299 lines
14 KiB
JSON
299 lines
14 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20171967",
|
|
"Version": "oval:org.altlinux.errata:def:20171967",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2017-1967: package `kernel-image-un-def` update to version 4.12.4-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c9f2"
|
|
],
|
|
"Products": [
|
|
"ALT SPWorkstation",
|
|
"ALT SPServer"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2017-1967",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-1967",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-01593",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-01593",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-01594",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-01594",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-01748",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-01748",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2017-02025",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2017-02025",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2018-00521",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2018-00521",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2023-00939",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2023-00939",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-1000370",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000370",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-1000371",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000371",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-10663",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10663",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-11473",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11473",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-18079",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18079",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-7541",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-7541",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2017-7542",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-7542",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades kernel-image-un-def to version 4.12.4-alt1. \nSecurity Fix(es):\n\n * BDU:2017-01593: Уязвимость патча offset2lib ядра операционной системы Linux, позволяющая нарушителю получить доступ к странице защиты стека\n\n * BDU:2017-01594: Уязвимость патча offset2lib ядра операционной системы Linux, позволяющая нарушителю получить доступ к странице защиты стека\n\n * BDU:2017-01748: Уязвимость функции mp_override_legacy_irq ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2017-02025: Уязвимость функции sanity_check_ckpt операционной системы Linux, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2018-00521: Уязвимость драйвера контроллера i8042 операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие\n\n * BDU:2023-00939: Уязвимость функции brcmf_cfg80211_mgmt_tx в drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c ядра операционной системы Linux, позволяющая нарушителю вызывать отказ в обслуживании или повысить свои привилегии.\n\n * CVE-2017-1000370: The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems.\n\n * CVE-2017-1000371: The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This affects Linux Kernel version 4.11.5. This is a different issue than CVE-2017-1000370 and CVE-2017-1000365. This issue appears to be limited to i386 based systems.\n\n * CVE-2017-10663: The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.\n\n * CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.\n\n * CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port-\u003eexists value can change after it is validated.\n\n * CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet.\n\n * CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2017-08-02"
|
|
},
|
|
"Updated": {
|
|
"Date": "2017-08-02"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2017-01593",
|
|
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-264",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-01593",
|
|
"Impact": "High",
|
|
"Public": "20170618"
|
|
},
|
|
{
|
|
"ID": "BDU:2017-01594",
|
|
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-264",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-01594",
|
|
"Impact": "High",
|
|
"Public": "20170618"
|
|
},
|
|
{
|
|
"ID": "BDU:2017-01748",
|
|
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-119, CWE-120",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-01748",
|
|
"Impact": "High",
|
|
"Public": "20170719"
|
|
},
|
|
{
|
|
"ID": "BDU:2017-02025",
|
|
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-129",
|
|
"Href": "https://bdu.fstec.ru/vul/2017-02025",
|
|
"Impact": "High",
|
|
"Public": "20170516"
|
|
},
|
|
{
|
|
"ID": "BDU:2018-00521",
|
|
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-476",
|
|
"Href": "https://bdu.fstec.ru/vul/2018-00521",
|
|
"Impact": "High",
|
|
"Public": "20170712"
|
|
},
|
|
{
|
|
"ID": "BDU:2023-00939",
|
|
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://bdu.fstec.ru/vul/2023-00939",
|
|
"Impact": "High",
|
|
"Public": "20170712"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2017-1000370",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "NVD-CWE-noinfo",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000370",
|
|
"Impact": "High",
|
|
"Public": "20170619"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-1000371",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "NVD-CWE-noinfo",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000371",
|
|
"Impact": "High",
|
|
"Public": "20170619"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-10663",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-129",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10663",
|
|
"Impact": "High",
|
|
"Public": "20170819"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-11473",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-120",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11473",
|
|
"Impact": "High",
|
|
"Public": "20170720"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-18079",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-476",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-18079",
|
|
"Impact": "High",
|
|
"Public": "20180129"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-7541",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-7541",
|
|
"Impact": "High",
|
|
"Public": "20170725"
|
|
},
|
|
{
|
|
"ID": "CVE-2017-7542",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
|
|
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "CWE-190",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-7542",
|
|
"Impact": "Low",
|
|
"Public": "20170721"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:8.4",
|
|
"cpe:/o:alt:spserver:8.4"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171967001",
|
|
"Comment": "kernel-doc-un is earlier than 1:4.12.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171967002",
|
|
"Comment": "kernel-headers-modules-un-def is earlier than 1:4.12.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171967003",
|
|
"Comment": "kernel-headers-un-def is earlier than 1:4.12.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171967004",
|
|
"Comment": "kernel-image-domU-un-def is earlier than 1:4.12.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171967005",
|
|
"Comment": "kernel-image-un-def is earlier than 1:4.12.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171967006",
|
|
"Comment": "kernel-modules-drm-nouveau-un-def is earlier than 1:4.12.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171967007",
|
|
"Comment": "kernel-modules-drm-radeon-un-def is earlier than 1:4.12.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171967008",
|
|
"Comment": "kernel-modules-drm-un-def is earlier than 1:4.12.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171967009",
|
|
"Comment": "kernel-modules-ide-un-def is earlier than 1:4.12.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171967010",
|
|
"Comment": "kernel-modules-kvm-un-def is earlier than 1:4.12.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171967011",
|
|
"Comment": "kernel-modules-staging-un-def is earlier than 1:4.12.4-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171967012",
|
|
"Comment": "kernel-modules-v4l-un-def is earlier than 1:4.12.4-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |