pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2020-3057/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

778 lines
40 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20203057",
"Version": "oval:org.altlinux.errata:def:20203057",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-3057: package `kernel-image-std-debug` update to version 5.4.71-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-3057",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-3057",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-05303",
"RefURL": "https://bdu.fstec.ru/vul/2015-05303",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05304",
"RefURL": "https://bdu.fstec.ru/vul/2015-05304",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05305",
"RefURL": "https://bdu.fstec.ru/vul/2015-05305",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05306",
"RefURL": "https://bdu.fstec.ru/vul/2015-05306",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05307",
"RefURL": "https://bdu.fstec.ru/vul/2015-05307",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05308",
"RefURL": "https://bdu.fstec.ru/vul/2015-05308",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05309",
"RefURL": "https://bdu.fstec.ru/vul/2015-05309",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05310",
"RefURL": "https://bdu.fstec.ru/vul/2015-05310",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05311",
"RefURL": "https://bdu.fstec.ru/vul/2015-05311",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05312",
"RefURL": "https://bdu.fstec.ru/vul/2015-05312",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05313",
"RefURL": "https://bdu.fstec.ru/vul/2015-05313",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05314",
"RefURL": "https://bdu.fstec.ru/vul/2015-05314",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05315",
"RefURL": "https://bdu.fstec.ru/vul/2015-05315",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05542",
"RefURL": "https://bdu.fstec.ru/vul/2015-05542",
"Source": "BDU"
},
{
"RefID": "BDU:2015-05543",
"RefURL": "https://bdu.fstec.ru/vul/2015-05543",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04798",
"RefURL": "https://bdu.fstec.ru/vul/2019-04798",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00158",
"RefURL": "https://bdu.fstec.ru/vul/2020-00158",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00304",
"RefURL": "https://bdu.fstec.ru/vul/2020-00304",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00338",
"RefURL": "https://bdu.fstec.ru/vul/2020-00338",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00347",
"RefURL": "https://bdu.fstec.ru/vul/2020-00347",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00785",
"RefURL": "https://bdu.fstec.ru/vul/2020-00785",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00786",
"RefURL": "https://bdu.fstec.ru/vul/2020-00786",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00787",
"RefURL": "https://bdu.fstec.ru/vul/2020-00787",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00851",
"RefURL": "https://bdu.fstec.ru/vul/2020-00851",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01796",
"RefURL": "https://bdu.fstec.ru/vul/2020-01796",
"Source": "BDU"
},
{
"RefID": "BDU:2020-03819",
"RefURL": "https://bdu.fstec.ru/vul/2020-03819",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00471",
"RefURL": "https://bdu.fstec.ru/vul/2021-00471",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03394",
"RefURL": "https://bdu.fstec.ru/vul/2021-03394",
"Source": "BDU"
},
{
"RefID": "BDU:2021-06410",
"RefURL": "https://bdu.fstec.ru/vul/2021-06410",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05179",
"RefURL": "https://bdu.fstec.ru/vul/2022-05179",
"Source": "BDU"
},
{
"RefID": "BDU:2023-00700",
"RefURL": "https://bdu.fstec.ru/vul/2023-00700",
"Source": "BDU"
},
{
"RefID": "CVE-2013-1798",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1798",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14896",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14896",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14897",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14897",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19076",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19076",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19377",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19377",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19448",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19448",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19769",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19769",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19770",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19770",
"Source": "CVE"
},
{
"RefID": "CVE-2019-3016",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-3016",
"Source": "CVE"
},
{
"RefID": "CVE-2020-10757",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-10757",
"Source": "CVE"
},
{
"RefID": "CVE-2020-11884",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-11884",
"Source": "CVE"
},
{
"RefID": "CVE-2020-12888",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-12888",
"Source": "CVE"
},
{
"RefID": "CVE-2020-14331",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-14331",
"Source": "CVE"
},
{
"RefID": "CVE-2020-14386",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-14386",
"Source": "CVE"
},
{
"RefID": "CVE-2020-8647",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-8647",
"Source": "CVE"
},
{
"RefID": "CVE-2020-8648",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-8648",
"Source": "CVE"
},
{
"RefID": "CVE-2020-8649",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-8649",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-std-debug to version 5.4.71-alt1. \nSecurity Fix(es):\n\n * BDU:2015-05303: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05304: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05305: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05306: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05307: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05308: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05309: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05310: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05311: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05312: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05313: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05314: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05315: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации\n\n * BDU:2015-05542: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2015-05543: Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2019-04798: Уязвимость функции add_ie_rates (drivers/net/wireless/marvell/libertas/cfg.c) драйвера Marvell WiFi ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-00158: Уязвимость функции nfp_abm_u32_knode_replace() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00304: Уязвимость функции try_merge_free_space ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2020-00338: Уязвимость функции perf_trace_lock_acquire ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00347: Уязвимость функции debugfs_remove ядра операционной системы Linux, связанная с использованием области памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * BDU:2020-00785: Уязвимость функции vc_do_resize ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании\n\n * BDU:2020-00786: Уязвимость функции vgacon_invert_region ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании\n\n * BDU:2020-00787: Уязвимость функции n_tty_receive_buf_common ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании\n\n * BDU:2020-00851: Уязвимость подсистемы виртуализации Kernel-based Virtual Machine (KVM) ядра операционных систем Linux, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * BDU:2020-01796: Уязвимость функции lbs_ibss_join_existing (drivers/net/wireless/marvell/libertas/cfg.c) драйвера Marvell WiFi ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2020-03819: Уязвимость функции enable_sacf_uaccess ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-00471: Уязвимость драйвера VFIO PCI ядра операционной системы Linux, связанная с недостаточной обработкой исключительных состояний, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-03394: Уязвимость компонента net/packet/af_packet.c ядра операционной системы Linux, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании\n\n * BDU:2021-06410: Уязвимость компонента mm/mremap.c ядра операционной системы Linux, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю повысить свои привилегии в системе\n\n * BDU:2022-05179: Уязвимость функции btrfs_queue_work ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2023-00700: Уязвимость функции vgacon_scrollback_cur() видеодрайвера ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2013-1798: The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.\n\n * CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.\n\n * CVE-2019-14897: A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.\n\n * CVE-2019-19076: A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption), aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit 78beef629fd9 was reverted\n\n * CVE-2019-19377: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.\n\n * CVE-2019-19448: In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.\n\n * CVE-2019-19769: In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).\n\n * CVE-2019-19770: In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace\n\n * CVE-2019-3016: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.\n\n * CVE-2020-10757: A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.\n\n * CVE-2020-11884: In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.\n\n * CVE-2020-12888: The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.\n\n * CVE-2020-14331: A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n\n * CVE-2020-14386: A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.\n\n * CVE-2020-8647: There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.\n\n * CVE-2020-8648: There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.\n\n * CVE-2020-8649: There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-10-15"
},
"Updated": {
"Date": "2020-10-15"
},
"BDUs": [
{
"ID": "BDU:2015-05303",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-05303",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05304",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-05304",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05305",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-05305",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05306",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-05306",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05307",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-05307",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05308",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-05308",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05309",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-05309",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05310",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-05310",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05311",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-05311",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05312",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-05312",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05313",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-05313",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05314",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-05314",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05315",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-05315",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05542",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-05542",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2015-05543",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"Href": "https://bdu.fstec.ru/vul/2015-05543",
"Impact": "High",
"Public": "19700101"
},
{
"ID": "BDU:2019-04798",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2019-04798",
"Impact": "Critical",
