pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2019-3326/definitions.json
pepelyaevip 9e3addb072 ALT Vulnerability
2024-01-10 07:45:25 +00:00

224 lines
9.6 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20193326",
"Version": "oval:org.altlinux.errata:def:20193326",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-3326: package `kernel-image-std-def` update to version 4.19.89-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-3326",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-3326",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-04805",
"RefURL": "https://bdu.fstec.ru/vul/2019-04805",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00155",
"RefURL": "https://bdu.fstec.ru/vul/2020-00155",
"Source": "BDU"
},
{
"RefID": "BDU:2020-05893",
"RefURL": "https://bdu.fstec.ru/vul/2020-05893",
"Source": "BDU"
},
{
"RefID": "CVE-2019-19071",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19071",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19079",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19079",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19332",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19332",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-std-def to version 4.19.89-alt1. \nSecurity Fix(es):\n\n * BDU:2019-04805: Уязвимость функции rsi_send_beacon() (drivers/net/wireless/rsi/rsi_91x_mgmt.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00155: Уязвимость функции qrtr_tun_write_iter() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-05893: Уязвимость запроса гипервизора KVM KVM_GET_EMULATED_CPUID ядра операционной системы Linux, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании\n\n * CVE-2019-19071: A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c.\n\n * CVE-2019-19079: A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19.\n\n * CVE-2019-19332: An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2019-12-19"
},
"Updated": {
"Date": "2019-12-19"
},
"bdu": [
{
"Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2019-04805",
"Impact": "High",
"Public": "20191118",
"CveID": "BDU:2019-04805"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2020-00155",
"Impact": "High",
"Public": "20190911",
"CveID": "BDU:2020-00155"
},
{
"Cvss": "AV:L/AC:L/Au:N/C:N/I:P/A:C",
"Cwe": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-05893",
"Impact": "Low",
"Public": "20200109",
"CveID": "BDU:2020-05893"
}
],
"Cves": [
{
"Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19071",
"Impact": "High",
"Public": "20191118",
"CveID": "CVE-2019-19071"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19079",
"Impact": "High",
"Public": "20191118",
"CveID": "CVE-2019-19079"
},
{
"Cvss": "AV:L/AC:L/Au:N/C:N/I:P/A:C",
"Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"Cwe": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19332",
"Impact": "Low",
"Public": "20200109",
"CveID": "CVE-2019-19332"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20193326001",
"Comment": "kernel-doc-std is earlier than 1:4.19.89-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193326002",
"Comment": "kernel-headers-modules-std-def is earlier than 1:4.19.89-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193326003",
"Comment": "kernel-headers-std-def is earlier than 1:4.19.89-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193326004",
"Comment": "kernel-image-domU-std-def is earlier than 1:4.19.89-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193326005",
"Comment": "kernel-image-std-def is earlier than 1:4.19.89-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193326006",
"Comment": "kernel-modules-drm-ancient-std-def is earlier than 1:4.19.89-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193326007",
"Comment": "kernel-modules-drm-nouveau-std-def is earlier than 1:4.19.89-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193326008",
"Comment": "kernel-modules-drm-radeon-std-def is earlier than 1:4.19.89-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193326009",
"Comment": "kernel-modules-drm-std-def is earlier than 1:4.19.89-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193326010",
"Comment": "kernel-modules-ide-std-def is earlier than 1:4.19.89-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193326011",
"Comment": "kernel-modules-staging-std-def is earlier than 1:4.19.89-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193326012",
"Comment": "kernel-modules-v4l-std-def is earlier than 1:4.19.89-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink