From 10dcb5488ef203b9cff32b54e78ca74dce50e584 Mon Sep 17 00:00:00 2001 From: pepelyaevip Date: Sat, 1 Jun 2024 09:02:30 +0000 Subject: [PATCH] ALT Vulnerability --- oval/p10/ALT-PU-2024-8127/definitions.json | 109 +++++++++++++++++++++ oval/p10/ALT-PU-2024-8127/objects.json | 46 +++++++++ oval/p10/ALT-PU-2024-8127/states.json | 23 +++++ oval/p10/ALT-PU-2024-8127/tests.json | 54 ++++++++++ 4 files changed, 232 insertions(+) create mode 100644 oval/p10/ALT-PU-2024-8127/definitions.json create mode 100644 oval/p10/ALT-PU-2024-8127/objects.json create mode 100644 oval/p10/ALT-PU-2024-8127/states.json create mode 100644 oval/p10/ALT-PU-2024-8127/tests.json diff --git a/oval/p10/ALT-PU-2024-8127/definitions.json b/oval/p10/ALT-PU-2024-8127/definitions.json new file mode 100644 index 0000000000..34c5a6e219 --- /dev/null +++ b/oval/p10/ALT-PU-2024-8127/definitions.json @@ -0,0 +1,109 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20248127", + "Version": "oval:org.altlinux.errata:def:20248127", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-8127: package `gem-puppet` update to version 7.20.0-alt2.p10.0", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-8127", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-8127", + "Source": "ALTPU" + } + ], + "Description": "This update upgrades gem-puppet to version 7.20.0-alt2.p10.0. \nSecurity Fix(es):\n\n * #50275: puppet-агент каждый прогон пытается обновить пакет", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-06-01" + }, + "Updated": { + "Date": "2024-06-01" + }, + "BDUs": null, + "Bugzilla": [ + { + "ID": "50275", + "Href": "https://bugzilla.altlinux.org/50275", + "Data": "puppet-агент каждый прогон пытается обновить пакет" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20248127001", + "Comment": "gem-puppet is earlier than 0:7.20.0-alt2.p10.0" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20248127002", + "Comment": "gem-puppet-doc is earlier than 0:7.20.0-alt2.p10.0" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20248127003", + "Comment": "puppet is earlier than 0:7.20.0-alt2.p10.0" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-8127/objects.json b/oval/p10/ALT-PU-2024-8127/objects.json new file mode 100644 index 0000000000..e4dac5cde2 --- /dev/null +++ b/oval/p10/ALT-PU-2024-8127/objects.json @@ -0,0 +1,46 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20248127001", + "Version": "1", + "Comment": "gem-puppet is installed", + "Name": "gem-puppet" + }, + { + "ID": "oval:org.altlinux.errata:obj:20248127002", + "Version": "1", + "Comment": "gem-puppet-doc is installed", + "Name": "gem-puppet-doc" + }, + { + "ID": "oval:org.altlinux.errata:obj:20248127003", + "Version": "1", + "Comment": "puppet is installed", + "Name": "puppet" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-8127/states.json b/oval/p10/ALT-PU-2024-8127/states.json new file mode 100644 index 0000000000..c50785f718 --- /dev/null +++ b/oval/p10/ALT-PU-2024-8127/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:20248127001", + "Version": "1", + "Comment": "package EVR is earlier than 0:7.20.0-alt2.p10.0", + "Arch": {}, + "EVR": { + "Text": "0:7.20.0-alt2.p10.0", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-8127/tests.json b/oval/p10/ALT-PU-2024-8127/tests.json new file mode 100644 index 0000000000..d567000906 --- /dev/null +++ b/oval/p10/ALT-PU-2024-8127/tests.json @@ -0,0 +1,54 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20248127001", + "Version": "1", + "Check": "all", + "Comment": "gem-puppet is earlier than 0:7.20.0-alt2.p10.0", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20248127001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20248127001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20248127002", + "Version": "1", + "Check": "all", + "Comment": "gem-puppet-doc is earlier than 0:7.20.0-alt2.p10.0", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20248127002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20248127001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20248127003", + "Version": "1", + "Check": "all", + "Comment": "puppet is earlier than 0:7.20.0-alt2.p10.0", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20248127003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20248127001" + } + } + ] +} \ No newline at end of file