pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
912b27fb15
vuln-list-alt/oval/c9f2/ALT-PU-2017-2206/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

383 lines
19 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20172206",
"Version": "oval:org.altlinux.errata:def:20172206",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2017-2206: package `kernel-image-un-def` update to version 4.13.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2017-2206",
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-2206",
"Source": "ALTPU"
},
{
"RefID": "BDU:2017-01627",
"RefURL": "https://bdu.fstec.ru/vul/2017-01627",
"Source": "BDU"
},
{
"RefID": "BDU:2017-01628",
"RefURL": "https://bdu.fstec.ru/vul/2017-01628",
"Source": "BDU"
},
{
"RefID": "BDU:2017-02293",
"RefURL": "https://bdu.fstec.ru/vul/2017-02293",
"Source": "BDU"
},
{
"RefID": "BDU:2018-00569",
"RefURL": "https://bdu.fstec.ru/vul/2018-00569",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00221",
"RefURL": "https://bdu.fstec.ru/vul/2019-00221",
"Source": "BDU"
},
{
"RefID": "CVE-2017-14497",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-14497",
"Source": "CVE"
},
{
"RefID": "CVE-2017-15127",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15127",
"Source": "CVE"
},
{
"RefID": "CVE-2017-18193",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18193",
"Source": "CVE"
},
{
"RefID": "CVE-2017-18200",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18200",
"Source": "CVE"
},
{
"RefID": "CVE-2017-18218",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18218",
"Source": "CVE"
},
{
"RefID": "CVE-2017-18241",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18241",
"Source": "CVE"
},
{
"RefID": "CVE-2017-18261",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18261",
"Source": "CVE"
},
{
"RefID": "CVE-2017-18549",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18549",
"Source": "CVE"
},
{
"RefID": "CVE-2017-18550",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18550",
"Source": "CVE"
},
{
"RefID": "CVE-2017-7558",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-7558",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9984",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9984",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9985",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9985",
"Source": "CVE"
},
{
"RefID": "CVE-2018-10087",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-10087",
"Source": "CVE"
},
{
"RefID": "CVE-2018-10124",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-10124",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-un-def to version 4.13.0-alt1. \nSecurity Fix(es):\n\n * BDU:2017-01627: Уязвимость функции snd_msndmidi_input_read (sound/isa/msnd/msnd_midi.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие\n\n * BDU:2017-01628: Уязвимость функции snd_msnd_interrupt (sound/isa/msnd/msnd_pinnacle.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие\n\n * BDU:2017-02293: Уязвимость функции tpacket_rcv (net/packet/af_packet.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие\n\n * BDU:2018-00569: Уязвимость компонента hns_enet.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-00221: Уязвимость реализации стека протоколов SCTP ядра операционной системы Linux, позволяющая нарушителю вызвать утечку памяти\n\n * CVE-2017-14497: The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls.\n\n * CVE-2017-15127: A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).\n\n * CVE-2017-18193: fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads.\n\n * CVE-2017-18200: The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim.\n\n * CVE-2017-18218: In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit.\n\n * CVE-2017-18241: fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.\n\n * CVE-2017-18261: The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER.\n\n * CVE-2017-18549: An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure.\n\n * CVE-2017-18550: An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.\n\n * CVE-2017-7558: A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace.\n\n * CVE-2017-9984: The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a \"double fetch\" vulnerability.\n\n * CVE-2017-9985: The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a \"double fetch\" vulnerability.\n\n * CVE-2018-10087: The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.\n\n * CVE-2018-10124: The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2017-09-14"
},
"Updated": {
"Date": "2017-09-14"
},
"BDUs": [
{
"ID": "BDU:2017-01627",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2017-01627",
"Impact": "High",
"Public": "20170628"
},
{
"ID": "BDU:2017-01628",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2017-01628",
"Impact": "High",
"Public": "20170628"
},
{
"ID": "BDU:2017-02293",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-02293",
"Impact": "High",
"Public": "20170829"
},
{
"ID": "BDU:2018-00569",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2018-00569",
"Impact": "High",
"Public": "20170706"
},
{
"ID": "BDU:2019-00221",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-119, CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-00221",
"Impact": "High",
"Public": "20170823"
}
],
"CVEs": [
{
"ID": "CVE-2017-14497",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-14497",
"Impact": "High",
"Public": "20170915"
},
{
"ID": "CVE-2017-15127",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-460",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15127",
"Impact": "Low",
"Public": "20180114"
},
{
"ID": "CVE-2017-18193",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-18193",
"Impact": "Low",
"Public": "20180222"
},
{
"ID": "CVE-2017-18200",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-18200",
"Impact": "Low",
"Public": "20180226"
},
{
"ID": "CVE-2017-18218",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-18218",
"Impact": "High",
"Public": "20180305"
},
{
"ID": "CVE-2017-18241",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-18241",
"Impact": "Low",
"Public": "20180321"
},
{
"ID": "CVE-2017-18261",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-18261",
"Impact": "Low",
"Public": "20180419"
},
{
"ID": "CVE-2017-18549",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-18549",
"Impact": "Low",
"Public": "20190819"
},
{
"ID": "CVE-2017-18550",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-18550",
"Impact": "Low",
"Public": "20190819"
},
{
"ID": "CVE-2017-7558",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-7558",
"Impact": "High",
"Public": "20180726"
},
{
"ID": "CVE-2017-9984",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9984",
"Impact": "High",
"Public": "20170628"
},
{
"ID": "CVE-2017-9985",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9985",
"Impact": "High",
"Public": "20170628"
},
{
"ID": "CVE-2018-10087",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-10087",
"Impact": "Low",
"Public": "20180413"
},
{
"ID": "CVE-2018-10124",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-10124",
"Impact": "Low",
"Public": "20180416"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20172206001",
"Comment": "kernel-doc-un is earlier than 1:4.13.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172206002",
"Comment": "kernel-headers-modules-un-def is earlier than 1:4.13.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172206003",
"Comment": "kernel-headers-un-def is earlier than 1:4.13.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172206004",
"Comment": "kernel-image-domU-un-def is earlier than 1:4.13.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172206005",
"Comment": "kernel-image-un-def is earlier than 1:4.13.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172206006",
"Comment": "kernel-modules-drm-nouveau-un-def is earlier than 1:4.13.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172206007",
"Comment": "kernel-modules-drm-radeon-un-def is earlier than 1:4.13.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172206008",
"Comment": "kernel-modules-drm-un-def is earlier than 1:4.13.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172206009",
"Comment": "kernel-modules-ide-un-def is earlier than 1:4.13.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172206010",
"Comment": "kernel-modules-kvm-un-def is earlier than 1:4.13.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172206011",
"Comment": "kernel-modules-staging-un-def is earlier than 1:4.13.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172206012",
"Comment": "kernel-modules-v4l-un-def is earlier than 1:4.13.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink