pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
965bfc23c8
vuln-list-alt/oval/c9f2/ALT-PU-2021-2054/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

185 lines
8.3 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20212054",
"Version": "oval:org.altlinux.errata:def:20212054",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-2054: package `openvswitch` update to version 2.14.2-alt0.p9",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-2054",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-2054",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-01134",
"RefURL": "https://bdu.fstec.ru/vul/2021-01134",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01805",
"RefURL": "https://bdu.fstec.ru/vul/2021-01805",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01890",
"RefURL": "https://bdu.fstec.ru/vul/2021-01890",
"Source": "BDU"
},
{
"RefID": "CVE-2015-8011",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-8011",
"Source": "CVE"
},
{
"RefID": "CVE-2020-27827",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-27827",
"Source": "CVE"
},
{
"RefID": "CVE-2020-35498",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-35498",
"Source": "CVE"
}
],
"Description": "This update upgrades openvswitch to version 2.14.2-alt0.p9. \nSecurity Fix(es):\n\n * BDU:2021-01134: Уязвимость микропрограммного обеспечения коммутатора Open vSwitch, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01805: Уязвимость реализации протокола LLDP под Unix Lldpd, программного многоуровневого коммутатора Open vSwitch, связанная с ошибкой механизма контроля расходуемых ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01890: Уязвимость функции lldp_decode компонента daemon/protocols/lldp.c реализации протокола LLDP под Unix Lldpd, связанная с переполнением буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2015-8011: Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.\n\n * CVE-2020-27827: A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.\n\n * CVE-2020-35498: A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-06-24"
},
"Updated": {
"Date": "2021-06-24"
},
"BDUs": [
{
"ID": "BDU:2021-01134",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2021-01134",
"Impact": "High",
"Public": "20210210"
},
{
"ID": "BDU:2021-01805",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2021-01805",
"Impact": "High",
"Public": "20200922"
},
{
"ID": "BDU:2021-01890",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2021-01890",
"Impact": "Critical",
"Public": "20151001"
}
],
"CVEs": [
{
"ID": "CVE-2015-8011",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-8011",
"Impact": "Critical",
"Public": "20200128"
},
{
"ID": "CVE-2020-27827",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-27827",
"Impact": "High",
"Public": "20210318"
},
{
"ID": "CVE-2020-35498",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-35498",
"Impact": "High",
"Public": "20210211"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20212054001",
"Comment": "libopenvswitch is earlier than 0:2.14.2-alt0.p9"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212054002",
"Comment": "libopenvswitch-devel is earlier than 0:2.14.2-alt0.p9"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212054003",
"Comment": "openvswitch is earlier than 0:2.14.2-alt0.p9"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212054004",
"Comment": "openvswitch-debugtools is earlier than 0:2.14.2-alt0.p9"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212054005",
"Comment": "openvswitch-ipsec is earlier than 0:2.14.2-alt0.p9"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212054006",
"Comment": "openvswitch-vtep is earlier than 0:2.14.2-alt0.p9"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212054007",
"Comment": "python-module-openvswitch is earlier than 0:2.14.2-alt0.p9"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212054008",
"Comment": "python3-module-openvswitch is earlier than 0:2.14.2-alt0.p9"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink