227 lines
10 KiB
JSON
227 lines
10 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20141065",
|
|
"Version": "oval:org.altlinux.errata:def:20141065",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2014-1065: package `kernel-image-un-def` update to version 3.12.8-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c10f1"
|
|
],
|
|
"Products": [
|
|
"ALT SP Workstation",
|
|
"ALT SP Server"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2014-1065",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-1065",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2014-00101",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2014-00101",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-04307",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-04307",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-04308",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-04308",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-04309",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-04309",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-04310",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-04310",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2013-7339",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-7339",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-1438",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-1438",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-1446",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-1446",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-1690",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-1690",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades kernel-image-un-def to version 3.12.8-alt1. \nSecurity Fix(es):\n\n * BDU:2014-00101: Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании\n\n * BDU:2015-04307: Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-04308: Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-04309: Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-04310: Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.\n\n * CVE-2014-1438: The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application.\n\n * CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.\n\n * CVE-2014-1690: The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Critical",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2014-01-16"
|
|
},
|
|
"Updated": {
|
|
"Date": "2014-01-16"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2014-00101",
|
|
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
|
|
"CWE": "CWE-399",
|
|
"Href": "https://bdu.fstec.ru/vul/2014-00101",
|
|
"Impact": "Low",
|
|
"Public": "20140324"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-04307",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-04307",
|
|
"Impact": "Critical",
|
|
"Public": "20130122"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-04308",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-04308",
|
|
"Impact": "Critical"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-04309",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-04309",
|
|
"Impact": "Critical"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-04310",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-04310",
|
|
"Impact": "Critical"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2013-7339",
|
|
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
|
|
"CWE": "CWE-476",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-7339",
|
|
"Impact": "Low",
|
|
"Public": "20140324"
|
|
},
|
|
{
|
|
"ID": "CVE-2014-1438",
|
|
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
|
|
"CWE": "CWE-264",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-1438",
|
|
"Impact": "Low",
|
|
"Public": "20140118"
|
|
},
|
|
{
|
|
"ID": "CVE-2014-1446",
|
|
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
|
|
"CWE": "CWE-399",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-1446",
|
|
"Impact": "Low",
|
|
"Public": "20140118"
|
|
},
|
|
{
|
|
"ID": "CVE-2014-1690",
|
|
"CVSS": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
|
|
"CWE": "CWE-200",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-1690",
|
|
"Impact": "Low",
|
|
"Public": "20140228"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:10",
|
|
"cpe:/o:alt:spserver:10"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141065001",
|
|
"Comment": "kernel-doc-un is earlier than 1:3.12.8-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141065002",
|
|
"Comment": "kernel-headers-modules-un-def is earlier than 1:3.12.8-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141065003",
|
|
"Comment": "kernel-headers-un-def is earlier than 1:3.12.8-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141065004",
|
|
"Comment": "kernel-image-domU-un-def is earlier than 1:3.12.8-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141065005",
|
|
"Comment": "kernel-image-un-def is earlier than 1:3.12.8-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141065006",
|
|
"Comment": "kernel-modules-drm-nouveau-un-def is earlier than 1:3.12.8-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141065007",
|
|
"Comment": "kernel-modules-drm-radeon-un-def is earlier than 1:3.12.8-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141065008",
|
|
"Comment": "kernel-modules-drm-un-def is earlier than 1:3.12.8-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141065009",
|
|
"Comment": "kernel-modules-ide-un-def is earlier than 1:3.12.8-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141065010",
|
|
"Comment": "kernel-modules-kvm-un-def is earlier than 1:3.12.8-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141065011",
|
|
"Comment": "kernel-modules-staging-un-def is earlier than 1:3.12.8-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141065012",
|
|
"Comment": "kernel-modules-v4l-un-def is earlier than 1:3.12.8-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |