163 lines
6.5 KiB
JSON
163 lines
6.5 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20191892",
|
|
"Version": "oval:org.altlinux.errata:def:20191892",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2019-1892: package `kernel-image-un-def` update to version 5.0.18-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c10f1"
|
|
],
|
|
"Products": [
|
|
"ALT SP Workstation",
|
|
"ALT SP Server"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2019-1892",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-1892",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2019-02780",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2019-02780",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2019-10142",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-10142",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2019-11833",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11833",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades kernel-image-un-def to version 5.0.18-alt1. \nSecurity Fix(es):\n\n * BDU:2019-02780: Уязвимость файла fs/ext4/extents.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию\n\n * CVE-2019-10142: A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system, corrupt memory, or create other adverse security affects.\n\n * CVE-2019-11833: fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2019-05-22"
|
|
},
|
|
"Updated": {
|
|
"Date": "2019-05-22"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2019-02780",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
|
"CWE": "CWE-200, CWE-908",
|
|
"Href": "https://bdu.fstec.ru/vul/2019-02780",
|
|
"Impact": "Low",
|
|
"Public": "20190510"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2019-10142",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
|
|
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-190",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-10142",
|
|
"Impact": "High",
|
|
"Public": "20190730"
|
|
},
|
|
{
|
|
"ID": "CVE-2019-11833",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
|
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
|
"CWE": "CWE-908",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11833",
|
|
"Impact": "Low",
|
|
"Public": "20190515"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:10",
|
|
"cpe:/o:alt:spserver:10"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191892001",
|
|
"Comment": "kernel-doc-un is earlier than 1:5.0.18-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191892002",
|
|
"Comment": "kernel-headers-modules-un-def is earlier than 1:5.0.18-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191892003",
|
|
"Comment": "kernel-headers-un-def is earlier than 1:5.0.18-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191892004",
|
|
"Comment": "kernel-image-domU-un-def is earlier than 1:5.0.18-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191892005",
|
|
"Comment": "kernel-image-un-def is earlier than 1:5.0.18-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191892006",
|
|
"Comment": "kernel-modules-drm-ancient-un-def is earlier than 1:5.0.18-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191892007",
|
|
"Comment": "kernel-modules-drm-nouveau-un-def is earlier than 1:5.0.18-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191892008",
|
|
"Comment": "kernel-modules-drm-radeon-un-def is earlier than 1:5.0.18-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191892009",
|
|
"Comment": "kernel-modules-drm-un-def is earlier than 1:5.0.18-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191892010",
|
|
"Comment": "kernel-modules-ide-un-def is earlier than 1:5.0.18-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191892011",
|
|
"Comment": "kernel-modules-kvm-un-def is earlier than 1:5.0.18-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191892012",
|
|
"Comment": "kernel-modules-staging-un-def is earlier than 1:5.0.18-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20191892013",
|
|
"Comment": "kernel-modules-v4l-un-def is earlier than 1:5.0.18-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |