command.\n\n * CVE-2013-6458: Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.\n\n * CVE-2014-0028: libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.\n\n * CVE-2014-1447: Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2014-03-05"
},
"Updated": {
"Date": "2014-03-05"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2013-6436",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6436",
"Impact": "Low",
"Public": "20140107"
},
{
"ID": "CVE-2013-6456",
"CVSS": "AV:A/AC:M/Au:S/C:N/I:P/A:C",
"CWE": "CWE-59",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6456",
"Impact": "Low",
"Public": "20140415"
},
{
"ID": "CVE-2013-6457",
"CVSS": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6457",
"Impact": "Low",
"Public": "20140124"
},
{
"ID": "CVE-2013-6458",
"CVSS": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6458",
"Impact": "Low",
"Public": "20140124"
},
{
"ID": "CVE-2014-0028",
"CVSS": "AV:A/AC:M/Au:N/C:P/I:N/A:P",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0028",
"Impact": "Low",
"Public": "20140124"
},
{
"ID": "CVE-2014-1447",
"CVSS": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-1447",
"Impact": "Low",
"Public": "20140124"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20141262001",
"Comment": "libvirt is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262002",
"Comment": "libvirt-client is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262003",
"Comment": "libvirt-daemon is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262004",
"Comment": "libvirt-daemon-config-network is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262005",
"Comment": "libvirt-daemon-config-nwfilter is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262006",
"Comment": "libvirt-daemon-driver-interface is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262007",
"Comment": "libvirt-daemon-driver-lxc is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262008",
"Comment": "libvirt-daemon-driver-network is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262009",
"Comment": "libvirt-daemon-driver-nodedev is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262010",
"Comment": "libvirt-daemon-driver-nwfilter is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262011",
"Comment": "libvirt-daemon-driver-qemu is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262012",
"Comment": "libvirt-daemon-driver-secret is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262013",
"Comment": "libvirt-daemon-driver-storage is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262014",
"Comment": "libvirt-daemon-driver-vbox is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262015",
"Comment": "libvirt-daemon-driver-xen is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262016",
"Comment": "libvirt-devel is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262017",
"Comment": "libvirt-docs is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262018",
"Comment": "libvirt-kvm is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262019",
"Comment": "libvirt-lxc is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262020",
"Comment": "libvirt-qemu is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262021",
"Comment": "libvirt-qemu-common is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262022",
"Comment": "libvirt-vbox is earlier than 0:1.2.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20141262023",
"Comment": "libvirt-xen is earlier than 0:1.2.2-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink