pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2020-3408/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

173 lines
7.0 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20203408",
"Version": "oval:org.altlinux.errata:def:20203408",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-3408: package `kernel-image-std-def` update to version 5.4.80-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-3408",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-3408",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-05454",
"RefURL": "https://bdu.fstec.ru/vul/2020-05454",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03412",
"RefURL": "https://bdu.fstec.ru/vul/2021-03412",
"Source": "BDU"
},
{
"RefID": "CVE-2020-25669",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25669",
"Source": "CVE"
},
{
"RefID": "CVE-2020-4788",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-4788",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-std-def to version 5.4.80-alt1. \nSecurity Fix(es):\n\n * BDU:2020-05454: Уязвимость функции sunkbd_reinit() (drivers/input/keyboard/sunkbd.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-03412: Уязвимость ядра операционной системы Linux, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * CVE-2020-25669: A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.\n\n * CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-11-25"
},
"Updated": {
"Date": "2020-11-25"
},
"BDUs": [
{
"ID": "BDU:2020-05454",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-05454",
"Impact": "High",
"Public": "20201108"
},
{
"ID": "BDU:2021-03412",
"CVSS": "AV:L/AC:M/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2021-03412",
"Impact": "Low",
"Public": "20201120"
}
],
"CVEs": [
{
"ID": "CVE-2020-25669",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25669",
"Impact": "High",
"Public": "20210526"
},
{
"ID": "CVE-2020-4788",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-4788",
"Impact": "Low",
"Public": "20201120"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20203408001",
"Comment": "kernel-doc-std is earlier than 2:5.4.80-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203408002",
"Comment": "kernel-headers-modules-std-def is earlier than 2:5.4.80-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203408003",
"Comment": "kernel-headers-std-def is earlier than 2:5.4.80-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203408004",
"Comment": "kernel-image-domU-std-def is earlier than 2:5.4.80-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203408005",
"Comment": "kernel-image-std-def is earlier than 2:5.4.80-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203408006",
"Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.4.80-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203408007",
"Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.4.80-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203408008",
"Comment": "kernel-modules-drm-radeon-std-def is earlier than 2:5.4.80-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203408009",
"Comment": "kernel-modules-drm-std-def is earlier than 2:5.4.80-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203408010",
"Comment": "kernel-modules-ide-std-def is earlier than 2:5.4.80-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203408011",
"Comment": "kernel-modules-staging-std-def is earlier than 2:5.4.80-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203408012",
"Comment": "kernel-modules-v4l-std-def is earlier than 2:5.4.80-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink