pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2017-1817/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

187 lines
8.1 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20171817",
"Version": "oval:org.altlinux.errata:def:20171817",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2017-1817: package `kernel-image-std-def` update to version 4.9.36-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2017-1817",
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-1817",
"Source": "ALTPU"
},
{
"RefID": "BDU:2017-01480",
"RefURL": "https://bdu.fstec.ru/vul/2017-01480",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00227",
"RefURL": "https://bdu.fstec.ru/vul/2019-00227",
"Source": "BDU"
},
{
"RefID": "CVE-2017-1000365",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000365",
"Source": "CVE"
},
{
"RefID": "CVE-2017-18017",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18017",
"Source": "CVE"
},
{
"RefID": "CVE-2017-7482",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-7482",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-std-def to version 4.9.36-alt1. \nSecurity Fix(es):\n\n * BDU:2017-01480: Уязвимость реализации механизма Stack Guard-Page ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-00227: Уязвимость реализации протокола Keberos v5 ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании\n\n * CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.\n\n * CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.\n\n * CVE-2017-7482: In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2017-07-06"
},
"Updated": {
"Date": "2017-07-06"
},
"BDUs": [
{
"ID": "BDU:2017-01480",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2017-01480",
"Impact": "High",
"Public": "20170618"
},
{
"ID": "BDU:2019-00227",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-00227",
"Impact": "High",
"Public": "20170427"
}
],
"CVEs": [
{
"ID": "CVE-2017-1000365",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000365",
"Impact": "High",
"Public": "20170619"
},
{
"ID": "CVE-2017-18017",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-18017",
"Impact": "Critical",
"Public": "20180103"
},
{
"ID": "CVE-2017-7482",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-7482",
"Impact": "High",
"Public": "20180730"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20171817001",
"Comment": "kernel-doc-std is earlier than 1:4.9.36-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171817002",
"Comment": "kernel-headers-modules-std-def is earlier than 1:4.9.36-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171817003",
"Comment": "kernel-headers-std-def is earlier than 1:4.9.36-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171817004",
"Comment": "kernel-image-domU-std-def is earlier than 1:4.9.36-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171817005",
"Comment": "kernel-image-std-def is earlier than 1:4.9.36-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171817006",
"Comment": "kernel-modules-drm-nouveau-std-def is earlier than 1:4.9.36-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171817007",
"Comment": "kernel-modules-drm-radeon-std-def is earlier than 1:4.9.36-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171817008",
"Comment": "kernel-modules-drm-std-def is earlier than 1:4.9.36-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171817009",
"Comment": "kernel-modules-ide-std-def is earlier than 1:4.9.36-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171817010",
"Comment": "kernel-modules-kvm-std-def is earlier than 1:4.9.36-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171817011",
"Comment": "kernel-modules-staging-std-def is earlier than 1:4.9.36-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171817012",
"Comment": "kernel-modules-v4l-std-def is earlier than 1:4.9.36-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink