183 lines
7.3 KiB
JSON
183 lines
7.3 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20203256",
|
|
"Version": "oval:org.altlinux.errata:def:20203256",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2020-3256: package `kernel-image-un-def` update to version 5.9.7-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p10"
|
|
],
|
|
"Products": [
|
|
"ALT Server",
|
|
"ALT Virtualization Server",
|
|
"ALT Workstation",
|
|
"ALT Workstation K",
|
|
"ALT Education",
|
|
"Simply Linux",
|
|
"Starterkit"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2020-3256",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-3256",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2020-05544",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2020-05544",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2020-27815",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-27815",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2020-28974",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28974",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades kernel-image-un-def to version 5.9.7-alt1. \nSecurity Fix(es):\n\n * BDU:2020-05544: Уязвимость функции KD_FONT_OP_COPY драйвера fbcon ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании\n\n * CVE-2020-27815: A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\n\n * CVE-2020-28974: A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2020-11-11"
|
|
},
|
|
"Updated": {
|
|
"Date": "2020-11-11"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2020-05544",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:C",
|
|
"CVSS3": "AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
|
|
"CWE": "CWE-125",
|
|
"Href": "https://bdu.fstec.ru/vul/2020-05544",
|
|
"Impact": "Low",
|
|
"Public": "20201108"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2020-27815",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:C",
|
|
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-27815",
|
|
"Impact": "High",
|
|
"Public": "20210526"
|
|
},
|
|
{
|
|
"ID": "CVE-2020-28974",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:C",
|
|
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
|
|
"CWE": "CWE-125",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28974",
|
|
"Impact": "Low",
|
|
"Public": "20201120"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:kworkstation:10",
|
|
"cpe:/o:alt:workstation:10",
|
|
"cpe:/o:alt:server:10",
|
|
"cpe:/o:alt:server-v:10",
|
|
"cpe:/o:alt:education:10",
|
|
"cpe:/o:alt:slinux:10",
|
|
"cpe:/o:alt:starterkit:p10",
|
|
"cpe:/o:alt:kworkstation:10.1",
|
|
"cpe:/o:alt:workstation:10.1",
|
|
"cpe:/o:alt:server:10.1",
|
|
"cpe:/o:alt:server-v:10.1",
|
|
"cpe:/o:alt:education:10.1",
|
|
"cpe:/o:alt:slinux:10.1",
|
|
"cpe:/o:alt:starterkit:10.1",
|
|
"cpe:/o:alt:kworkstation:10.2",
|
|
"cpe:/o:alt:workstation:10.2",
|
|
"cpe:/o:alt:server:10.2",
|
|
"cpe:/o:alt:server-v:10.2",
|
|
"cpe:/o:alt:education:10.2",
|
|
"cpe:/o:alt:slinux:10.2",
|
|
"cpe:/o:alt:starterkit:10.2"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:2001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203256001",
|
|
"Comment": "kernel-doc-un is earlier than 1:5.9.7-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203256002",
|
|
"Comment": "kernel-headers-modules-un-def is earlier than 1:5.9.7-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203256003",
|
|
"Comment": "kernel-headers-un-def is earlier than 1:5.9.7-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203256004",
|
|
"Comment": "kernel-image-domU-un-def is earlier than 1:5.9.7-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203256005",
|
|
"Comment": "kernel-image-un-def is earlier than 1:5.9.7-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203256006",
|
|
"Comment": "kernel-modules-drm-ancient-un-def is earlier than 1:5.9.7-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203256007",
|
|
"Comment": "kernel-modules-drm-nouveau-un-def is earlier than 1:5.9.7-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203256008",
|
|
"Comment": "kernel-modules-drm-radeon-un-def is earlier than 1:5.9.7-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203256009",
|
|
"Comment": "kernel-modules-drm-un-def is earlier than 1:5.9.7-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203256010",
|
|
"Comment": "kernel-modules-ide-un-def is earlier than 1:5.9.7-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203256011",
|
|
"Comment": "kernel-modules-staging-un-def is earlier than 1:5.9.7-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20203256012",
|
|
"Comment": "kernel-modules-v4l-un-def is earlier than 1:5.9.7-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |