pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-07-30 03:04:11 +00:00
parent 100be2b0d5
commit 09d985727a
24 changed files with 2382 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
oval/p10/ALT-PU-2024-10003/definitions.json Normal file
View File

@ -0,0 +1,101 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202410003",
"Version": "oval:org.altlinux.errata:def:202410003",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-10003: package `kde5-kgpg` update to version 23.08.5-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-10003",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-10003",
"Source": "ALTPU"
}
],
"Description": "This update upgrades kde5-kgpg to version 23.08.5-alt2. \nSecurity Fix(es):\n\n * #41057: не работает проверка подписи через терминал",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-07-29"
},
"Updated": {
"Date": "2024-07-29"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "41057",
"Href": "https://bugzilla.altlinux.org/41057",
"Data": "не работает проверка подписи через терминал"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202410003001",
"Comment": "kde5-kgpg is earlier than 0:23.08.5-alt2"
}
]
}
]
}
}
]
}

34
oval/p10/ALT-PU-2024-10003/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202410003001",
"Version": "1",
"Comment": "kde5-kgpg is installed",
"Name": "kde5-kgpg"
}
]
}

23
oval/p10/ALT-PU-2024-10003/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202410003001",
"Version": "1",
"Comment": "package EVR is earlier than 0:23.08.5-alt2",
"Arch": {},
"EVR": {
"Text": "0:23.08.5-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p10/ALT-PU-2024-10003/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202410003001",
"Version": "1",
"Check": "all",
"Comment": "kde5-kgpg is earlier than 0:23.08.5-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410003001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410003001"
}
}
]
}

159
oval/p10/ALT-PU-2024-10161/definitions.json Normal file
View File

@ -0,0 +1,159 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202410161",
"Version": "oval:org.altlinux.errata:def:202410161",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-10161: package `nextcloud` update to version 29.0.2-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-10161",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-10161",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-00723",
"RefURL": "https://bdu.fstec.ru/vul/2024-00723",
"Source": "BDU"
},
{
"RefID": "BDU:2024-04874",
"RefURL": "https://bdu.fstec.ru/vul/2024-04874",
"Source": "BDU"
},
{
"RefID": "CVE-2024-22403",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-22403",
"Source": "CVE"
},
{
"RefID": "CVE-2024-37882",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-37882",
"Source": "CVE"
}
],
"Description": "This update upgrades nextcloud to version 29.0.2-alt1. \nSecurity Fix(es):\n\n * BDU:2024-00723: Уязвимость облачного программного обеспечения для создания и использования хранилища данных Nextcloud Server, связанная с неверным сроком действия сеанса, позволяющая нарушителю обойти процесс аутентификации\n\n * BDU:2024-04874: Уязвимость компонента Share облачного программного обеспечения для создания и использования хранилища данных Nextcloud Server, позволяющая нарушителю оказать воздействие на целостность данных или вызвать отказ в обслуживании\n\n * CVE-2024-22403: Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no longer be authenticated. To exploit this vulnerability an attacker would need to intercept an OAuth code from a user session. It is recommended that the Nextcloud Server is upgraded to 28.0.0. There are no known workarounds for this vulnerability.\n\n * CVE-2024-37882: Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read\u0026share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-07-29"
},
"Updated": {
"Date": "2024-07-29"
},
"BDUs": [
{
"ID": "BDU:2024-00723",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
"CWE": "CWE-613",
"Href": "https://bdu.fstec.ru/vul/2024-00723",
"Impact": "Low",
"Public": "20240118"
},
{
"ID": "BDU:2024-04874",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"CWE": "CWE-284",
"Href": "https://bdu.fstec.ru/vul/2024-04874",
"Impact": "High",
"Public": "20240614"
}
],
"CVEs": [
{
"ID": "CVE-2024-22403",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-613",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-22403",
"Impact": "Low",
"Public": "20240118"
},
{
"ID": "CVE-2024-37882",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-281",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-37882",
"Impact": "High",
"Public": "20240614"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202410161001",
"Comment": "nextcloud is earlier than 0:29.0.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410161002",
"Comment": "nextcloud-apache2 is earlier than 0:29.0.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410161003",
"Comment": "nextcloud-nginx is earlier than 0:29.0.2-alt1"
}
]
}
]
}
}
]
}

46
oval/p10/ALT-PU-2024-10161/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202410161001",
"Version": "1",
"Comment": "nextcloud is installed",
"Name": "nextcloud"
},
{
"ID": "oval:org.altlinux.errata:obj:202410161002",
"Version": "1",
"Comment": "nextcloud-apache2 is installed",
"Name": "nextcloud-apache2"
},
{
"ID": "oval:org.altlinux.errata:obj:202410161003",
"Version": "1",
"Comment": "nextcloud-nginx is installed",
"Name": "nextcloud-nginx"
}
]
}

23
oval/p10/ALT-PU-2024-10161/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202410161001",
"Version": "1",
"Comment": "package EVR is earlier than 0:29.0.2-alt1",
"Arch": {},
"EVR": {
"Text": "0:29.0.2-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/p10/ALT-PU-2024-10161/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202410161001",
"Version": "1",
"Check": "all",
"Comment": "nextcloud is earlier than 0:29.0.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410161001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410161001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410161002",
"Version": "1",
"Check": "all",
"Comment": "nextcloud-apache2 is earlier than 0:29.0.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410161002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410161001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410161003",
"Version": "1",
"Check": "all",
"Comment": "nextcloud-nginx is earlier than 0:29.0.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410161003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410161001"
}
}
]
}

123
oval/p10/ALT-PU-2024-10202/definitions.json Normal file
View File

@ -0,0 +1,123 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202410202",
"Version": "oval:org.altlinux.errata:def:202410202",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-10202: package `cri-o1.28` update to version 1.28.8-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-10202",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-10202",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-04923",
"RefURL": "https://bdu.fstec.ru/vul/2024-04923",
"Source": "BDU"
},
{
"RefID": "CVE-2024-5154",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5154",
"Source": "CVE"
}
],
"Description": "This update upgrades cri-o1.28 to version 1.28.8-alt1. \nSecurity Fix(es):\n\n * BDU:2024-04923: Уязвимость прикладного программного интерфейса CRI-O Container Engine программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю читать и записывать произвольные файлы в хост-системе\n\n * CVE-2024-5154: A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-07-29"
},
"Updated": {
"Date": "2024-07-29"
},
"BDUs": [
{
"ID": "BDU:2024-04923",
"CVSS": "AV:N/AC:L/Au:M/C:C/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"CWE": "CWE-668",
"Href": "https://bdu.fstec.ru/vul/2024-04923",
"Impact": "High",
"Public": "20240612"
}
],
"CVEs": [
{
"ID": "CVE-2024-5154",
"CWE": "CWE-668",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5154",
"Impact": "None",
"Public": "20240612"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202410202001",
"Comment": "cri-o1.28 is earlier than 0:1.28.8-alt1"
}
]
}
]
}
}
]
}

34
oval/p10/ALT-PU-2024-10202/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202410202001",
"Version": "1",
"Comment": "cri-o1.28 is installed",
"Name": "cri-o1.28"
}
]
}

23
oval/p10/ALT-PU-2024-10202/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202410202001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.28.8-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.28.8-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p10/ALT-PU-2024-10202/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202410202001",
"Version": "1",
"Check": "all",
"Comment": "cri-o1.28 is earlier than 0:1.28.8-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410202001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410202001"
}
}
]
}

545
oval/p10/ALT-PU-2024-10474/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

64
oval/p10/ALT-PU-2024-10474/objects.json Normal file
View File

@ -0,0 +1,64 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202410474001",
"Version": "1",
"Comment": "xpdf is installed",
"Name": "xpdf"
},
{
"ID": "oval:org.altlinux.errata:obj:202410474002",
"Version": "1",
"Comment": "xpdf-common is installed",
"Name": "xpdf-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202410474003",
"Version": "1",
"Comment": "xpdf-desktop is installed",
"Name": "xpdf-desktop"
},
{
"ID": "oval:org.altlinux.errata:obj:202410474004",
"Version": "1",
"Comment": "xpdf-i18n is installed",
"Name": "xpdf-i18n"
},
{
"ID": "oval:org.altlinux.errata:obj:202410474005",
"Version": "1",
"Comment": "xpdf-utils is installed",
"Name": "xpdf-utils"
},
{
"ID": "oval:org.altlinux.errata:obj:202410474006",
"Version": "1",
"Comment": "xpdf-viewer is installed",
"Name": "xpdf-viewer"
}
]
}

23
oval/p10/ALT-PU-2024-10474/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202410474001",
"Version": "1",
"Comment": "package EVR is earlier than 0:4.05-alt2",
"Arch": {},
"EVR": {
"Text": "0:4.05-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

90
oval/p10/ALT-PU-2024-10474/tests.json Normal file
View File

@ -0,0 +1,90 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202410474001",
"Version": "1",
"Check": "all",
"Comment": "xpdf is earlier than 0:4.05-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410474001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410474001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410474002",
"Version": "1",
"Check": "all",
"Comment": "xpdf-common is earlier than 0:4.05-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410474002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410474001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410474003",
"Version": "1",
"Check": "all",
"Comment": "xpdf-desktop is earlier than 0:4.05-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410474003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410474001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410474004",
"Version": "1",
"Check": "all",
"Comment": "xpdf-i18n is earlier than 0:4.05-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410474004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410474001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410474005",
"Version": "1",
"Check": "all",
"Comment": "xpdf-utils is earlier than 0:4.05-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410474005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410474001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410474006",
"Version": "1",
"Check": "all",
"Comment": "xpdf-viewer is earlier than 0:4.05-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410474006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410474001"
}
}
]
}

540
oval/p10/ALT-PU-2024-7467/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

64
oval/p10/ALT-PU-2024-7467/objects.json Normal file
View File

@ -0,0 +1,64 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20247467001",
"Version": "1",
"Comment": "xpdf is installed",
"Name": "xpdf"
},
{
"ID": "oval:org.altlinux.errata:obj:20247467002",
"Version": "1",
"Comment": "xpdf-common is installed",
"Name": "xpdf-common"
},
{
"ID": "oval:org.altlinux.errata:obj:20247467003",
"Version": "1",
"Comment": "xpdf-desktop is installed",
"Name": "xpdf-desktop"
},
{
"ID": "oval:org.altlinux.errata:obj:20247467004",
"Version": "1",
"Comment": "xpdf-i18n is installed",
"Name": "xpdf-i18n"
},
{
"ID": "oval:org.altlinux.errata:obj:20247467005",
"Version": "1",
"Comment": "xpdf-utils is installed",
"Name": "xpdf-utils"
},
{
"ID": "oval:org.altlinux.errata:obj:20247467006",
"Version": "1",
"Comment": "xpdf-viewer is installed",
"Name": "xpdf-viewer"
}
]
}

23
oval/p10/ALT-PU-2024-7467/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20247467001",
"Version": "1",
"Comment": "package EVR is earlier than 0:4.05-alt1",
"Arch": {},
"EVR": {
"Text": "0:4.05-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

90
oval/p10/ALT-PU-2024-7467/tests.json Normal file
View File

@ -0,0 +1,90 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20247467001",
"Version": "1",
"Check": "all",
"Comment": "xpdf is earlier than 0:4.05-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20247467001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20247467001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20247467002",
"Version": "1",
"Check": "all",
"Comment": "xpdf-common is earlier than 0:4.05-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20247467002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20247467001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20247467003",
"Version": "1",
"Check": "all",
"Comment": "xpdf-desktop is earlier than 0:4.05-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20247467003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20247467001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20247467004",
"Version": "1",
"Check": "all",
"Comment": "xpdf-i18n is earlier than 0:4.05-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20247467004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20247467001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20247467005",
"Version": "1",
"Check": "all",
"Comment": "xpdf-utils is earlier than 0:4.05-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20247467005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20247467001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20247467006",
"Version": "1",
"Check": "all",
"Comment": "xpdf-viewer is earlier than 0:4.05-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20247467006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20247467001"
}
}
]
}

140
oval/p10/ALT-PU-2024-8930/definitions.json Normal file
View File

@ -0,0 +1,140 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20248930",
"Version": "oval:org.altlinux.errata:def:20248930",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-8930: package `libgcrypt` update to version 1.10.2-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-8930",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-8930",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-00593",
"RefURL": "https://bdu.fstec.ru/vul/2022-00593",
"Source": "BDU"
},
{
"RefID": "CVE-2021-40528",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-40528",
"Source": "CVE"
}
],
"Description": "This update upgrades libgcrypt to version 1.10.2-alt2. \nSecurity Fix(es):\n\n * BDU:2022-00593: Уязвимость криптографической библиотеки Libgcrypt, связанная с использованием слабых криптографических алгоритмов, позволяющая нарушителю получить доступ к конфиденциальной информации\n\n * CVE-2021-40528: The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.\n\n * #47806: Прошу исправить версию",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-07-29"
},
"Updated": {
"Date": "2024-07-29"
},
"BDUs": [
{
"ID": "BDU:2022-00593",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-327",
"Href": "https://bdu.fstec.ru/vul/2022-00593",
"Impact": "Low",
"Public": "20210917"
}
],
"CVEs": [
{
"ID": "CVE-2021-40528",
"CVSS": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-327",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-40528",
"Impact": "Low",
"Public": "20210906"
}
],
"Bugzilla": [
{
"ID": "47806",
"Href": "https://bugzilla.altlinux.org/47806",
"Data": "Прошу исправить версию"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20248930001",
"Comment": "gcrypt-utils is earlier than 0:1.10.2-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248930002",
"Comment": "libgcrypt-devel is earlier than 0:1.10.2-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248930003",
"Comment": "libgcrypt20 is earlier than 0:1.10.2-alt2"
}
]
}
]
}
}
]
}

46
oval/p10/ALT-PU-2024-8930/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20248930001",
"Version": "1",
"Comment": "gcrypt-utils is installed",
"Name": "gcrypt-utils"
},
{
"ID": "oval:org.altlinux.errata:obj:20248930002",
"Version": "1",
"Comment": "libgcrypt-devel is installed",
"Name": "libgcrypt-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20248930003",
"Version": "1",
"Comment": "libgcrypt20 is installed",
"Name": "libgcrypt20"
}
]
}

23
oval/p10/ALT-PU-2024-8930/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20248930001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.10.2-alt2",
"Arch": {},
"EVR": {
"Text": "0:1.10.2-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/p10/ALT-PU-2024-8930/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20248930001",
"Version": "1",
"Check": "all",
"Comment": "gcrypt-utils is earlier than 0:1.10.2-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20248930001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20248930001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20248930002",
"Version": "1",
"Check": "all",
"Comment": "libgcrypt-devel is earlier than 0:1.10.2-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20248930002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20248930001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20248930003",
"Version": "1",
"Check": "all",
"Comment": "libgcrypt20 is earlier than 0:1.10.2-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20248930003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20248930001"
}
}
]
}