249 lines
11 KiB
JSON
249 lines
11 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20211706",
|
||
"Version": "oval:org.altlinux.errata:def:20211706",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2021-1706: package `kernel-image-std-def` update to version 5.10.32-alt1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch c10f1"
|
||
],
|
||
"Products": [
|
||
"ALT SP Workstation",
|
||
"ALT SP Server"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2021-1706",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1706",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-04260",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-04260",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-04855",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-04855",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2022-03028",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2022-03028",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2022-03139",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2022-03139",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2022-03141",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2022-03141",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2020-25670",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25670",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2020-25671",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25671",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2020-25672",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25672",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2021-22555",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-22555",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2021-23133",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-23133",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades kernel-image-std-def to version 5.10.32-alt1. \nSecurity Fix(es):\n\n * BDU:2021-04260: Уязвимость функции xt_compat_target_from_user() (net/netfilter/x_tables.c) подсистемы netfilter операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии\n\n * BDU:2021-04855: Уязвимость компонента net/sctp/socket.c ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2022-03028: Уязвимость функции llcp_sock_connect() операционной системы Linux, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2022-03139: Уязвимость функции llcp_sock_bind() протокола nfc ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-03141: Уязвимость функции llcp_sock_connect() протокола nfc ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2020-25670: A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.\n\n * CVE-2020-25671: A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.\n\n * CVE-2020-25672: A memory leak vulnerability was found in Linux kernel in llcp_sock_connect\n\n * CVE-2021-22555: A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space\n\n * CVE-2021-23133: A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)-\u003esctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "High",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2021-04-23"
|
||
},
|
||
"Updated": {
|
||
"Date": "2021-04-23"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2021-04260",
|
||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-787",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-04260",
|
||
"Impact": "High",
|
||
"Public": "20210413"
|
||
},
|
||
{
|
||
"ID": "BDU:2021-04855",
|
||
"CVSS": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
|
||
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-362",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-04855",
|
||
"Impact": "High",
|
||
"Public": "20210413"
|
||
},
|
||
{
|
||
"ID": "BDU:2022-03028",
|
||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-416",
|
||
"Href": "https://bdu.fstec.ru/vul/2022-03028",
|
||
"Impact": "High",
|
||
"Public": "20210325"
|
||
},
|
||
{
|
||
"ID": "BDU:2022-03139",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-416",
|
||
"Href": "https://bdu.fstec.ru/vul/2022-03139",
|
||
"Impact": "High",
|
||
"Public": "20210325"
|
||
},
|
||
{
|
||
"ID": "BDU:2022-03141",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-401",
|
||
"Href": "https://bdu.fstec.ru/vul/2022-03141",
|
||
"Impact": "High",
|
||
"Public": "20210325"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2020-25670",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-416",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25670",
|
||
"Impact": "High",
|
||
"Public": "20210526"
|
||
},
|
||
{
|
||
"ID": "CVE-2020-25671",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-416",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25671",
|
||
"Impact": "High",
|
||
"Public": "20210526"
|
||
},
|
||
{
|
||
"ID": "CVE-2020-25672",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-401",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25672",
|
||
"Impact": "High",
|
||
"Public": "20210525"
|
||
},
|
||
{
|
||
"ID": "CVE-2021-22555",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-787",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-22555",
|
||
"Impact": "High",
|
||
"Public": "20210707"
|
||
},
|
||
{
|
||
"ID": "CVE-2021-23133",
|
||
"CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-362",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-23133",
|
||
"Impact": "High",
|
||
"Public": "20210422"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:spworkstation:10",
|
||
"cpe:/o:alt:spserver:10"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20211706001",
|
||
"Comment": "kernel-doc-std is earlier than 2:5.10.32-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20211706002",
|
||
"Comment": "kernel-headers-modules-std-def is earlier than 2:5.10.32-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20211706003",
|
||
"Comment": "kernel-headers-std-def is earlier than 2:5.10.32-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20211706004",
|
||
"Comment": "kernel-image-domU-std-def is earlier than 2:5.10.32-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20211706005",
|
||
"Comment": "kernel-image-std-def is earlier than 2:5.10.32-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20211706006",
|
||
"Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.10.32-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20211706007",
|
||
"Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.10.32-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20211706008",
|
||
"Comment": "kernel-modules-drm-std-def is earlier than 2:5.10.32-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20211706009",
|
||
"Comment": "kernel-modules-ide-std-def is earlier than 2:5.10.32-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20211706010",
|
||
"Comment": "kernel-modules-staging-std-def is earlier than 2:5.10.32-alt1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |