pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5346325857
vuln-list-alt/oval/c9f2/ALT-PU-2018-2754/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

332 lines
17 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20182754",
"Version": "oval:org.altlinux.errata:def:20182754",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-2754: package `kernel-image-std-debug` update to version 4.14.85-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-2754",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-2754",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-07788",
"RefURL": "https://bdu.fstec.ru/vul/2015-07788",
"Source": "BDU"
},
{
"RefID": "BDU:2015-07831",
"RefURL": "https://bdu.fstec.ru/vul/2015-07831",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02817",
"RefURL": "https://bdu.fstec.ru/vul/2020-02817",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02841",
"RefURL": "https://bdu.fstec.ru/vul/2020-02841",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02848",
"RefURL": "https://bdu.fstec.ru/vul/2020-02848",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02951",
"RefURL": "https://bdu.fstec.ru/vul/2020-02951",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02957",
"RefURL": "https://bdu.fstec.ru/vul/2020-02957",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02959",
"RefURL": "https://bdu.fstec.ru/vul/2020-02959",
"Source": "BDU"
},
{
"RefID": "CVE-2000-1134",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2000-1134",
"Source": "CVE"
},
{
"RefID": "CVE-2007-3852",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2007-3852",
"Source": "CVE"
},
{
"RefID": "CVE-2008-0525",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2008-0525",
"Source": "CVE"
},
{
"RefID": "CVE-2009-0416",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2009-0416",
"Source": "CVE"
},
{
"RefID": "CVE-2011-4834",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2011-4834",
"Source": "CVE"
},
{
"RefID": "CVE-2015-1838",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-1838",
"Source": "CVE"
},
{
"RefID": "CVE-2015-7442",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-7442",
"Source": "CVE"
},
{
"RefID": "CVE-2016-7489",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7489",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-std-debug to version 4.14.85-alt1. \nSecurity Fix(es):\n\n * BDU:2015-07788: Уязвимость операционной системы Red Hat Linux, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-07831: Уязвимость операционной системы Red Hat Linux, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2020-02817: Уязвимость программы для установки SSL сертификатов в стандартизированной инструментарии Linux Sblim-sfcb, связанная с неверным определением ссылки перед доступом к файлу, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-02841: Уязвимость агента обновления Novell ZENworks Patch Management клиента обновления PatchLink, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-02848: Уязвимость функции sysstat.in утилиты для измерения и анализа производительности системы sysstat, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-02951: Уязвимость функции GetInstalledPackages менеджера установки Application Lifestyle Management, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании или оказать воздействие на целостность данных\n\n * BDU:2020-02957: Уязвимость модуля modules/serverdensity_device.py системы управления конфигураций и удаленного выполнения операций SaltStack, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании или оказать воздействие на целостность данных\n\n * BDU:2020-02959: Уязвимость компонента consoleinst.sh менеджера установки Installation Manager IBM, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании или оказать воздействие на целостность данных\n\n * CVE-2000-1134: Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing \u003c\u003c redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.\n\n * CVE-2007-3852: The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.\n\n * CVE-2008-0525: PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script.\n\n * CVE-2009-0416: The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files.\n\n * CVE-2011-4834: The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.\n\n * CVE-2015-1838: modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.\n\n * CVE-2015-7442: consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value.\n\n * CVE-2016-7489: Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-12-02"
},
"Updated": {
"Date": "2018-12-02"
},
"BDUs": [
{
"ID": "BDU:2015-07788",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-07788",
"Impact": "High",
"Public": "20001130"
},
{
"ID": "BDU:2015-07831",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-07831",
"Impact": "High",
"Public": "20001130"
},
{
"ID": "BDU:2020-02817",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CWE": "CWE-59",
"Href": "https://bdu.fstec.ru/vul/2020-02817",
"Impact": "High",
"Public": "20090203"
},
{
"ID": "BDU:2020-02841",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"CWE": "CWE-59",
"Href": "https://bdu.fstec.ru/vul/2020-02841",
"Impact": "Low",
"Public": "20080131"
},
{
"ID": "BDU:2020-02848",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02848",
"Impact": "Low",
"Public": "20070814"
},
{
"ID": "BDU:2020-02951",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02951",
"Impact": "High",
"Public": "20111214"
},
{
"ID": "BDU:2020-02957",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-19",
"Href": "https://bdu.fstec.ru/vul/2020-02957",
"Impact": "Low",
"Public": "20170413"
},
{
"ID": "BDU:2020-02959",
"CVSS": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-02959",
"Impact": "High",
"Public": "20160102"
}
],
"CVEs": [
{
"ID": "CVE-2000-1134",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2000-1134",
"Impact": "High",
"Public": "20010109"
},
{
"ID": "CVE-2007-3852",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2007-3852",
"Impact": "Low",
"Public": "20070814"
},
{
"ID": "CVE-2008-0525",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-59",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2008-0525",
"Impact": "Low",
"Public": "20080131"
},
{
"ID": "CVE-2009-0416",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"CWE": "CWE-59",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2009-0416",
"Impact": "Low",
"Public": "20090203"
},
{
"ID": "CVE-2011-4834",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2011-4834",
"Impact": "Low",
"Public": "20111215"
},
{
"ID": "CVE-2015-1838",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-19",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-1838",
"Impact": "Low",
"Public": "20170413"
},
{
"ID": "CVE-2015-7442",
"CVSS": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-7442",
"Impact": "High",
"Public": "20160102"
},
{
"ID": "CVE-2016-7489",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7489",
"Impact": "Critical",
"Public": "20161110"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20182754001",
"Comment": "kernel-headers-modules-std-debug is earlier than 1:4.14.85-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182754002",
"Comment": "kernel-headers-std-debug is earlier than 1:4.14.85-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182754003",
"Comment": "kernel-image-domU-std-debug is earlier than 1:4.14.85-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182754004",
"Comment": "kernel-image-std-debug is earlier than 1:4.14.85-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182754005",
"Comment": "kernel-modules-drm-ancient-std-debug is earlier than 1:4.14.85-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182754006",
"Comment": "kernel-modules-drm-nouveau-std-debug is earlier than 1:4.14.85-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182754007",
"Comment": "kernel-modules-drm-radeon-std-debug is earlier than 1:4.14.85-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182754008",
"Comment": "kernel-modules-drm-std-debug is earlier than 1:4.14.85-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182754009",
"Comment": "kernel-modules-ide-std-debug is earlier than 1:4.14.85-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182754010",
"Comment": "kernel-modules-kvm-std-debug is earlier than 1:4.14.85-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182754011",
"Comment": "kernel-modules-staging-std-debug is earlier than 1:4.14.85-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182754012",
"Comment": "kernel-modules-v4l-std-debug is earlier than 1:4.14.85-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink