pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2020-1046/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

273 lines
13 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20201046",
"Version": "oval:org.altlinux.errata:def:20201046",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-1046: package `kernel-image-mp` update to version 5.4.12-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-1046",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-1046",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-04663",
"RefURL": "https://bdu.fstec.ru/vul/2019-04663",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04788",
"RefURL": "https://bdu.fstec.ru/vul/2019-04788",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04799",
"RefURL": "https://bdu.fstec.ru/vul/2019-04799",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00156",
"RefURL": "https://bdu.fstec.ru/vul/2020-00156",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03056",
"RefURL": "https://bdu.fstec.ru/vul/2021-03056",
"Source": "BDU"
},
{
"RefID": "BDU:2021-04865",
"RefURL": "https://bdu.fstec.ru/vul/2021-04865",
"Source": "BDU"
},
{
"RefID": "CVE-2019-14895",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14895",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14901",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14901",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19053",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19053",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19078",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19078",
"Source": "CVE"
},
{
"RefID": "CVE-2019-20636",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-20636",
"Source": "CVE"
},
{
"RefID": "CVE-2021-20177",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-20177",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-mp to version 5.4.12-alt1. \nSecurity Fix(es):\n\n * BDU:2019-04663: Уязвимость функции rpmsg_eptdev_write_iter() (drivers/rpmsg/rpmsg_char.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04788: Уязвимость функции из marvell/mwifiex/tdls.c драйвера Marvell WiFi ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2019-04799: Уязвимость функции mwifiex_process_country_ie() (drivers/net/wireless/marvell/mwifiex/sta_ioctl.c) драйвера Marvell WiFi ядра операционной системы Linux, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-00156: Уязвимость функции ath10k_usb_hif_tx_sg из drivers/net/wireless/ath/ath10k/usb.c ядра операционной системы Linux, связанная с неправильным освобождением памяти перед удалением последний ссылки, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-03056: Уязвимость компонента drivers/input/input.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2021-04865: Уязвимость ядра операционной системы Linux , связанная с чтением за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.\n\n * CVE-2019-14901: A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.\n\n * CVE-2019-19053: A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.\n\n * CVE-2019-19078: A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.\n\n * CVE-2019-20636: In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.\n\n * CVE-2021-20177: A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-01-15"
},
"Updated": {
"Date": "2020-01-15"
},
"BDUs": [
{
"ID": "BDU:2019-04663",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2019-04663",
"Impact": "High",
"Public": "20191004"
},
{
"ID": "BDU:2019-04788",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122, CWE-400, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2019-04788",
"Impact": "Critical",
"Public": "20191128"
},
{
"ID": "BDU:2019-04799",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2019-04799",
"Impact": "Critical",
"Public": "20191128"
},
{
"ID": "BDU:2020-00156",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2020-00156",
"Impact": "High",
"Public": "20190923"
},
{
"ID": "BDU:2021-03056",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-03056",
"Impact": "Low",
"Public": "20191213"
},
{
"ID": "BDU:2021-04865",
"CVSS": "AV:L/AC:L/Au:M/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-04865",
"Impact": "Low",
"Public": "20210526"
}
],
"CVEs": [
{
"ID": "CVE-2019-14895",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14895",
"Impact": "Critical",
"Public": "20191129"
},
{
"ID": "CVE-2019-14901",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14901",
"Impact": "Critical",
"Public": "20191129"
},
{
"ID": "CVE-2019-19053",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19053",
"Impact": "High",
"Public": "20191118"
},
{
"ID": "CVE-2019-19078",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19078",
"Impact": "High",
"Public": "20191118"
},
{
"ID": "CVE-2019-20636",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-20636",
"Impact": "Low",
"Public": "20200408"
},
{
"ID": "CVE-2021-20177",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-20177",
"Impact": "Low",
"Public": "20210526"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20201046001",
"Comment": "kernel-headers-modules-mp is earlier than 0:5.4.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201046002",
"Comment": "kernel-headers-mp is earlier than 0:5.4.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201046003",
"Comment": "kernel-image-mp is earlier than 0:5.4.12-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink