211 lines
9.2 KiB
JSON
211 lines
9.2 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20211554",
|
|
"Version": "oval:org.altlinux.errata:def:20211554",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2021-1554: package `kernel-image-std-def` update to version 5.4.107-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p9"
|
|
],
|
|
"Products": [
|
|
"ALT Server",
|
|
"ALT Virtualization Server",
|
|
"ALT Workstation",
|
|
"ALT Workstation K",
|
|
"ALT Education",
|
|
"Simply Linux",
|
|
"Starterkit"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2021-1554",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1554",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2021-01688",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2021-01688",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "BDU:2021-04833",
|
|
"RefURL": "https://bdu.fstec.ru/vul/2021-04833",
|
|
"Source": "BDU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2019-2308",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-2308",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2021-28375",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-28375",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2021-28660",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-28660",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades kernel-image-std-def to version 5.4.107-alt1. \nSecurity Fix(es):\n\n * BDU:2021-01688: Уязвимость функции rtw_wx_set_scan() (drivers/staging/rtl8188eu/os_dep/ioctl_linux.c) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-04833: Уязвимость функции fastrpc_internal_invoke (drivers/misc/fastrpc.c) ядра операционной системы Linux, позволяющая нарушителю выполнить произвольную команду управления\n\n * CVE-2019-2308: User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24\n\n * CVE-2021-28375: An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.\n\n * CVE-2021-28660: rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the -\u003essid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2021-03-25"
|
|
},
|
|
"Updated": {
|
|
"Date": "2021-03-25"
|
|
},
|
|
"BDUs": [
|
|
{
|
|
"ID": "BDU:2021-01688",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-120, CWE-787",
|
|
"Href": "https://bdu.fstec.ru/vul/2021-01688",
|
|
"Impact": "High",
|
|
"Public": "20210305"
|
|
},
|
|
{
|
|
"ID": "BDU:2021-04833",
|
|
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-269",
|
|
"Href": "https://bdu.fstec.ru/vul/2021-04833",
|
|
"Impact": "High",
|
|
"Public": "20210315"
|
|
}
|
|
],
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2019-2308",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "NVD-CWE-noinfo",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-2308",
|
|
"Impact": "High",
|
|
"Public": "20190725"
|
|
},
|
|
{
|
|
"ID": "CVE-2021-28375",
|
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-862",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-28375",
|
|
"Impact": "High",
|
|
"Public": "20210315"
|
|
},
|
|
{
|
|
"ID": "CVE-2021-28660",
|
|
"CVSS": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
|
|
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-787",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-28660",
|
|
"Impact": "High",
|
|
"Public": "20210317"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:kworkstation:9",
|
|
"cpe:/o:alt:workstation:9",
|
|
"cpe:/o:alt:server:9",
|
|
"cpe:/o:alt:server-v:9",
|
|
"cpe:/o:alt:education:9",
|
|
"cpe:/o:alt:slinux:9",
|
|
"cpe:/o:alt:starterkit:p9",
|
|
"cpe:/o:alt:kworkstation:9.1",
|
|
"cpe:/o:alt:workstation:9.1",
|
|
"cpe:/o:alt:server:9.1",
|
|
"cpe:/o:alt:server-v:9.1",
|
|
"cpe:/o:alt:education:9.1",
|
|
"cpe:/o:alt:slinux:9.1",
|
|
"cpe:/o:alt:starterkit:9.1",
|
|
"cpe:/o:alt:kworkstation:9.2",
|
|
"cpe:/o:alt:workstation:9.2",
|
|
"cpe:/o:alt:server:9.2",
|
|
"cpe:/o:alt:server-v:9.2",
|
|
"cpe:/o:alt:education:9.2",
|
|
"cpe:/o:alt:slinux:9.2",
|
|
"cpe:/o:alt:starterkit:9.2"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:1001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211554001",
|
|
"Comment": "kernel-doc-std is earlier than 2:5.4.107-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211554002",
|
|
"Comment": "kernel-headers-modules-std-def is earlier than 2:5.4.107-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211554003",
|
|
"Comment": "kernel-headers-std-def is earlier than 2:5.4.107-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211554004",
|
|
"Comment": "kernel-image-domU-std-def is earlier than 2:5.4.107-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211554005",
|
|
"Comment": "kernel-image-std-def is earlier than 2:5.4.107-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211554006",
|
|
"Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.4.107-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211554007",
|
|
"Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.4.107-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211554008",
|
|
"Comment": "kernel-modules-drm-radeon-std-def is earlier than 2:5.4.107-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211554009",
|
|
"Comment": "kernel-modules-drm-std-def is earlier than 2:5.4.107-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211554010",
|
|
"Comment": "kernel-modules-ide-std-def is earlier than 2:5.4.107-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211554011",
|
|
"Comment": "kernel-modules-staging-std-def is earlier than 2:5.4.107-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20211554012",
|
|
"Comment": "kernel-modules-v4l-std-def is earlier than 2:5.4.107-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |