vuln-list-alt/oval/c9f2/ALT-PU-2018-1657/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20181657",
      "Version": "oval:org.altlinux.errata:def:20181657",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2018-1657: package `qemu` update to version 2.12.0-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c9f2"
            ],
            "Products": [
              "ALT SPWorkstation",
              "ALT SPServer"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2018-1657",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2018-1657",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2018-00091",
            "RefURL": "https://bdu.fstec.ru/vul/2018-00091",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2018-01508",
            "RefURL": "https://bdu.fstec.ru/vul/2018-01508",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2019-00716",
            "RefURL": "https://bdu.fstec.ru/vul/2019-00716",
            "Source": "BDU"
          },
          {
            "RefID": "BDU:2019-00721",
            "RefURL": "https://bdu.fstec.ru/vul/2019-00721",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2017-16845",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-16845",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2018-5683",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5683",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2018-7550",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7550",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2018-7858",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7858",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades qemu to version 2.12.0-alt1. \nSecurity Fix(es):\n\n * BDU:2018-00091: Уязвимость функции post_load (hw/input/ps2.c) эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю выполнить чтение за границами буфера в динамической памяти\n\n * BDU:2018-01508: Уязвимость функции load_multiboot эмулятора аппаратного обеспечения Qemu, связанная с записью за границами буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании  или выполнить произвольный код\n\n * BDU:2019-00716: Уязвимость функции vga_draw_text эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-00721: Уязвимость эмулятора аппаратного обеспечения QEMU позволяет записывать данные за пределами заданного буфера, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2017-16845: hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.\n\n * CVE-2018-5683: The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.\n\n * CVE-2018-7550: The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.\n\n * CVE-2018-7858: Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Critical",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2018-05-06"
          },
          "Updated": {
            "Date": "2018-05-06"
          },
          "BDUs": [
            {
              "ID": "BDU:2018-00091",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
              "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
              "CWE": "CWE-125",
              "Href": "https://bdu.fstec.ru/vul/2018-00091",
              "Impact": "Critical",
              "Public": "20171115"
            },
            {
              "ID": "BDU:2018-01508",
              "CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
              "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
              "CWE": "CWE-787",
              "Href": "https://bdu.fstec.ru/vul/2018-01508",
              "Impact": "High",
              "Public": "20180228"
            },
            {
              "ID": "BDU:2019-00716",
              "CVSS": "AV:L/AC:L/Au:M/C:N/I:N/A:C",
              "CVSS3": "AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
              "CWE": "CWE-125",
              "Href": "https://bdu.fstec.ru/vul/2019-00716",
              "Impact": "Low",
              "Public": "20180123"
            },
            {
              "ID": "BDU:2019-00721",
              "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
              "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-125",
              "Href": "https://bdu.fstec.ru/vul/2019-00721",
              "Impact": "Low",
              "Public": "20180312"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2017-16845",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H",
              "CWE": "CWE-20",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-16845",
              "Impact": "Critical",
              "Public": "20171117"
            },
            {
              "ID": "CVE-2018-5683",
              "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
              "CWE": "CWE-125",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-5683",
              "Impact": "Low",
              "Public": "20180123"
            },
            {
              "ID": "CVE-2018-7550",
              "CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
              "CWE": "CWE-125",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-7550",
              "Impact": "High",
              "Public": "20180301"
            },
            {
              "ID": "CVE-2018-7858",
              "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
              "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "CWE": "CWE-125",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-7858",
              "Impact": "Low",
              "Public": "20180312"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:8.4",
              "cpe:/o:alt:spserver:8.4"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657001",
                "Comment": "ivshmem-tools is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657002",
                "Comment": "qemu is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657003",
                "Comment": "qemu-audio-alsa is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657004",
                "Comment": "qemu-audio-oss is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657005",
                "Comment": "qemu-audio-pa is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657006",
                "Comment": "qemu-audio-sdl is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657007",
                "Comment": "qemu-aux is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657008",
                "Comment": "qemu-block-curl is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657009",
                "Comment": "qemu-block-dmg is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657010",
                "Comment": "qemu-block-gluster is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657011",
                "Comment": "qemu-block-iscsi is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657012",
                "Comment": "qemu-block-nfs is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657013",
                "Comment": "qemu-block-rbd is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657014",
                "Comment": "qemu-block-ssh is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657015",
                "Comment": "qemu-common is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657016",
                "Comment": "qemu-doc is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657017",
                "Comment": "qemu-guest-agent is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657018",
                "Comment": "qemu-img is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657019",
                "Comment": "qemu-kvm is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657020",
                "Comment": "qemu-kvm-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657021",
                "Comment": "qemu-system is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657022",
                "Comment": "qemu-system-aarch64 is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657023",
                "Comment": "qemu-system-aarch64-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657024",
                "Comment": "qemu-system-alpha is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657025",
                "Comment": "qemu-system-alpha-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657026",
                "Comment": "qemu-system-arm is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657027",
                "Comment": "qemu-system-arm-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657028",
                "Comment": "qemu-system-cris is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657029",
                "Comment": "qemu-system-cris-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657030",
                "Comment": "qemu-system-hppa is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657031",
                "Comment": "qemu-system-hppa-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657032",
                "Comment": "qemu-system-lm32 is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657033",
                "Comment": "qemu-system-lm32-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657034",
                "Comment": "qemu-system-m68k is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657035",
                "Comment": "qemu-system-m68k-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657036",
                "Comment": "qemu-system-microblaze is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657037",
                "Comment": "qemu-system-microblaze-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657038",
                "Comment": "qemu-system-mips is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657039",
                "Comment": "qemu-system-mips-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657040",
                "Comment": "qemu-system-moxie is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657041",
                "Comment": "qemu-system-moxie-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657042",
                "Comment": "qemu-system-nios2 is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657043",
                "Comment": "qemu-system-nios2-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657044",
                "Comment": "qemu-system-or1k is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657045",
                "Comment": "qemu-system-or1k-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657046",
                "Comment": "qemu-system-ppc is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657047",
                "Comment": "qemu-system-ppc-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657048",
                "Comment": "qemu-system-riscv is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657049",
                "Comment": "qemu-system-riscv-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657050",
                "Comment": "qemu-system-s390x is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657051",
                "Comment": "qemu-system-s390x-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657052",
                "Comment": "qemu-system-sh4 is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657053",
                "Comment": "qemu-system-sh4-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657054",
                "Comment": "qemu-system-sparc is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657055",
                "Comment": "qemu-system-sparc-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657056",
                "Comment": "qemu-system-tricore is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657057",
                "Comment": "qemu-system-tricore-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657058",
                "Comment": "qemu-system-unicore32 is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657059",
                "Comment": "qemu-system-unicore32-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657060",
                "Comment": "qemu-system-x86 is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657061",
                "Comment": "qemu-system-x86-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657062",
                "Comment": "qemu-system-xtensa is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657063",
                "Comment": "qemu-system-xtensa-core is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657064",
                "Comment": "qemu-tools is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657065",
                "Comment": "qemu-ui-curses is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657066",
                "Comment": "qemu-ui-gtk is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657067",
                "Comment": "qemu-ui-sdl is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657068",
                "Comment": "qemu-user is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657069",
                "Comment": "qemu-user-binfmt is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657070",
                "Comment": "qemu-user-static is earlier than 0:2.12.0-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20181657071",
                "Comment": "qemu-user-static-binfmt is earlier than 0:2.12.0-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}