pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2019-3155/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

449 lines
22 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20193155",
"Version": "oval:org.altlinux.errata:def:20193155",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-3155: package `kernel-image-un-def` update to version 5.3.11-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-3155",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-3155",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-04518",
"RefURL": "https://bdu.fstec.ru/vul/2019-04518",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04659",
"RefURL": "https://bdu.fstec.ru/vul/2019-04659",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04660",
"RefURL": "https://bdu.fstec.ru/vul/2019-04660",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04661",
"RefURL": "https://bdu.fstec.ru/vul/2019-04661",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04665",
"RefURL": "https://bdu.fstec.ru/vul/2019-04665",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00293",
"RefURL": "https://bdu.fstec.ru/vul/2020-00293",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00296",
"RefURL": "https://bdu.fstec.ru/vul/2020-00296",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00338",
"RefURL": "https://bdu.fstec.ru/vul/2020-00338",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00362",
"RefURL": "https://bdu.fstec.ru/vul/2020-00362",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00854",
"RefURL": "https://bdu.fstec.ru/vul/2020-00854",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02158",
"RefURL": "https://bdu.fstec.ru/vul/2020-02158",
"Source": "BDU"
},
{
"RefID": "CVE-2019-18282",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-18282",
"Source": "CVE"
},
{
"RefID": "CVE-2019-18813",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-18813",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19044",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19044",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19045",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19045",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19047",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19047",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19051",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19051",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19052",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19052",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19529",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19529",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19534",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19534",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19769",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19769",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19807",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19807",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-un-def to version 5.3.11-alt1. \nSecurity Fix(es):\n\n * BDU:2019-04518: Уязвимость функции dwc3_pci_probe() (drivers/usb/dwc3/dwc3-pci.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04659: Уязвимость функции v3d_submit_cl_ioctl() (drivers/gpu/drm/v3d/v3d_gem.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04660: Уязвимость функции mlx5_fpga_conn_create_cq() (drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04661: Уязвимость функции gs_can_open() (drivers/net/can/usb/gs_usb.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-04665: Уязвимость функции i2400m_op_rfkill_sw_toggle() (drivers/net/wimax/i2400m/op-rfkill.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00293: Уязвимость драйвера drivers/net/can/usb/mcba_usb.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00296: Уязвимость драйвера drivers/net/can/usb/peak_usb/pcan_usb_core.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2020-00338: Уязвимость функции perf_trace_lock_acquire ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00362: Уязвимость функции flow_dissector ядра операционных систем Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2020-00854: Уязвимость функций snd_timer_open и snd_timer_close_locked ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2020-02158: Уязвимость функции «mlx5_fw_fatal_reporter_dump()» в ядре операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2019-18282: The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.\n\n * CVE-2019-18813: A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.\n\n * CVE-2019-19044: Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762.\n\n * CVE-2019-19045: A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7.\n\n * CVE-2019-19047: A memory leak in the mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_crdump_collect() failures, aka CID-c7ed6d0183d5.\n\n * CVE-2019-19051: A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7.\n\n * CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.\n\n * CVE-2019-19529: In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.\n\n * CVE-2019-19534: In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.\n\n * CVE-2019-19769: In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).\n\n * CVE-2019-19807: In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-11-19"
},
"Updated": {
"Date": "2019-11-19"
},
"BDUs": [
{
"ID": "BDU:2019-04518",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2019-04518",
"Impact": "High",
"Public": "20191027"
},
{
"ID": "BDU:2019-04659",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2019-04659",
"Impact": "High",
"Public": "20191023"
},
{
"ID": "BDU:2019-04660",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2019-04660",
"Impact": "High",
"Public": "20191018"
},
{
"ID": "BDU:2019-04661",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2019-04661",
"Impact": "High",
"Public": "20191104"
},
{
"ID": "BDU:2019-04665",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2019-04665",
"Impact": "High",
"Public": "20190911"
},
{
"ID": "BDU:2020-00293",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00293",
"Impact": "Low",
"Public": "20191104"
},
{
"ID": "BDU:2020-00296",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-200, CWE-909",
"Href": "https://bdu.fstec.ru/vul/2020-00296",
"Impact": "Low",
"Public": "20191104"
},
{
"ID": "BDU:2020-00338",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00338",
"Impact": "Low",
"Public": "20191211"
},
{
"ID": "BDU:2020-00362",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-328, CWE-330",
"Href": "https://bdu.fstec.ru/vul/2020-00362",
"Impact": "Low",
"Public": "20191023"
},
{
"ID": "BDU:2020-00854",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00854",
"Impact": "High",
"Public": "20191106"
},
{
"ID": "BDU:2020-02158",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2020-02158",
"Impact": "Low",
"Public": "20191106"
}
],
"CVEs": [
{
"ID": "CVE-2019-18282",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-330",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-18282",
"Impact": "Low",
"Public": "20200116"
},
{
"ID": "CVE-2019-18813",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-18813",
"Impact": "High",
"Public": "20191107"
},
{
"ID": "CVE-2019-19044",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19044",
"Impact": "High",
"Public": "20191118"
},
{
"ID": "CVE-2019-19045",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19045",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19047",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19047",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19051",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19051",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19052",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19052",
"Impact": "High",
"Public": "20191118"
},
{
"ID": "CVE-2019-19529",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19529",
"Impact": "Low",
"Public": "20191203"
},
{
"ID": "CVE-2019-19534",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-909",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19534",
"Impact": "Low",
"Public": "20191203"
},
{
"ID": "CVE-2019-19769",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19769",
"Impact": "Low",
"Public": "20191212"
},
{
"ID": "CVE-2019-19807",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19807",
"Impact": "High",
"Public": "20191215"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20193155001",
"Comment": "kernel-doc-un is earlier than 1:5.3.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193155002",
"Comment": "kernel-headers-modules-un-def is earlier than 1:5.3.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193155003",
"Comment": "kernel-headers-un-def is earlier than 1:5.3.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193155004",
"Comment": "kernel-image-domU-un-def is earlier than 1:5.3.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193155005",
"Comment": "kernel-image-un-def is earlier than 1:5.3.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193155006",
"Comment": "kernel-modules-drm-ancient-un-def is earlier than 1:5.3.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193155007",
"Comment": "kernel-modules-drm-nouveau-un-def is earlier than 1:5.3.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193155008",
"Comment": "kernel-modules-drm-radeon-un-def is earlier than 1:5.3.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193155009",
"Comment": "kernel-modules-drm-un-def is earlier than 1:5.3.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193155010",
"Comment": "kernel-modules-ide-un-def is earlier than 1:5.3.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193155011",
"Comment": "kernel-modules-staging-un-def is earlier than 1:5.3.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20193155012",
"Comment": "kernel-modules-v4l-un-def is earlier than 1:5.3.11-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink