pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2020-2214/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

193 lines
8.3 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20202214",
"Version": "oval:org.altlinux.errata:def:20202214",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-2214: package `dpdk` update to version 18.11.8-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-2214",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-2214",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-03905",
"RefURL": "https://bdu.fstec.ru/vul/2020-03905",
"Source": "BDU"
},
{
"RefID": "BDU:2020-03944",
"RefURL": "https://bdu.fstec.ru/vul/2020-03944",
"Source": "BDU"
},
{
"RefID": "BDU:2020-03962",
"RefURL": "https://bdu.fstec.ru/vul/2020-03962",
"Source": "BDU"
},
{
"RefID": "CVE-2020-10722",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-10722",
"Source": "CVE"
},
{
"RefID": "CVE-2020-10723",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-10723",
"Source": "CVE"
},
{
"RefID": "CVE-2020-10724",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-10724",
"Source": "CVE"
}
],
"Description": "This update upgrades dpdk to version 18.11.8-alt1. \nSecurity Fix(es):\n\n * BDU:2020-03905: Уязвимость набора библиотек и драйверов для быстрой обработки пакетов dpdk, связанная с целочисленным переполнением значения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-03944: Уязвимость функции vhost_user_set_log_base набора библиотек и драйверов для быстрой обработки пакетов dpdk, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-03962: Уязвимость модуля vhost-crypto набора библиотек и драйверов для быстрой обработки пакетов dpdk, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * CVE-2020-10722: A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.\n\n * CVE-2020-10723: A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.\n\n * CVE-2020-10724: A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-06-19"
},
"Updated": {
"Date": "2020-06-19"
},
"BDUs": [
{
"ID": "BDU:2020-03905",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2020-03905",
"Impact": "Low",
"Public": "20200519"
},
{
"ID": "BDU:2020-03944",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2020-03944",
"Impact": "Low",
"Public": "20200519"
},
{
"ID": "BDU:2020-03962",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2020-03962",
"Impact": "Low",
"Public": "20200519"
}
],
"CVEs": [
{
"ID": "CVE-2020-10722",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-10722",
"Impact": "Low",
"Public": "20200519"
},
{
"ID": "CVE-2020-10723",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-10723",
"Impact": "Low",
"Public": "20200519"
},
{
"ID": "CVE-2020-10724",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-10724",
"Impact": "Low",
"Public": "20200519"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20202214001",
"Comment": "dpdk is earlier than 0:18.11.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202214002",
"Comment": "dpdk-devel is earlier than 0:18.11.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202214003",
"Comment": "dpdk-examples is earlier than 0:18.11.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202214004",
"Comment": "dpdk-tools is earlier than 0:18.11.8-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink