215 lines
9.7 KiB
JSON
215 lines
9.7 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20141702",
|
|
"Version": "oval:org.altlinux.errata:def:20141702",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2014-1702: package `libvirt` update to version 1.2.5-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p11"
|
|
],
|
|
"Products": [
|
|
"ALT Container"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2014-1702",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-1702",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-06824",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-06824",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2015-09111",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2015-09111",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-0179",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0179",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-5177",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-5177",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades libvirt to version 1.2.5-alt1. \nSecurity Fix(es):\n\n * BDU:2015-06824: Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-09111: Уязвимость операционной системы CentOS, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2014-0179: libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.\n\n * CVE-2014-5177: libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Low",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2014-06-02"
|
|
},
|
|
"Updated": {
|
|
"Date": "2014-06-02"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2015-06824",
|
|
"CVSS": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-20",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-06824",
|
|
"Impact": "Low",
|
|
"Public": "20140527"
|
|
},
|
|
{
|
|
"ID": "BDU:2015-09111",
|
|
"CVSS": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
|
|
"CWE": "CWE-20",
|
|
"Href": "https://bdu.fstec.ru/vul/2015-09111",
|
|
"Impact": "Low",
|
|
"Public": "20140528"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2014-0179",
|
|
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
|
|
"CWE": "CWE-20",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-0179",
|
|
"Impact": "Low",
|
|
"Public": "20140803"
|
|
},
|
|
{
|
|
"ID": "CVE-2014-5177",
|
|
"CVSS": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
|
|
"CWE": "CWE-20",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-5177",
|
|
"Impact": "Low",
|
|
"Public": "20140803"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:container:11"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702001",
|
|
"Comment": "libvirt is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702002",
|
|
"Comment": "libvirt-client is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702003",
|
|
"Comment": "libvirt-daemon is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702004",
|
|
"Comment": "libvirt-daemon-config-network is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702005",
|
|
"Comment": "libvirt-daemon-config-nwfilter is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702006",
|
|
"Comment": "libvirt-daemon-driver-interface is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702007",
|
|
"Comment": "libvirt-daemon-driver-libxl is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702008",
|
|
"Comment": "libvirt-daemon-driver-lxc is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702009",
|
|
"Comment": "libvirt-daemon-driver-network is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702010",
|
|
"Comment": "libvirt-daemon-driver-nodedev is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702011",
|
|
"Comment": "libvirt-daemon-driver-nwfilter is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702012",
|
|
"Comment": "libvirt-daemon-driver-qemu is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702013",
|
|
"Comment": "libvirt-daemon-driver-secret is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702014",
|
|
"Comment": "libvirt-daemon-driver-storage is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702015",
|
|
"Comment": "libvirt-daemon-driver-vbox is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702016",
|
|
"Comment": "libvirt-daemon-driver-xen is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702017",
|
|
"Comment": "libvirt-devel is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702018",
|
|
"Comment": "libvirt-docs is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702019",
|
|
"Comment": "libvirt-kvm is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702020",
|
|
"Comment": "libvirt-lxc is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702021",
|
|
"Comment": "libvirt-qemu is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702022",
|
|
"Comment": "libvirt-qemu-common is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702023",
|
|
"Comment": "libvirt-vbox is earlier than 0:1.2.5-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20141702024",
|
|
"Comment": "libvirt-xen is earlier than 0:1.2.5-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |