ALT Vulnerability

This commit is contained in:
Иван Пепеляев 2024-08-16 03:05:08 +00:00
parent 327ba903b3
commit 0d703a20bc
8 changed files with 417 additions and 0 deletions

@ -0,0 +1,112 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202411127",
"Version": "oval:org.altlinux.errata:def:202411127",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-11127: package `mimetex` update to version 1.76-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-11127",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-11127",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-03488",
"RefURL": "https://bdu.fstec.ru/vul/2015-03488",
"Source": "BDU"
},
{
"RefID": "CVE-2009-1382",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2009-1382",
"Source": "CVE"
},
{
"RefID": "CVE-2009-2459",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2009-2459",
"Source": "CVE"
}
],
"Description": "This update upgrades mimetex to version 1.76-alt1. \nSecurity Fix(es):\n\n * BDU:2015-03488: Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * CVE-2009-1382: Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when downloaded before 20090713, allow remote attackers to execute arbitrary code via a TeX file with long (1) picture, (2) circle, or (3) input tags.\n\n * CVE-2009-2459: Multiple unspecified vulnerabilities in mimeTeX, when downloaded before 20090713, have unknown impact and attack vectors related to the (1) \\environ, (2) \\input, and (3) \\counter TeX directives.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-08-15"
},
"Updated": {
"Date": "2024-08-15"
},
"BDUs": [
{
"ID": "BDU:2015-03488",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2015-03488",
"Impact": "Critical",
"Public": "20090714"
}
],
"CVEs": [
{
"ID": "CVE-2009-1382",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2009-1382",
"Impact": "Critical",
"Public": "20090714"
},
{
"ID": "CVE-2009-2459",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2009-2459",
"Impact": "Critical",
"Public": "20090714"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202411127001",
"Comment": "mimetex is earlier than 0:1.76-alt1"
}
]
}
]
}
}
]
}

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202411127001",
"Version": "1",
"Comment": "mimetex is installed",
"Name": "mimetex"
}
]
}

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202411127001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.76-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.76-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202411127001",
"Version": "1",
"Check": "all",
"Comment": "mimetex is earlier than 0:1.76-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411127001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411127001"
}
}
]
}

@ -0,0 +1,113 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202411019",
"Version": "oval:org.altlinux.errata:def:202411019",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-11019: package `mongo6.0` update to version 6.0.16-alt0.p10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-11019",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-11019",
"Source": "ALTPU"
},
{
"RefID": "CVE-2024-6375",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-6375",
"Source": "CVE"
}
],
"Description": "This update upgrades mongo6.0 to version 6.0.16-alt0.p10.1. \nSecurity Fix(es):\n\n * CVE-2024-6375: A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-08-15"
},
"Updated": {
"Date": "2024-08-15"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2024-6375",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"CWE": "CWE-862",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-6375",
"Impact": "Low",
"Public": "20240701"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202411019001",
"Comment": "mongo6.0-server-mongod is earlier than 0:6.0.16-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411019002",
"Comment": "mongo6.0-server-mongos is earlier than 0:6.0.16-alt0.p10.1"
}
]
}
]
}
}
]
}

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202411019001",
"Version": "1",
"Comment": "mongo6.0-server-mongod is installed",
"Name": "mongo6.0-server-mongod"
},
{
"ID": "oval:org.altlinux.errata:obj:202411019002",
"Version": "1",
"Comment": "mongo6.0-server-mongos is installed",
"Name": "mongo6.0-server-mongos"
}
]
}

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202411019001",
"Version": "1",
"Comment": "package EVR is earlier than 0:6.0.16-alt0.p10.1",
"Arch": {},
"EVR": {
"Text": "0:6.0.16-alt0.p10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202411019001",
"Version": "1",
"Check": "all",
"Comment": "mongo6.0-server-mongod is earlier than 0:6.0.16-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411019001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411019001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411019002",
"Version": "1",
"Check": "all",
"Comment": "mongo6.0-server-mongos is earlier than 0:6.0.16-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411019002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411019001"
}
}
]
}