"Public": "20191126"
},
{
"ID": "BDU:2020-00158",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-401",
"Href": "https://bdu.fstec.ru/vul/2020-00158",
"Impact": "Low",
"Public": "20190927"
},
{
"ID": "BDU:2020-00304",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00304",
"Impact": "High",
"Public": "20191206"
},
{
"ID": "BDU:2020-00338",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00338",
"Impact": "Low",
"Public": "20191211"
},
{
"ID": "BDU:2020-00347",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00347",
"Impact": "High",
"Public": "20191211"
},
{
"ID": "BDU:2020-00785",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00785",
"Impact": "High",
"Public": "20200204"
},
{
"ID": "BDU:2020-00786",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00786",
"Impact": "High",
"Public": "20200204"
},
{
"ID": "BDU:2020-00787",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00787",
"Impact": "High",
"Public": "20200204"
},
{
"ID": "BDU:2020-00851",
"CVSS": "AV:L/AC:H/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-362",
"Href": "https://bdu.fstec.ru/vul/2020-00851",
"Impact": "Low",
"Public": "20200130"
},
{
"ID": "BDU:2020-01796",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-121, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-01796",
"Impact": "Critical",
"Public": "20191128"
},
{
"ID": "BDU:2020-03819",
"CVSS": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-362",
"Href": "https://bdu.fstec.ru/vul/2020-03819",
"Impact": "High",
"Public": "20200421"
},
{
"ID": "BDU:2021-00471",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
"CWE": "CWE-755",
"Href": "https://bdu.fstec.ru/vul/2021-00471",
"Impact": "Low",
"Public": "20200514"
},
{
"ID": "BDU:2021-03394",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-250, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-03394",
"Impact": "High",
"Public": "20200904"
},
{
"ID": "BDU:2021-06410",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-843",
"Href": "https://bdu.fstec.ru/vul/2021-06410",
"Impact": "High",
"Public": "20200604"
},
{
"ID": "BDU:2022-05179",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-05179",
"Impact": "High",
"Public": "20191128"
},
{
"ID": "BDU:2023-00700",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2023-00700",
"Impact": "Low",
"Public": "20200804"
}
],
"CVEs": [
{
"ID": "CVE-2013-1798",
"CVSS": "AV:A/AC:H/Au:N/C:C/I:N/A:C",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-1798",
"Impact": "Low",
"Public": "20130322"
},
{
"ID": "CVE-2019-14896",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14896",
"Impact": "Critical",
"Public": "20191127"
},
{
"ID": "CVE-2019-14897",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-121",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14897",
"Impact": "Critical",
"Public": "20191129"
},
{
"ID": "CVE-2019-19076",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19076",
"Impact": "Low",
"Public": "20191118"
},
{
"ID": "CVE-2019-19377",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19377",
"Impact": "High",
"Public": "20191129"
},
{
"ID": "CVE-2019-19448",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19448",
"Impact": "High",
"Public": "20191208"
},
{
"ID": "CVE-2019-19769",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19769",
"Impact": "Low",
"Public": "20191212"
},
{
"ID": "CVE-2019-19770",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19770",
"Impact": "High",
"Public": "20191212"
},
{
"ID": "CVE-2019-3016",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3016",
"Impact": "Low",
"Public": "20200131"
},
{
"ID": "CVE-2020-10757",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-10757",
"Impact": "High",
"Public": "20200609"
},
{
"ID": "CVE-2020-11884",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-11884",
"Impact": "High",
"Public": "20200429"
},
{
"ID": "CVE-2020-12888",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
"CWE": "CWE-755",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-12888",
"Impact": "Low",
"Public": "20200515"
},
{
"ID": "CVE-2020-14331",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-14331",
"Impact": "Low",
"Public": "20200915"
},
{
"ID": "CVE-2020-14386",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-14386",
"Impact": "High",
"Public": "20200916"
},
{
"ID": "CVE-2020-8647",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-8647",
"Impact": "Low",
"Public": "20200206"
},
{
"ID": "CVE-2020-8648",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-8648",
"Impact": "High",
"Public": "20200206"
},
{
"ID": "CVE-2020-8649",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-8649",
"Impact": "Low",
"Public": "20200206"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20203057001",
"Comment": "kernel-headers-modules-std-debug is earlier than 2:5.4.71-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203057002",
"Comment": "kernel-headers-std-debug is earlier than 2:5.4.71-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203057003",
"Comment": "kernel-image-domU-std-debug is earlier than 2:5.4.71-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203057004",
"Comment": "kernel-image-std-debug is earlier than 2:5.4.71-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203057005",
"Comment": "kernel-modules-drm-ancient-std-debug is earlier than 2:5.4.71-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203057006",
"Comment": "kernel-modules-drm-nouveau-std-debug is earlier than 2:5.4.71-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203057007",
"Comment": "kernel-modules-drm-radeon-std-debug is earlier than 2:5.4.71-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203057008",
"Comment": "kernel-modules-drm-std-debug is earlier than 2:5.4.71-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203057009",
"Comment": "kernel-modules-ide-std-debug is earlier than 2:5.4.71-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203057010",
"Comment": "kernel-modules-staging-std-debug is earlier than 2:5.4.71-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203057011",
"Comment": "kernel-modules-v4l-std-debug is earlier than 2:5.4.71-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink