pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
af2f8b3981
vuln-list-alt/oval/c10f1/ALT-PU-2018-2161/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

479 lines
21 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20182161",
"Version": "oval:org.altlinux.errata:def:20182161",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-2161: package `qemu` update to version 3.0.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-2161",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-2161",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-03333",
"RefURL": "https://bdu.fstec.ru/vul/2019-03333",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00757",
"RefURL": "https://bdu.fstec.ru/vul/2020-00757",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05783",
"RefURL": "https://bdu.fstec.ru/vul/2022-05783",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01716",
"RefURL": "https://bdu.fstec.ru/vul/2023-01716",
"Source": "BDU"
},
{
"RefID": "CVE-2018-11806",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-11806",
"Source": "CVE"
},
{
"RefID": "CVE-2018-12617",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-12617",
"Source": "CVE"
},
{
"RefID": "CVE-2018-17962",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-17962",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3582",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3582",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1050",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1050",
"Source": "CVE"
}
],
"Description": "This update upgrades qemu to version 3.0.0-alt1. \nSecurity Fix(es):\n\n * BDU:2019-03333: Уязвимость функции m_cat эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2020-00757: Уязвимость функции qmp_guest_file_read эмулятора аппаратного обеспечения QEMU, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05783: Уязвимость команды PVRDMA_CMD_CREATE_MR эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-01716: Уязвимость устройства RDMA эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2018-11806: m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.\n\n * CVE-2018-12617: qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.\n\n * CVE-2018-17962: Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.\n\n * CVE-2021-3582: A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a \"PVRDMA_CMD_CREATE_MR\" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability.\n\n * CVE-2022-1050: A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-08-16"
},
"Updated": {
"Date": "2018-08-16"
},
"BDUs": [
{
"ID": "BDU:2019-03333",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-03333",
"Impact": "High",
"Public": "20180613"
},
{
"ID": "BDU:2020-00757",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2020-00757",
"Impact": "High",
"Public": "20180613"
},
{
"ID": "BDU:2022-05783",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2022-05783",
"Impact": "Low",
"Public": "20210531"
},
{
"ID": "BDU:2023-01716",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2023-01716",
"Impact": "High",
"Public": "20220329"
}
],
"CVEs": [
{
"ID": "CVE-2018-11806",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-11806",
"Impact": "High",
"Public": "20180613"
},
{
"ID": "CVE-2018-12617",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-12617",
"Impact": "High",
"Public": "20180621"
},
{
"ID": "CVE-2018-17962",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-17962",
"Impact": "High",
"Public": "20181009"
},
{
"ID": "CVE-2021-3582",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3582",
"Impact": "Low",
"Public": "20220325"
},
{
"ID": "CVE-2022-1050",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1050",
"Impact": "High",
"Public": "20220329"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20182161001",
"Comment": "ivshmem-tools is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161002",
"Comment": "qemu is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161003",
"Comment": "qemu-audio-alsa is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161004",
"Comment": "qemu-audio-oss is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161005",
"Comment": "qemu-audio-pa is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161006",
"Comment": "qemu-audio-sdl is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161007",
"Comment": "qemu-aux is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161008",
"Comment": "qemu-block-curl is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161009",
"Comment": "qemu-block-dmg is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161010",
"Comment": "qemu-block-gluster is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161011",
"Comment": "qemu-block-iscsi is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161012",
"Comment": "qemu-block-nfs is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161013",
"Comment": "qemu-block-rbd is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161014",
"Comment": "qemu-block-ssh is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161015",
"Comment": "qemu-common is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161016",
"Comment": "qemu-doc is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161017",
"Comment": "qemu-guest-agent is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161018",
"Comment": "qemu-img is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161019",
"Comment": "qemu-kvm is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161020",
"Comment": "qemu-kvm-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161021",
"Comment": "qemu-system is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161022",
"Comment": "qemu-system-aarch64 is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161023",
"Comment": "qemu-system-aarch64-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161024",
"Comment": "qemu-system-alpha is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161025",
"Comment": "qemu-system-alpha-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161026",
"Comment": "qemu-system-arm is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161027",
"Comment": "qemu-system-arm-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161028",
"Comment": "qemu-system-cris is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161029",
"Comment": "qemu-system-cris-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161030",
"Comment": "qemu-system-hppa is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161031",
"Comment": "qemu-system-hppa-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161032",
"Comment": "qemu-system-lm32 is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161033",
"Comment": "qemu-system-lm32-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161034",
"Comment": "qemu-system-m68k is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161035",
"Comment": "qemu-system-m68k-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161036",
"Comment": "qemu-system-microblaze is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161037",
"Comment": "qemu-system-microblaze-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161038",
"Comment": "qemu-system-mips is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161039",
"Comment": "qemu-system-mips-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161040",
"Comment": "qemu-system-moxie is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161041",
"Comment": "qemu-system-moxie-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161042",
"Comment": "qemu-system-nios2 is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161043",
"Comment": "qemu-system-nios2-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161044",
"Comment": "qemu-system-or1k is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161045",
"Comment": "qemu-system-or1k-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161046",
"Comment": "qemu-system-ppc is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161047",
"Comment": "qemu-system-ppc-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161048",
"Comment": "qemu-system-riscv is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161049",
"Comment": "qemu-system-riscv-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161050",
"Comment": "qemu-system-s390x is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161051",
"Comment": "qemu-system-s390x-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161052",
"Comment": "qemu-system-sh4 is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161053",
"Comment": "qemu-system-sh4-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161054",
"Comment": "qemu-system-sparc is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161055",
"Comment": "qemu-system-sparc-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161056",
"Comment": "qemu-system-tricore is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161057",
"Comment": "qemu-system-tricore-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161058",
"Comment": "qemu-system-unicore32 is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161059",
"Comment": "qemu-system-unicore32-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161060",
"Comment": "qemu-system-x86 is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161061",
"Comment": "qemu-system-x86-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161062",
"Comment": "qemu-system-xtensa is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161063",
"Comment": "qemu-system-xtensa-core is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161064",
"Comment": "qemu-tools is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161065",
"Comment": "qemu-ui-curses is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161066",
"Comment": "qemu-ui-gtk is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161067",
"Comment": "qemu-ui-sdl is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161068",
"Comment": "qemu-user is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161069",
"Comment": "qemu-user-binfmt is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161070",
"Comment": "qemu-user-static is earlier than 0:3.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182161071",
"Comment": "qemu-user-static-binfmt is earlier than 0:3.0.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink