vuln-list-alt/oval/c9f2/ALT-PU-2016-2356/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20162356",
      "Version": "oval:org.altlinux.errata:def:20162356",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2016-2356: package `kernel-modules-virtualbox-un-def` update to version 5.1.10-alt1.264202.1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c9f2"
            ],
            "Products": [
              "ALT SPWorkstation",
              "ALT SPServer"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2016-2356",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2016-2356",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2016-5501",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5501",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2016-5608",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5608",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2016-5610",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5610",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2016-5611",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5611",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2016-5613",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5613",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades kernel-modules-virtualbox-un-def to version 5.1.10-alt1.264202.1. \nSecurity Fix(es):\n\n * CVE-2016-5501: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538.\n\n * CVE-2016-5608: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613.\n\n * CVE-2016-5610: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core.\n\n * CVE-2016-5611: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.\n\n * CVE-2016-5613: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2016-11-24"
          },
          "Updated": {
            "Date": "2016-11-24"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2016-5501",
              "CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
              "CVSS3": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
              "CWE": "NVD-CWE-noinfo",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5501",
              "Impact": "High",
              "Public": "20161025"
            },
            {
              "ID": "CVE-2016-5608",
              "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
              "CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-284",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5608",
              "Impact": "Low",
              "Public": "20161025"
            },
            {
              "ID": "CVE-2016-5610",
              "CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
              "CWE": "CWE-284",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5610",
              "Impact": "Low",
              "Public": "20161025"
            },
            {
              "ID": "CVE-2016-5611",
              "CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
              "CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
              "CWE": "CWE-200",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5611",
              "Impact": "Low",
              "Public": "20161025"
            },
            {
              "ID": "CVE-2016-5613",
              "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
              "CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
              "CWE": "CWE-284",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5613",
              "Impact": "Low",
              "Public": "20161025"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:8.4",
              "cpe:/o:alt:spserver:8.4"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20162356001",
                "Comment": "kernel-modules-virtualbox-un-def is earlier than 0:5.1.10-alt1.264202.1"
              }
            ]
          }
        ]
      }
    }
  ]
}