pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2018-1226/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

417 lines
18 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20181226",
"Version": "oval:org.altlinux.errata:def:20181226",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-1226: package `qemu` update to version 2.11.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-1226",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-1226",
"Source": "ALTPU"
},
{
"RefID": "BDU:2018-00003",
"RefURL": "https://bdu.fstec.ru/vul/2018-00003",
"Source": "BDU"
},
{
"RefID": "BDU:2018-00519",
"RefURL": "https://bdu.fstec.ru/vul/2018-00519",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00716",
"RefURL": "https://bdu.fstec.ru/vul/2019-00716",
"Source": "BDU"
},
{
"RefID": "CVE-2017-15124",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15124",
"Source": "CVE"
},
{
"RefID": "CVE-2017-5715",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5715",
"Source": "CVE"
},
{
"RefID": "CVE-2018-5683",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5683",
"Source": "CVE"
}
],
"Description": "This update upgrades qemu to version 2.11.1-alt1. \nSecurity Fix(es):\n\n * BDU:2018-00003: Уязвимость процессоров Intel, ARM и AMD, связанная с особенностями функционирования модуля прогнозирования ветвлений, позволяющая нарушителю получить доступ к защищенной памяти из программы\n\n * BDU:2018-00519: Уязвимость реализации VNC-сервера эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-00716: Уязвимость функции vga_draw_text эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2017-15124: VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.\n\n * CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n\n * CVE-2018-5683: The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-02-16"
},
"Updated": {
"Date": "2018-02-16"
},
"BDUs": [
{
"ID": "BDU:2018-00003",
"CVSS": "AV:L/AC:H/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-203, CWE-264",
"Href": "https://bdu.fstec.ru/vul/2018-00003",
"Impact": "Low",
"Public": "20180107"
},
{
"ID": "BDU:2018-00519",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2018-00519",
"Impact": "High",
"Public": "20171212"
},
{
"ID": "BDU:2019-00716",
"CVSS": "AV:L/AC:L/Au:M/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-00716",
"Impact": "Low",
"Public": "20180123"
}
],
"CVEs": [
{
"ID": "CVE-2017-15124",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15124",
"Impact": "High",
"Public": "20180109"
},
{
"ID": "CVE-2017-5715",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CWE": "CWE-203",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5715",
"Impact": "Low",
"Public": "20180104"
},
{
"ID": "CVE-2018-5683",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5683",
"Impact": "Low",
"Public": "20180123"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20181226001",
"Comment": "ivshmem-tools is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226002",
"Comment": "qemu is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226003",
"Comment": "qemu-aux is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226004",
"Comment": "qemu-block-curl is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226005",
"Comment": "qemu-block-dmg is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226006",
"Comment": "qemu-block-gluster is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226007",
"Comment": "qemu-block-iscsi is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226008",
"Comment": "qemu-block-nfs is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226009",
"Comment": "qemu-block-rbd is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226010",
"Comment": "qemu-block-ssh is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226011",
"Comment": "qemu-common is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226012",
"Comment": "qemu-doc is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226013",
"Comment": "qemu-guest-agent is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226014",
"Comment": "qemu-img is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226015",
"Comment": "qemu-kvm is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226016",
"Comment": "qemu-kvm-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226017",
"Comment": "qemu-system is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226018",
"Comment": "qemu-system-aarch64 is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226019",
"Comment": "qemu-system-aarch64-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226020",
"Comment": "qemu-system-alpha is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226021",
"Comment": "qemu-system-alpha-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226022",
"Comment": "qemu-system-arm is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226023",
"Comment": "qemu-system-arm-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226024",
"Comment": "qemu-system-cris is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226025",
"Comment": "qemu-system-cris-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226026",
"Comment": "qemu-system-lm32 is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226027",
"Comment": "qemu-system-lm32-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226028",
"Comment": "qemu-system-m68k is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226029",
"Comment": "qemu-system-m68k-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226030",
"Comment": "qemu-system-microblaze is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226031",
"Comment": "qemu-system-microblaze-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226032",
"Comment": "qemu-system-mips is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226033",
"Comment": "qemu-system-mips-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226034",
"Comment": "qemu-system-moxie is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226035",
"Comment": "qemu-system-moxie-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226036",
"Comment": "qemu-system-nios2 is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226037",
"Comment": "qemu-system-nios2-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226038",
"Comment": "qemu-system-or1k is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226039",
"Comment": "qemu-system-or1k-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226040",
"Comment": "qemu-system-ppc is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226041",
"Comment": "qemu-system-ppc-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226042",
"Comment": "qemu-system-s390x is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226043",
"Comment": "qemu-system-s390x-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226044",
"Comment": "qemu-system-sh4 is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226045",
"Comment": "qemu-system-sh4-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226046",
"Comment": "qemu-system-sparc is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226047",
"Comment": "qemu-system-sparc-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226048",
"Comment": "qemu-system-tricore is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226049",
"Comment": "qemu-system-tricore-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226050",
"Comment": "qemu-system-unicore32 is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226051",
"Comment": "qemu-system-unicore32-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226052",
"Comment": "qemu-system-x86 is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226053",
"Comment": "qemu-system-x86-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226054",
"Comment": "qemu-system-xtensa is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226055",
"Comment": "qemu-system-xtensa-core is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226056",
"Comment": "qemu-tools is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226057",
"Comment": "qemu-user is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226058",
"Comment": "qemu-user-binfmt is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226059",
"Comment": "qemu-user-static is earlier than 0:2.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181226060",
"Comment": "qemu-user-static-binfmt is earlier than 0:2.11.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink