pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-11-26 03:04:48 +00:00
parent 7adfa88a34
commit 0c879f8add
36 changed files with 3120 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
oval/c10f1/ALT-PU-2024-15964/definitions.json Normal file
View File

@ -0,0 +1,133 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415964",
"Version": "oval:org.altlinux.errata:def:202415964",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15964: package `python3-module-setuptools` update to version 57.4.0-alt1.p10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15964",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15964",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-02445",
"RefURL": "https://bdu.fstec.ru/vul/2023-02445",
"Source": "BDU"
},
{
"RefID": "BDU:2024-05843",
"RefURL": "https://bdu.fstec.ru/vul/2024-05843",
"Source": "BDU"
},
{
"RefID": "CVE-2022-40897",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897",
"Source": "CVE"
},
{
"RefID": "CVE-2024-6345",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345",
"Source": "CVE"
}
],
"Description": "This update upgrades python3-module-setuptools to version 57.4.0-alt1.p10.1. \nSecurity Fix(es):\n\n * BDU:2023-02445: Уязвимость инструментов установки пакетов Python Packaging Authority, связанная с некорректным регулярным выражением, позволяющая нарушителю вызывать отказ в обслуживании\n\n * BDU:2024-05843: Уязвимость модуля package_index библиотеки упрощения упаковки проектов setuptools, связанная с неправильным контролем генерации кода, позволяющая нарушителю выполнять произвольные команды в системе\n\n * CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.\n\n * CVE-2024-6345: A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-25"
},
"Updated": {
"Date": "2024-11-25"
},
"BDUs": [
{
"ID": "BDU:2023-02445",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-185",
"Href": "https://bdu.fstec.ru/vul/2023-02445",
"Impact": "Low",
"Public": "20221222"
},
{
"ID": "BDU:2024-05843",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-94",
"Href": "https://bdu.fstec.ru/vul/2024-05843",
"Impact": "High",
"Public": "20240714"
}
],
"CVEs": [
{
"ID": "CVE-2022-40897",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-1333",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897",
"Impact": "Low",
"Public": "20221223"
},
{
"ID": "CVE-2024-6345",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345",
"Impact": "None",
"Public": "20240715"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415964001",
"Comment": "python3-module-pkg_resources is earlier than 1:57.4.0-alt1.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415964002",
"Comment": "python3-module-setuptools is earlier than 1:57.4.0-alt1.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415964003",
"Comment": "python3-module-setuptools-wheel is earlier than 1:57.4.0-alt1.p10.1"
}
]
}
]
}
}
]
}

46
oval/c10f1/ALT-PU-2024-15964/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415964001",
"Version": "1",
"Comment": "python3-module-pkg_resources is installed",
"Name": "python3-module-pkg_resources"
},
{
"ID": "oval:org.altlinux.errata:obj:202415964002",
"Version": "1",
"Comment": "python3-module-setuptools is installed",
"Name": "python3-module-setuptools"
},
{
"ID": "oval:org.altlinux.errata:obj:202415964003",
"Version": "1",
"Comment": "python3-module-setuptools-wheel is installed",
"Name": "python3-module-setuptools-wheel"
}
]
}

23
oval/c10f1/ALT-PU-2024-15964/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415964001",
"Version": "1",
"Comment": "package EVR is earlier than 1:57.4.0-alt1.p10.1",
"Arch": {},
"EVR": {
"Text": "1:57.4.0-alt1.p10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/c10f1/ALT-PU-2024-15964/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415964001",
"Version": "1",
"Check": "all",
"Comment": "python3-module-pkg_resources is earlier than 1:57.4.0-alt1.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415964001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415964001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415964002",
"Version": "1",
"Check": "all",
"Comment": "python3-module-setuptools is earlier than 1:57.4.0-alt1.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415964002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415964001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415964003",
"Version": "1",
"Check": "all",
"Comment": "python3-module-setuptools-wheel is earlier than 1:57.4.0-alt1.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415964003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415964001"
}
}
]
}

125
oval/c10f1/ALT-PU-2024-16020/definitions.json Normal file
View File

@ -0,0 +1,125 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416020",
"Version": "oval:org.altlinux.errata:def:202416020",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16020: package `python-module-urllib3` update to version 1.26.20-alt1.c10f1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16020",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16020",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-06977",
"RefURL": "https://bdu.fstec.ru/vul/2023-06977",
"Source": "BDU"
},
{
"RefID": "BDU:2023-08730",
"RefURL": "https://bdu.fstec.ru/vul/2023-08730",
"Source": "BDU"
},
{
"RefID": "CVE-2023-43804",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-43804",
"Source": "CVE"
},
{
"RefID": "CVE-2023-45803",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-45803",
"Source": "CVE"
}
],
"Description": "This update upgrades python-module-urllib3 to version 1.26.20-alt1.c10f1. \nSecurity Fix(es):\n\n * BDU:2023-06977: Уязвимость модуля urllib3 интерпретатора языка программирования Python, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2023-08730: Уязвимость модуля urllib3 интерпретатора языка программирования Python, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию\n\n * CVE-2023-43804: urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.\n\n * CVE-2023-45803: urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.\n",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-25"
},
"Updated": {
"Date": "2024-11-25"
},
"BDUs": [
{
"ID": "BDU:2023-06977",
"CVSS": "AV:A/AC:H/Au:M/C:C/I:N/A:N",
"CVSS3": "AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2023-06977",
"Impact": "Low",
"Public": "20231017"
},
{
"ID": "BDU:2023-08730",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2023-08730",
"Impact": "High",
"Public": "20231104"
}
],
"CVEs": [
{
"ID": "CVE-2023-43804",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-43804",
"Impact": "High",
"Public": "20231004"
},
{
"ID": "CVE-2023-45803",
"CVSS3": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-45803",
"Impact": "Low",
"Public": "20231017"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416020001",
"Comment": "python-module-urllib3 is earlier than 2:1.26.20-alt1.c10f1"
}
]
}
]
}
}
]
}

34
oval/c10f1/ALT-PU-2024-16020/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416020001",
"Version": "1",
"Comment": "python-module-urllib3 is installed",
"Name": "python-module-urllib3"
}
]
}

23
oval/c10f1/ALT-PU-2024-16020/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416020001",
"Version": "1",
"Comment": "package EVR is earlier than 2:1.26.20-alt1.c10f1",
"Arch": {},
"EVR": {
"Text": "2:1.26.20-alt1.c10f1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c10f1/ALT-PU-2024-16020/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416020001",
"Version": "1",
"Check": "all",
"Comment": "python-module-urllib3 is earlier than 2:1.26.20-alt1.c10f1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416020001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416020001"
}
}
]
}

86
oval/c10f1/ALT-PU-2024-16028/definitions.json Normal file
View File

@ -0,0 +1,86 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416028",
"Version": "oval:org.altlinux.errata:def:202416028",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16028: package `isync` update to version 1.4.4-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16028",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16028",
"Source": "ALTPU"
},
{
"RefID": "CVE-2021-3657",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3657",
"Source": "CVE"
}
],
"Description": "This update upgrades isync to version 1.4.4-alt1. \nSecurity Fix(es):\n\n * CVE-2021-3657: A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (\u003e=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-25"
},
"Updated": {
"Date": "2024-11-25"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2021-3657",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3657",
"Impact": "Critical",
"Public": "20220218"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416028001",
"Comment": "isync is earlier than 0:1.4.4-alt1"
}
]
}
]
}
}
]
}

34
oval/c10f1/ALT-PU-2024-16028/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416028001",
"Version": "1",
"Comment": "isync is installed",
"Name": "isync"
}
]
}

23
oval/c10f1/ALT-PU-2024-16028/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416028001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.4.4-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.4.4-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c10f1/ALT-PU-2024-16028/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416028001",
"Version": "1",
"Check": "all",
"Comment": "isync is earlier than 0:1.4.4-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416028001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416028001"
}
}
]
}

566
oval/c10f1/ALT-PU-2024-16030/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

40
oval/c10f1/ALT-PU-2024-16030/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416030001",
"Version": "1",
"Comment": "libpjsip is installed",
"Name": "libpjsip"
},
{
"ID": "oval:org.altlinux.errata:obj:202416030002",
"Version": "1",
"Comment": "libpjsip-devel is installed",
"Name": "libpjsip-devel"
}
]
}

23
oval/c10f1/ALT-PU-2024-16030/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416030001",
"Version": "1",
"Comment": "package EVR is earlier than 0:2.14.1-alt1",
"Arch": {},
"EVR": {
"Text": "0:2.14.1-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/c10f1/ALT-PU-2024-16030/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416030001",
"Version": "1",
"Check": "all",
"Comment": "libpjsip is earlier than 0:2.14.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416030001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416030001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416030002",
"Version": "1",
"Check": "all",
"Comment": "libpjsip-devel is earlier than 0:2.14.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416030002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416030001"
}
}
]
}

121
oval/c10f1/ALT-PU-2024-16036/definitions.json Normal file
View File

@ -0,0 +1,121 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416036",
"Version": "oval:org.altlinux.errata:def:202416036",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16036: package `mongo5.0` update to version 5.0.30-alt0.c10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16036",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16036",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-07683",
"RefURL": "https://bdu.fstec.ru/vul/2024-07683",
"Source": "BDU"
},
{
"RefID": "CVE-2024-8013",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8013",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8207",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8207",
"Source": "CVE"
}
],
"Description": "This update upgrades mongo5.0 to version 5.0.30-alt0.c10.1. \nSecurity Fix(es):\n\n * BDU:2024-07683: Уязвимость системы управления базами данных MongoDB, существующая из-за проблемы с управлением процессом, позволяющая нарушителю загрузить произвольные библиотеки и получить полный контроль над приложением\n\n * CVE-2024-8013: A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions.\n\n * CVE-2024-8207: In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.\n\nRequired Configuration: Only environments with Linux as the underlying operating system is affected by this issue",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-25"
},
"Updated": {
"Date": "2024-11-25"
},
"BDUs": [
{
"ID": "BDU:2024-07683",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-114, CWE-610",
"Href": "https://bdu.fstec.ru/vul/2024-07683",
"Impact": "Low",
"Public": "20220808"
}
],
"CVEs": [
{
"ID": "CVE-2024-8013",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-319",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8013",
"Impact": "Low",
"Public": "20241028"
},
{
"ID": "CVE-2024-8207",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-610",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8207",
"Impact": "Low",
"Public": "20240827"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416036001",
"Comment": "mongo5.0 is earlier than 0:5.0.30-alt0.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416036002",
"Comment": "mongo5.0-server-mongod is earlier than 0:5.0.30-alt0.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416036003",
"Comment": "mongo5.0-server-mongos is earlier than 0:5.0.30-alt0.c10.1"
}
]
}
]
}
}
]
}

46
oval/c10f1/ALT-PU-2024-16036/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416036001",
"Version": "1",
"Comment": "mongo5.0 is installed",
"Name": "mongo5.0"
},
{
"ID": "oval:org.altlinux.errata:obj:202416036002",
"Version": "1",
"Comment": "mongo5.0-server-mongod is installed",
"Name": "mongo5.0-server-mongod"
},
{
"ID": "oval:org.altlinux.errata:obj:202416036003",
"Version": "1",
"Comment": "mongo5.0-server-mongos is installed",
"Name": "mongo5.0-server-mongos"
}
]
}

23
oval/c10f1/ALT-PU-2024-16036/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416036001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.0.30-alt0.c10.1",
"Arch": {},
"EVR": {
"Text": "0:5.0.30-alt0.c10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/c10f1/ALT-PU-2024-16036/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416036001",
"Version": "1",
"Check": "all",
"Comment": "mongo5.0 is earlier than 0:5.0.30-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416036001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416036001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416036002",
"Version": "1",
"Check": "all",
"Comment": "mongo5.0-server-mongod is earlier than 0:5.0.30-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416036002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416036001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416036003",
"Version": "1",
"Check": "all",
"Comment": "mongo5.0-server-mongos is earlier than 0:5.0.30-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416036003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416036001"
}
}
]
}

117
oval/c10f1/ALT-PU-2024-16109/definitions.json Normal file
View File

@ -0,0 +1,117 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416109",
"Version": "oval:org.altlinux.errata:def:202416109",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16109: package `mongo6.0` update to version 6.0.19-alt0.c10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16109",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16109",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-08901",
"RefURL": "https://bdu.fstec.ru/vul/2024-08901",
"Source": "BDU"
},
{
"RefID": "CVE-2024-8013",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8013",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8305",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8305",
"Source": "CVE"
}
],
"Description": "This update upgrades mongo6.0 to version 6.0.19-alt0.c10.1. \nSecurity Fix(es):\n\n * BDU:2024-08901: Уязвимость системы управления базами данных MongoDB, связанная с неправильной проверкой согласованности во входных данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2024-8013: A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions.\n\n * CVE-2024-8305: prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-25"
},
"Updated": {
"Date": "2024-11-25"
},
"BDUs": [
{
"ID": "BDU:2024-08901",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-1288",
"Href": "https://bdu.fstec.ru/vul/2024-08901",
"Impact": "Low",
"Public": "20240712"
}
],
"CVEs": [
{
"ID": "CVE-2024-8013",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-319",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8013",
"Impact": "Low",
"Public": "20241028"
},
{
"ID": "CVE-2024-8305",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8305",
"Impact": "Low",
"Public": "20241021"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416109001",
"Comment": "mongo6.0-server-mongod is earlier than 0:6.0.19-alt0.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416109002",
"Comment": "mongo6.0-server-mongos is earlier than 0:6.0.19-alt0.c10.1"
}
]
}
]
}
}
]
}

40
oval/c10f1/ALT-PU-2024-16109/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416109001",
"Version": "1",
"Comment": "mongo6.0-server-mongod is installed",
"Name": "mongo6.0-server-mongod"
},
{
"ID": "oval:org.altlinux.errata:obj:202416109002",
"Version": "1",
"Comment": "mongo6.0-server-mongos is installed",
"Name": "mongo6.0-server-mongos"
}
]
}

23
oval/c10f1/ALT-PU-2024-16109/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416109001",
"Version": "1",
"Comment": "package EVR is earlier than 0:6.0.19-alt0.c10.1",
"Arch": {},
"EVR": {
"Text": "0:6.0.19-alt0.c10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/c10f1/ALT-PU-2024-16109/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416109001",
"Version": "1",
"Check": "all",
"Comment": "mongo6.0-server-mongod is earlier than 0:6.0.19-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416109001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416109001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416109002",
"Version": "1",
"Check": "all",
"Comment": "mongo6.0-server-mongos is earlier than 0:6.0.19-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416109002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416109001"
}
}
]
}

129
oval/c9f2/ALT-PU-2024-15946/definitions.json Normal file
View File

@ -0,0 +1,129 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415946",
"Version": "oval:org.altlinux.errata:def:202415946",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15946: package `python-module-urllib3` update to version 1.26.20-alt0.c9",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15946",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15946",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-06977",
"RefURL": "https://bdu.fstec.ru/vul/2023-06977",
"Source": "BDU"
},
{
"RefID": "BDU:2023-08730",
"RefURL": "https://bdu.fstec.ru/vul/2023-08730",
"Source": "BDU"
},
{
"RefID": "CVE-2023-43804",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-43804",
"Source": "CVE"
},
{
"RefID": "CVE-2023-45803",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-45803",
"Source": "CVE"
}
],
"Description": "This update upgrades python-module-urllib3 to version 1.26.20-alt0.c9. \nSecurity Fix(es):\n\n * BDU:2023-06977: Уязвимость модуля urllib3 интерпретатора языка программирования Python, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2023-08730: Уязвимость модуля urllib3 интерпретатора языка программирования Python, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию\n\n * CVE-2023-43804: urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.\n\n * CVE-2023-45803: urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.\n",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-25"
},
"Updated": {
"Date": "2024-11-25"
},
"BDUs": [
{
"ID": "BDU:2023-06977",
"CVSS": "AV:A/AC:H/Au:M/C:C/I:N/A:N",
"CVSS3": "AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2023-06977",
"Impact": "Low",
"Public": "20231017"
},
{
"ID": "BDU:2023-08730",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2023-08730",
"Impact": "High",
"Public": "20231104"
}
],
"CVEs": [
{
"ID": "CVE-2023-43804",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-43804",
"Impact": "High",
"Public": "20231004"
},
{
"ID": "CVE-2023-45803",
"CVSS3": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-45803",
"Impact": "Low",
"Public": "20231017"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415946001",
"Comment": "python-module-urllib3 is earlier than 2:1.26.20-alt0.c9"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415946002",
"Comment": "python3-module-urllib3 is earlier than 2:1.26.20-alt0.c9"
}
]
}
]
}
}
]
}

40
oval/c9f2/ALT-PU-2024-15946/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415946001",
"Version": "1",
"Comment": "python-module-urllib3 is installed",
"Name": "python-module-urllib3"
},
{
"ID": "oval:org.altlinux.errata:obj:202415946002",
"Version": "1",
"Comment": "python3-module-urllib3 is installed",
"Name": "python3-module-urllib3"
}
]
}

23
oval/c9f2/ALT-PU-2024-15946/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415946001",
"Version": "1",
"Comment": "package EVR is earlier than 2:1.26.20-alt0.c9",
"Arch": {},
"EVR": {
"Text": "2:1.26.20-alt0.c9",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/c9f2/ALT-PU-2024-15946/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415946001",
"Version": "1",
"Check": "all",
"Comment": "python-module-urllib3 is earlier than 2:1.26.20-alt0.c9",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415946001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415946001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415946002",
"Version": "1",
"Check": "all",
"Comment": "python3-module-urllib3 is earlier than 2:1.26.20-alt0.c9",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415946002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415946001"
}
}
]
}

145
oval/p10/ALT-PU-2024-16016/definitions.json Normal file
View File

@ -0,0 +1,145 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416016",
"Version": "oval:org.altlinux.errata:def:202416016",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16016: package `mongo5.0` update to version 5.0.30-alt0.p10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16016",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16016",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-07683",
"RefURL": "https://bdu.fstec.ru/vul/2024-07683",
"Source": "BDU"
},
{
"RefID": "CVE-2024-8013",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8013",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8207",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8207",
"Source": "CVE"
}
],
"Description": "This update upgrades mongo5.0 to version 5.0.30-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2024-07683: Уязвимость системы управления базами данных MongoDB, существующая из-за проблемы с управлением процессом, позволяющая нарушителю загрузить произвольные библиотеки и получить полный контроль над приложением\n\n * CVE-2024-8013: A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions.\n\n * CVE-2024-8207: In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.\n\nRequired Configuration: Only environments with Linux as the underlying operating system is affected by this issue",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-25"
},
"Updated": {
"Date": "2024-11-25"
},
"BDUs": [
{
"ID": "BDU:2024-07683",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-114, CWE-610",
"Href": "https://bdu.fstec.ru/vul/2024-07683",
"Impact": "Low",
"Public": "20220808"
}
],
"CVEs": [
{
"ID": "CVE-2024-8013",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-319",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8013",
"Impact": "Low",
"Public": "20241028"
},
{
"ID": "CVE-2024-8207",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-610",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8207",
"Impact": "Low",
"Public": "20240827"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416016001",
"Comment": "mongo5.0 is earlier than 0:5.0.30-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416016002",
"Comment": "mongo5.0-server-mongod is earlier than 0:5.0.30-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416016003",
"Comment": "mongo5.0-server-mongos is earlier than 0:5.0.30-alt0.p10.1"
}
]
}
]
}
}
]
}

46
oval/p10/ALT-PU-2024-16016/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416016001",
"Version": "1",
"Comment": "mongo5.0 is installed",
"Name": "mongo5.0"
},
{
"ID": "oval:org.altlinux.errata:obj:202416016002",
"Version": "1",
"Comment": "mongo5.0-server-mongod is installed",
"Name": "mongo5.0-server-mongod"
},
{
"ID": "oval:org.altlinux.errata:obj:202416016003",
"Version": "1",
"Comment": "mongo5.0-server-mongos is installed",
"Name": "mongo5.0-server-mongos"
}
]
}

23
oval/p10/ALT-PU-2024-16016/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416016001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.0.30-alt0.p10.1",
"Arch": {},
"EVR": {
"Text": "0:5.0.30-alt0.p10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/p10/ALT-PU-2024-16016/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416016001",
"Version": "1",
"Check": "all",
"Comment": "mongo5.0 is earlier than 0:5.0.30-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416016001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416016001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416016002",
"Version": "1",
"Check": "all",
"Comment": "mongo5.0-server-mongod is earlier than 0:5.0.30-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416016002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416016001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416016003",
"Version": "1",
"Check": "all",
"Comment": "mongo5.0-server-mongos is earlier than 0:5.0.30-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416016003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416016001"
}
}
]
}

501
oval/p10/ALT-PU-2024-16022/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

118
oval/p10/ALT-PU-2024-16022/objects.json Normal file
View File

@ -0,0 +1,118 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416022001",
"Version": "1",
"Comment": "jetty is installed",
"Name": "jetty"
},
{
"ID": "oval:org.altlinux.errata:obj:202416022002",
"Version": "1",
"Comment": "jetty-client is installed",
"Name": "jetty-client"
},
{
"ID": "oval:org.altlinux.errata:obj:202416022003",
"Version": "1",
"Comment": "jetty-continuation is installed",
"Name": "jetty-continuation"
},
{
"ID": "oval:org.altlinux.errata:obj:202416022004",
"Version": "1",
"Comment": "jetty-http is installed",
"Name": "jetty-http"
},
{
"ID": "oval:org.altlinux.errata:obj:202416022005",
"Version": "1",
"Comment": "jetty-io is installed",
"Name": "jetty-io"
},
{
"ID": "oval:org.altlinux.errata:obj:202416022006",
"Version": "1",
"Comment": "jetty-jaas is installed",
"Name": "jetty-jaas"
},
{
"ID": "oval:org.altlinux.errata:obj:202416022007",
"Version": "1",
"Comment": "jetty-javadoc is installed",
"Name": "jetty-javadoc"
},
{
"ID": "oval:org.altlinux.errata:obj:202416022008",
"Version": "1",
"Comment": "jetty-jmx is installed",
"Name": "jetty-jmx"
},
{
"ID": "oval:org.altlinux.errata:obj:202416022009",
"Version": "1",
"Comment": "jetty-security is installed",
"Name": "jetty-security"
},
{
"ID": "oval:org.altlinux.errata:obj:202416022010",
"Version": "1",
"Comment": "jetty-server is installed",
"Name": "jetty-server"
},
{
"ID": "oval:org.altlinux.errata:obj:202416022011",
"Version": "1",
"Comment": "jetty-servlet is installed",
"Name": "jetty-servlet"
},
{
"ID": "oval:org.altlinux.errata:obj:202416022012",
"Version": "1",
"Comment": "jetty-util is installed",
"Name": "jetty-util"
},
{
"ID": "oval:org.altlinux.errata:obj:202416022013",
"Version": "1",
"Comment": "jetty-util-ajax is installed",
"Name": "jetty-util-ajax"
},
{
"ID": "oval:org.altlinux.errata:obj:202416022014",
"Version": "1",
"Comment": "jetty-webapp is installed",
"Name": "jetty-webapp"
},
{
"ID": "oval:org.altlinux.errata:obj:202416022015",
"Version": "1",
"Comment": "jetty-xml is installed",
"Name": "jetty-xml"
}
]
}

23
oval/p10/ALT-PU-2024-16022/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416022001",
"Version": "1",
"Comment": "package EVR is earlier than 0:9.4.56-alt1",
"Arch": {},
"EVR": {
"Text": "0:9.4.56-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

198
oval/p10/ALT-PU-2024-16022/tests.json Normal file
View File

@ -0,0 +1,198 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416022001",
"Version": "1",
"Check": "all",
"Comment": "jetty is earlier than 0:9.4.56-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416022001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416022001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416022002",
"Version": "1",
"Check": "all",
"Comment": "jetty-client is earlier than 0:9.4.56-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416022002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416022001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416022003",
"Version": "1",
"Check": "all",
"Comment": "jetty-continuation is earlier than 0:9.4.56-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416022003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416022001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416022004",
"Version": "1",
"Check": "all",
"Comment": "jetty-http is earlier than 0:9.4.56-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416022004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416022001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416022005",
"Version": "1",
"Check": "all",
"Comment": "jetty-io is earlier than 0:9.4.56-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416022005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416022001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416022006",
"Version": "1",
"Check": "all",
"Comment": "jetty-jaas is earlier than 0:9.4.56-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416022006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416022001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416022007",
"Version": "1",
"Check": "all",
"Comment": "jetty-javadoc is earlier than 0:9.4.56-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416022007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416022001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416022008",
"Version": "1",
"Check": "all",
"Comment": "jetty-jmx is earlier than 0:9.4.56-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416022008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416022001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416022009",
"Version": "1",
"Check": "all",
"Comment": "jetty-security is earlier than 0:9.4.56-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416022009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416022001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416022010",
"Version": "1",
"Check": "all",
"Comment": "jetty-server is earlier than 0:9.4.56-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416022010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416022001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416022011",
"Version": "1",
"Check": "all",
"Comment": "jetty-servlet is earlier than 0:9.4.56-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416022011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416022001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416022012",
"Version": "1",
"Check": "all",
"Comment": "jetty-util is earlier than 0:9.4.56-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416022012"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416022001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416022013",
"Version": "1",
"Check": "all",
"Comment": "jetty-util-ajax is earlier than 0:9.4.56-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416022013"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416022001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416022014",
"Version": "1",
"Check": "all",
"Comment": "jetty-webapp is earlier than 0:9.4.56-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416022014"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416022001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416022015",
"Version": "1",
"Check": "all",
"Comment": "jetty-xml is earlier than 0:9.4.56-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416022015"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416022001"
}
}
]
}