pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2017-1993/definitions.json
pepelyaevip 29f3b9524e ALT Vulnerability
2024-11-26 09:05:25 +00:00

222 lines
10 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20171993",
"Version": "oval:org.altlinux.errata:def:20171993",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2017-1993: package `pve-qemu` update to version 2.9.0-alt3",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2017-1993",
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-1993",
"Source": "ALTPU"
},
{
"RefID": "BDU:2017-01803",
"RefURL": "https://bdu.fstec.ru/vul/2017-01803",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00222",
"RefURL": "https://bdu.fstec.ru/vul/2019-00222",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01313",
"RefURL": "https://bdu.fstec.ru/vul/2021-01313",
"Source": "BDU"
},
{
"RefID": "CVE-2017-10664",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10664",
"Source": "CVE"
},
{
"RefID": "CVE-2017-10806",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-10806",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11334",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11334",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11434",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11434",
"Source": "CVE"
},
{
"RefID": "CVE-2017-7539",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-7539",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9503",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9503",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9524",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9524",
"Source": "CVE"
}
],
"Description": "This update upgrades pve-qemu to version 2.9.0-alt3. \nSecurity Fix(es):\n\n * BDU:2017-01803: Уязвимость в qemu-nbd эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-00222: Уязвимость сервера Qemu-NBD эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01313: Уязвимость эмулятора аппаратного обеспечения QEMU, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2017-10664: qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.\n\n * CVE-2017-10806: Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.\n\n * CVE-2017-11334: The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.\n\n * CVE-2017-11434: The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.\n\n * CVE-2017-7539: An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.\n\n * CVE-2017-9503: QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.\n\n * CVE-2017-9524: The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2017-08-07"
},
"Updated": {
"Date": "2017-08-07"
},
"BDUs": [
{
"ID": "BDU:2017-01803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-19",
"Href": "https://bdu.fstec.ru/vul/2017-01803",
"Impact": "Low",
"Public": "20170611"
},
{
"ID": "BDU:2019-00222",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2019-00222",
"Impact": "Low",
"Public": "20170721"
},
{
"ID": "BDU:2021-01313",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2021-01313",
"Impact": "Low",
"Public": "20170624"
}
],
"CVEs": [
{
"ID": "CVE-2017-10664",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10664",
"Impact": "High",
"Public": "20170802"
},
{
"ID": "CVE-2017-10806",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-10806",
"Impact": "Low",
"Public": "20170802"
},
{
"ID": "CVE-2017-11334",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11334",
"Impact": "Low",
"Public": "20170802"
},
{
"ID": "CVE-2017-11434",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11434",
"Impact": "Low",
"Public": "20170725"
},
{
"ID": "CVE-2017-7539",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-7539",
"Impact": "High",
"Public": "20180726"
},
{
"ID": "CVE-2017-9503",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9503",
"Impact": "Low",
"Public": "20170616"
},
{
"ID": "CVE-2017-9524",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9524",
"Impact": "High",
"Public": "20170706"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20171993001",
"Comment": "pve-qemu-aux is earlier than 0:2.9.0-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171993002",
"Comment": "pve-qemu-common is earlier than 0:2.9.0-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171993003",
"Comment": "pve-qemu-img is earlier than 0:2.9.0-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171993004",
"Comment": "pve-qemu-system is earlier than 0:2.9.0-alt3"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink