pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2019-3180/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

761 lines
40 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20193180",
"Version": "oval:org.altlinux.errata:def:20193180",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-3180: package `kernel-image-un-def` update to version 5.3.13-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-3180",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-3180",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-04662",
"RefURL": "https://bdu.fstec.ru/vul/2019-04662",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04664",
"RefURL": "https://bdu.fstec.ru/vul/2019-04664",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04666",
"RefURL": "https://bdu.fstec.ru/vul/2019-04666",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04801",
"RefURL": "https://bdu.fstec.ru/vul/2019-04801",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04802",
"RefURL": "https://bdu.fstec.ru/vul/2019-04802",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04806",
"RefURL": "https://bdu.fstec.ru/vul/2019-04806",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04807",
"RefURL": "https://bdu.fstec.ru/vul/2019-04807",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04809",
"RefURL": "https://bdu.fstec.ru/vul/2019-04809",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04810",
"RefURL": "https://bdu.fstec.ru/vul/2019-04810",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04811",
"RefURL": "https://bdu.fstec.ru/vul/2019-04811",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04828",
"RefURL": "https://bdu.fstec.ru/vul/2019-04828",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04833",
"RefURL": "https://bdu.fstec.ru/vul/2019-04833",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04854",
"RefURL": "https://bdu.fstec.ru/vul/2019-04854",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04855",
"RefURL": "https://bdu.fstec.ru/vul/2019-04855",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04856",
"RefURL": "https://bdu.fstec.ru/vul/2019-04856",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00119",
"RefURL": "https://bdu.fstec.ru/vul/2020-00119",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00157",
"RefURL": "https://bdu.fstec.ru/vul/2020-00157",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00160",
"RefURL": "https://bdu.fstec.ru/vul/2020-00160",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00290",
"RefURL": "https://bdu.fstec.ru/vul/2020-00290",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00304",
"RefURL": "https://bdu.fstec.ru/vul/2020-00304",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01077",
"RefURL": "https://bdu.fstec.ru/vul/2020-01077",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01564",
"RefURL": "https://bdu.fstec.ru/vul/2020-01564",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02159",
"RefURL": "https://bdu.fstec.ru/vul/2020-02159",
"Source": "BDU"
},
{
"RefID": "CVE-2019-19036",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19036",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19037",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19037",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19039",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19039",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19043",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19043",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19046",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19046",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19054",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19054",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19055",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19055",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19056",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19056",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19057",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19057",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19058",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19058",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19059",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19059",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19062",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19062",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19063",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19063",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19064",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19064",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19066",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19066",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19068",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19068",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19072",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19072",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19073",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19073",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19077",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19077",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19082",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19082",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19318",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19318",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19448",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19448",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19524",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19524",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-un-def to version 5.3.13-alt1. \nSecurity Fix(es):\n\n * BDU:2019-04662: Уязвимость функции mwifiex_pcie_alloc_cmdrsp_buf() (drivers/net/wireless/marvell/mwifiex/pcie.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04664: Уязвимость функции nl80211_get_ftm_responder_stats() (net/wireless/nl80211.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04666: Уязвимость функции cx23888_ir_probe() (drivers/media/pci/cx23885/cx23888-ir.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04801: Уязвимость функции rtl_usb_probe() (drivers/net/wireless/realtek/rtlwifi/usb.c ) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04802: Уязвимость функции crypto_report() (crypto/crypto_user_base.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04806: Уязвимость функции alloc_sgtable() (drivers/net/wireless/intel/iwlwifi/fw/dbg.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04807: Уязвимость функции mwifiex_pcie_init_evt_ring() (drivers/net/wireless/marvell/mwifiex/pcie.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04809: Уязвимость функции bfad_im_get_stats() (drivers/scsi/bfa/bfad_attr.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04810: Уязвимость функции rtl8xxxu_submit_int_urb() (drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04811: Уязвимость функции iwl_pcie_ctxt_info_gen3_init() (drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04828: Уязвимость функции fsl_lpspi_probe() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04833: Уязвимость драйверов drivers/net/wireless/ath/ath9k/htc_hst.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04854: Уязвимость функции __btrfs_free_extent (fs/btrfs/extent-tree.c) ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2019-04855: Уязвимость функции ext4_empty_dir (fs/ext4/namei.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04856: Уязвимость функции btrfs_root_node (fs/btrfs/ctree.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00119: Уязвимость функции create_resource_pool() (drivers/gpu/drm/amd/display/dc) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00157: Уязвимость функции bnxt_re_create_srq() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00160: Уязвимость функции predicate_parse() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00290: Уязвимость драйвера drivers/input/ff-memless.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00304: Уязвимость функции try_merge_free_space ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2020-01077: Уязвимость функции rwsem_down_write_slowpath (kernel/locking/rwsem.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-01564: Уязвимость функции the__ipmi_bmc_register() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02159: Уязвимость функции « i40e_setup_macvlans» в ядре операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2019-19036: btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root-\u003enode) can be zero.\n\n * CVE-2019-19037: ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.\n\n * CVE-2019-19039: __btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as not being a vulnerability because “1) The kernel provide facilities to restrict access to dmesg - dmesg_restrict=1 sysctl option. So it's really up to the system administrator to judge whether dmesg access shall be disallowed or not. 2) WARN/WARN_ON are widely used macros in the linux kernel. If this CVE is considered valid this would mean there are literally thousands CVE lurking in the kernel - something which clearly is not the case.\n\n * CVE-2019-19043: A memory leak in the i40e_setup_macvlans() function in drivers/net/ethernet/intel/i40e/i40e_main.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering i40e_setup_channel() failures, aka CID-27d461333459.\n\n * CVE-2019-19046: A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time\n\n * CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.\n\n * CVE-2019-19055: A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred\n\n * CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932.\n\n * CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.\n\n * CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5.\n\n * CVE-2019-19059: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa.\n\n * CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.\n\n * CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.\n\n * CVE-2019-19064: A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering pm_runtime_get_sync() failures, aka CID-057b8945f78f. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control these failures at probe time\n\n * CVE-2019-19066: A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.\n\n * CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.\n\n * CVE-2019-19072: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.\n\n * CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10.\n\n * CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14.\n\n * CVE-2019-19082: Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, aka CID-104c307147ad.\n\n * CVE-2019-19318: In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,\n\n * CVE-2019-19448: In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.\n\n * CVE-2019-19524: In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-11-24"
},
"Updated": {
"Date": "2019-11-24"
},
"BDUs": [
{
"ID": "BDU:2019-04662",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2019-04662",
"Impact": "Low",
"Public": "20191009"
},
{
"ID": "BDU:2019-04664",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2019-04664",
"Impact": "Low",
"Public": "20191007"
},
{
"ID": "BDU:2019-04666",
"CVSS": "AV:L/AC:M/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2019-04666",
"Impact": "Low",
"Public": "20191007"
},
{
"ID": "BDU:2019-04801",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2019-04801",
"Impact": "High",
"Public": "20191001"
},
{
"ID": "BDU:2019-04802",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2019-04802",
"Impact": "Low",
"Public": "20191010"
},
{
"ID": "BDU:2019-04806",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2019-04806",
"Impact": "High",
"Public": "20191009"
},
{
"ID": "BDU:2019-04807",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2019-04807",
"Impact": "Low",
"Public": "20191009"
},
{
"ID": "BDU:2019-04809",
"CVSS": "AV:L/AC:M/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2019-04809",
"Impact": "Low",
"Public": "20190930"
},
{
"ID": "BDU:2019-04810",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2019-04810",
"Impact": "Low",
"Public": "20191002"
},
{
"ID": "BDU:2019-04811",
"CVSS": "AV:L/AC:M/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2019-04811",
"Impact": "Low",
"Public": "20191009"
},
{
"ID": "BDU:2019-04828",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2019-04828",
"Impact": "High",
"Public": "20191001"
},
{
"ID": "BDU:2019-04833",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2019-04833",
"Impact": "Low",
"Public": "20190910"
},
{
"ID": "BDU:2019-04854",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-532",
"Href": "https://bdu.fstec.ru/vul/2019-04854",
"Impact": "Low",
"Public": "20191119"
},
{
"ID": "BDU:2019-04855",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2019-04855",
"Impact": "Low",
"Public": "20191120"
},
{
"ID": "BDU:2019-04856",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2019-04856",
"Impact": "Low",
"Public": "20190909"
},
{
"ID": "BDU:2020-00119",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2020-00119",
"Impact": "Low",
"Public": "20190925"
},
{
"ID": "BDU:2020-00157",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2020-00157",
"Impact": "Low",
"Public": "20190913"
},
{
"ID": "BDU:2020-00160",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2020-00160",
"Impact": "Low",
"Public": "20190928"
},
{
"ID": "BDU:2020-00290",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00290",
"Impact": "Low",
"Public": "20191115"
},
{
"ID": "BDU:2020-00304",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00304",
"Impact": "High",
"Public": "20191206"
},
{
"ID": "BDU:2020-01077",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-01077",
"Impact": "Low",
"Public": "20190924"
},
{
"ID": "BDU:2020-01564",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2020-01564",
"Impact": "Low",
"Public": "20191022"
},
{
"ID": "BDU:2020-02159",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2020-02159",
"Impact": "Low",
"Public": "20191106"
}
],
"CVEs": [
{
"ID": "CVE-2019-19036",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19036",
"Impact": "Low",
"Public": "20191121"
},
{
"ID": "CVE-2019-19037",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19037",
"Impact": "Low",
"Public": "20191121"
},
{
"ID": "CVE-2019-19039",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-532",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19039",
"Impact": "Low",
"Public": "20191121"
},
{
"ID": "CVE-2019-19043",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19043",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19046",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19046",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19054",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19054",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19055",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19055",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19056",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19056",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19057",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19057",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19058",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19058",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19059",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19059",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19062",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19062",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19063",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19063",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19064",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19064",
"Impact": "High",
"Public": "20191118"
},
{
"ID": "CVE-2019-19066",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19066",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19068",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19068",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19072",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19072",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19073",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19073",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19077",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19077",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19082",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19082",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19318",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19318",
"Impact": "Low",
"Public": "20191128"
},
{
"ID": "CVE-2019-19448",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19448",
"Impact": "High",
"Public": "20191208"
},
{
"ID": "CVE-2019-19524",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19524",
"Impact": "Low",
"Public": "20191203"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20193180001",
"Comment": "kernel-doc-un is earlier than 1:5.3.13-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193180002",
"Comment": "kernel-headers-modules-un-def is earlier than 1:5.3.13-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193180003",
"Comment": "kernel-headers-un-def is earlier than 1:5.3.13-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193180004",
"Comment": "kernel-image-domU-un-def is earlier than 1:5.3.13-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193180005",
"Comment": "kernel-image-un-def is earlier than 1:5.3.13-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193180006",
"Comment": "kernel-modules-drm-ancient-un-def is earlier than 1:5.3.13-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193180007",
"Comment": "kernel-modules-drm-nouveau-un-def is earlier than 1:5.3.13-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193180008",
"Comment": "kernel-modules-drm-radeon-un-def is earlier than 1:5.3.13-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193180009",
"Comment": "kernel-modules-drm-un-def is earlier than 1:5.3.13-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193180010",
"Comment": "kernel-modules-ide-un-def is earlier than 1:5.3.13-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193180011",
"Comment": "kernel-modules-staging-un-def is earlier than 1:5.3.13-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193180012",
"Comment": "kernel-modules-v4l-un-def is earlier than 1:5.3.13-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink