pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-10-18 03:05:34 +00:00
parent b7e4f7477b
commit 170ca885ca
20 changed files with 1460 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

208
oval/c9f2/ALT-PU-2024-13885/definitions.json Normal file
View File

@ -0,0 +1,208 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202413885",
"Version": "oval:org.altlinux.errata:def:202413885",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-13885: package `musl` update to version 1.2.5-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-13885",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-13885",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-01447",
"RefURL": "https://bdu.fstec.ru/vul/2021-01447",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01480",
"RefURL": "https://bdu.fstec.ru/vul/2021-01480",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05187",
"RefURL": "https://bdu.fstec.ru/vul/2022-05187",
"Source": "BDU"
},
{
"RefID": "CVE-2015-1817",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-1817",
"Source": "CVE"
},
{
"RefID": "CVE-2016-8859",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8859",
"Source": "CVE"
},
{
"RefID": "CVE-2017-15650",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-15650",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14697",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14697",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28928",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28928",
"Source": "CVE"
}
],
"Description": "This update upgrades musl to version 1.2.5-alt2. \nSecurity Fix(es):\n\n * BDU:2021-01447: Уязвимость функции dns_parse_callback в network/lookup_name.c библиотеки для языка Си для операционных систем на основе ядра операционных систем Linux Musl, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01480: Уязвимость директории math/i386/ библиотеки языка С для операционных систем на основе ядра операционных систем Linux Musl, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-05187: Уязвимость функции wcsnrtombs библиотеки для языка Си для операционных систем на основе ядра операционных систем Linux Musl, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2015-1817: Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.\n\n * CVE-2016-8859: Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.\n\n * CVE-2017-15650: musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.\n\n * CVE-2019-14697: musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.\n\n * CVE-2020-28928: In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).\n\n * #49857: /lib/ld-musl-x86_64.so.1 is a broken symlink on merged-usr",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-10-17"
},
"Updated": {
"Date": "2024-10-17"
},
"BDUs": [
{
"ID": "BDU:2021-01447",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2021-01447",
"Impact": "High",
"Public": "20171018"
},
{
"ID": "BDU:2021-01480",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-01480",
"Impact": "Critical",
"Public": "20190806"
},
{
"ID": "BDU:2022-05187",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-787, CWE-835",
"Href": "https://bdu.fstec.ru/vul/2022-05187",
"Impact": "Low",
"Public": "20201118"
}
],
"CVEs": [
{
"ID": "CVE-2015-1817",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-1817",
"Impact": "Critical",
"Public": "20170818"
},
{
"ID": "CVE-2016-8859",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-8859",
"Impact": "Critical",
"Public": "20170213"
},
{
"ID": "CVE-2017-15650",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-15650",
"Impact": "High",
"Public": "20171019"
},
{
"ID": "CVE-2019-14697",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14697",
"Impact": "Critical",
"Public": "20190806"
},
{
"ID": "CVE-2020-28928",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28928",
"Impact": "Low",
"Public": "20201124"
}
],
"Bugzilla": [
{
"ID": "49857",
"Href": "https://bugzilla.altlinux.org/49857",
"Data": "/lib/ld-musl-x86_64.so.1 is a broken symlink on merged-usr"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202413885001",
"Comment": "musl-checkinstall is earlier than 0:1.2.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202413885002",
"Comment": "musl-devel is earlier than 0:1.2.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202413885003",
"Comment": "musl-devel-static is earlier than 0:1.2.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202413885004",
"Comment": "musl-libc is earlier than 0:1.2.5-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202413885005",
"Comment": "rpm-macros-musl is earlier than 0:1.2.5-alt2"
}
]
}
]
}
}
]
}

58
oval/c9f2/ALT-PU-2024-13885/objects.json Normal file
View File

@ -0,0 +1,58 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202413885001",
"Version": "1",
"Comment": "musl-checkinstall is installed",
"Name": "musl-checkinstall"
},
{
"ID": "oval:org.altlinux.errata:obj:202413885002",
"Version": "1",
"Comment": "musl-devel is installed",
"Name": "musl-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202413885003",
"Version": "1",
"Comment": "musl-devel-static is installed",
"Name": "musl-devel-static"
},
{
"ID": "oval:org.altlinux.errata:obj:202413885004",
"Version": "1",
"Comment": "musl-libc is installed",
"Name": "musl-libc"
},
{
"ID": "oval:org.altlinux.errata:obj:202413885005",
"Version": "1",
"Comment": "rpm-macros-musl is installed",
"Name": "rpm-macros-musl"
}
]
}

23
oval/c9f2/ALT-PU-2024-13885/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202413885001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.2.5-alt2",
"Arch": {},
"EVR": {
"Text": "0:1.2.5-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

78
oval/c9f2/ALT-PU-2024-13885/tests.json Normal file
View File

@ -0,0 +1,78 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202413885001",
"Version": "1",
"Check": "all",
"Comment": "musl-checkinstall is earlier than 0:1.2.5-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413885001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413885001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202413885002",
"Version": "1",
"Check": "all",
"Comment": "musl-devel is earlier than 0:1.2.5-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413885002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413885001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202413885003",
"Version": "1",
"Check": "all",
"Comment": "musl-devel-static is earlier than 0:1.2.5-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413885003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413885001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202413885004",
"Version": "1",
"Check": "all",
"Comment": "musl-libc is earlier than 0:1.2.5-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413885004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413885001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202413885005",
"Version": "1",
"Check": "all",
"Comment": "rpm-macros-musl is earlier than 0:1.2.5-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413885005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413885001"
}
}
]
}

112
oval/c9f2/ALT-PU-2024-14056/definitions.json Normal file
View File

@ -0,0 +1,112 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414056",
"Version": "oval:org.altlinux.errata:def:202414056",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14056: package `sqlcipher` update to version 4.6.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14056",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14056",
"Source": "ALTPU"
},
{
"RefID": "CVE-2020-27207",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-27207",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3119",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3119",
"Source": "CVE"
}
],
"Description": "This update upgrades sqlcipher to version 4.6.1-alt1. \nSecurity Fix(es):\n\n * CVE-2020-27207: Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read.\n\n * CVE-2021-3119: Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing issue related to sqlcipher_export in crypto.c and sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a remote denial of service attack. For example, an SQL injection can be used to execute the crafted SQL command sequence, which causes a segmentation fault.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-10-17"
},
"Updated": {
"Date": "2024-10-17"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2020-27207",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-27207",
"Impact": "High",
"Public": "20201126"
},
{
"ID": "CVE-2021-3119",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3119",
"Impact": "High",
"Public": "20210325"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414056001",
"Comment": "libsqlcipher is earlier than 0:4.6.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414056002",
"Comment": "libsqlcipher-devel is earlier than 0:4.6.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414056003",
"Comment": "sqlcipher is earlier than 0:4.6.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414056004",
"Comment": "sqlcipher-tcl is earlier than 0:4.6.1-alt1"
}
]
}
]
}
}
]
}

52
oval/c9f2/ALT-PU-2024-14056/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414056001",
"Version": "1",
"Comment": "libsqlcipher is installed",
"Name": "libsqlcipher"
},
{
"ID": "oval:org.altlinux.errata:obj:202414056002",
"Version": "1",
"Comment": "libsqlcipher-devel is installed",
"Name": "libsqlcipher-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414056003",
"Version": "1",
"Comment": "sqlcipher is installed",
"Name": "sqlcipher"
},
{
"ID": "oval:org.altlinux.errata:obj:202414056004",
"Version": "1",
"Comment": "sqlcipher-tcl is installed",
"Name": "sqlcipher-tcl"
}
]
}

23
oval/c9f2/ALT-PU-2024-14056/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414056001",
"Version": "1",
"Comment": "package EVR is earlier than 0:4.6.1-alt1",
"Arch": {},
"EVR": {
"Text": "0:4.6.1-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/c9f2/ALT-PU-2024-14056/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414056001",
"Version": "1",
"Check": "all",
"Comment": "libsqlcipher is earlier than 0:4.6.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414056001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414056001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414056002",
"Version": "1",
"Check": "all",
"Comment": "libsqlcipher-devel is earlier than 0:4.6.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414056002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414056001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414056003",
"Version": "1",
"Check": "all",
"Comment": "sqlcipher is earlier than 0:4.6.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414056003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414056001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414056004",
"Version": "1",
"Check": "all",
"Comment": "sqlcipher-tcl is earlier than 0:4.6.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414056004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414056001"
}
}
]
}

120
oval/c9f2/ALT-PU-2024-14062/definitions.json Normal file
View File

@ -0,0 +1,120 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414062",
"Version": "oval:org.altlinux.errata:def:202414062",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14062: package `mini_httpd` update to version 1.30-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14062",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14062",
"Source": "ALTPU"
},
{
"RefID": "CVE-2009-4490",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2009-4490",
"Source": "CVE"
},
{
"RefID": "CVE-2015-1548",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-1548",
"Source": "CVE"
},
{
"RefID": "CVE-2017-17663",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-17663",
"Source": "CVE"
}
],
"Description": "This update upgrades mini_httpd to version 1.30-alt1. \nSecurity Fix(es):\n\n * CVE-2009-4490: mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.\n\n * CVE-2015-1548: mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read.\n\n * CVE-2017-17663: The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-10-17"
},
"Updated": {
"Date": "2024-10-17"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2009-4490",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2009-4490",
"Impact": "Low",
"Public": "20100113"
},
{
"ID": "CVE-2015-1548",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-1548",
"Impact": "Low",
"Public": "20150210"
},
{
"ID": "CVE-2017-17663",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-17663",
"Impact": "Critical",
"Public": "20180206"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414062001",
"Comment": "mini_httpd is earlier than 0:1.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414062002",
"Comment": "mini_httpd-htpasswd is earlier than 0:1.30-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414062003",
"Comment": "mini_httpd-single is earlier than 0:1.30-alt1"
}
]
}
]
}
}
]
}

46
oval/c9f2/ALT-PU-2024-14062/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414062001",
"Version": "1",
"Comment": "mini_httpd is installed",
"Name": "mini_httpd"
},
{
"ID": "oval:org.altlinux.errata:obj:202414062002",
"Version": "1",
"Comment": "mini_httpd-htpasswd is installed",
"Name": "mini_httpd-htpasswd"
},
{
"ID": "oval:org.altlinux.errata:obj:202414062003",
"Version": "1",
"Comment": "mini_httpd-single is installed",
"Name": "mini_httpd-single"
}
]
}

23
oval/c9f2/ALT-PU-2024-14062/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414062001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.30-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.30-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/c9f2/ALT-PU-2024-14062/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414062001",
"Version": "1",
"Check": "all",
"Comment": "mini_httpd is earlier than 0:1.30-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414062001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414062001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414062002",
"Version": "1",
"Check": "all",
"Comment": "mini_httpd-htpasswd is earlier than 0:1.30-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414062002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414062001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414062003",
"Version": "1",
"Check": "all",
"Comment": "mini_httpd-single is earlier than 0:1.30-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414062003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414062001"
}
}
]
}

232
oval/p10/ALT-PU-2024-13711/definitions.json Normal file
View File

@ -0,0 +1,232 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202413711",
"Version": "oval:org.altlinux.errata:def:202413711",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-13711: package `php8.2` update to version 8.2.24-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-13711",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-13711",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-07676",
"RefURL": "https://bdu.fstec.ru/vul/2024-07676",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07677",
"RefURL": "https://bdu.fstec.ru/vul/2024-07677",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07679",
"RefURL": "https://bdu.fstec.ru/vul/2024-07679",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07680",
"RefURL": "https://bdu.fstec.ru/vul/2024-07680",
"Source": "BDU"
},
{
"RefID": "CVE-2024-8925",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8925",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8926",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8926",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8927",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8927",
"Source": "CVE"
},
{
"RefID": "CVE-2024-9026",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-9026",
"Source": "CVE"
}
],
"Description": "This update upgrades php8.2 to version 8.2.24-alt1. \nSecurity Fix(es):\n\n * BDU:2024-07676: Уязвимость интерпретатора языка программирования PHP, связанная с недостаточной проверкой входных данных, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-07677: Уязвимость интерпретатора языка программирования PHP, существующая из-за непринятия мер по нейтрализации специальных элементов, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-07679: Уязвимость сценария cgi.force_redirect интерпретатора языка программирования PHP, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2024-07680: Уязвимость интерпретатора языка программирования PHP, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * CVE-2024-8925: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.\n\n * CVE-2024-8926: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.\n\n * CVE-2024-8927: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.\n\n * CVE-2024-9026: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.\n\n * #51216: Отсутствие плагина auth_plugin_caching_sha2_password в драйвере mysqlnd для php8.1",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-10-17"
},
"Updated": {
"Date": "2024-10-17"
},
"BDUs": [
{
"ID": "BDU:2024-07676",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2024-07676",
"Impact": "Critical",
"Public": "20240929"
},
{
"ID": "BDU:2024-07677",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-78",
"Href": "https://bdu.fstec.ru/vul/2024-07677",
"Impact": "Critical",
"Public": "20240929"
},
{
"ID": "BDU:2024-07679",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-254",
"Href": "https://bdu.fstec.ru/vul/2024-07679",
"Impact": "Critical",
"Public": "20240929"
},
{
"ID": "BDU:2024-07680",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-778",
"Href": "https://bdu.fstec.ru/vul/2024-07680",
"Impact": "Critical",
"Public": "20240929"
}
],
"CVEs": [
{
"ID": "CVE-2024-8925",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8925",
"Impact": "Low",
"Public": "20241008"
},
{
"ID": "CVE-2024-8926",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-78",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8926",
"Impact": "High",
"Public": "20241008"
},
{
"ID": "CVE-2024-8927",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8927",
"Impact": "High",
"Public": "20241008"
},
{
"ID": "CVE-2024-9026",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-9026",
"Impact": "Low",
"Public": "20241008"
}
],
"Bugzilla": [
{
"ID": "51216",
"Href": "https://bugzilla.altlinux.org/51216",
"Data": "Отсутствие плагина auth_plugin_caching_sha2_password в драйвере mysqlnd для php8.1"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202413711001",
"Comment": "php8.2 is earlier than 0:8.2.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202413711002",
"Comment": "php8.2-devel is earlier than 0:8.2.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202413711003",
"Comment": "php8.2-libs is earlier than 0:8.2.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202413711004",
"Comment": "php8.2-mysqlnd is earlier than 0:8.2.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202413711005",
"Comment": "php8.2-openssl is earlier than 0:8.2.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202413711006",
"Comment": "rpm-build-php8.2-version is earlier than 0:8.2.24-alt1"
}
]
}
]
}
}
]
}

64
oval/p10/ALT-PU-2024-13711/objects.json Normal file
View File

@ -0,0 +1,64 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202413711001",
"Version": "1",
"Comment": "php8.2 is installed",
"Name": "php8.2"
},
{
"ID": "oval:org.altlinux.errata:obj:202413711002",
"Version": "1",
"Comment": "php8.2-devel is installed",
"Name": "php8.2-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202413711003",
"Version": "1",
"Comment": "php8.2-libs is installed",
"Name": "php8.2-libs"
},
{
"ID": "oval:org.altlinux.errata:obj:202413711004",
"Version": "1",
"Comment": "php8.2-mysqlnd is installed",
"Name": "php8.2-mysqlnd"
},
{
"ID": "oval:org.altlinux.errata:obj:202413711005",
"Version": "1",
"Comment": "php8.2-openssl is installed",
"Name": "php8.2-openssl"
},
{
"ID": "oval:org.altlinux.errata:obj:202413711006",
"Version": "1",
"Comment": "rpm-build-php8.2-version is installed",
"Name": "rpm-build-php8.2-version"
}
]
}

23
oval/p10/ALT-PU-2024-13711/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202413711001",
"Version": "1",
"Comment": "package EVR is earlier than 0:8.2.24-alt1",
"Arch": {},
"EVR": {
"Text": "0:8.2.24-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

90
oval/p10/ALT-PU-2024-13711/tests.json Normal file
View File

@ -0,0 +1,90 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202413711001",
"Version": "1",
"Check": "all",
"Comment": "php8.2 is earlier than 0:8.2.24-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413711001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413711001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202413711002",
"Version": "1",
"Check": "all",
"Comment": "php8.2-devel is earlier than 0:8.2.24-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413711002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413711001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202413711003",
"Version": "1",
"Check": "all",
"Comment": "php8.2-libs is earlier than 0:8.2.24-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413711003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413711001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202413711004",
"Version": "1",
"Check": "all",
"Comment": "php8.2-mysqlnd is earlier than 0:8.2.24-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413711004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413711001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202413711005",
"Version": "1",
"Check": "all",
"Comment": "php8.2-openssl is earlier than 0:8.2.24-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413711005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413711001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202413711006",
"Version": "1",
"Check": "all",
"Comment": "rpm-build-php8.2-version is earlier than 0:8.2.24-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413711006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413711001"
}
}
]
}

101
oval/p10/ALT-PU-2024-13713/definitions.json Normal file
View File

@ -0,0 +1,101 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202413713",
"Version": "oval:org.altlinux.errata:def:202413713",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-13713: package `php8.2-xhprof` update to version 2.3.10-alt2.24",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-13713",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-13713",
"Source": "ALTPU"
}
],
"Description": "This update upgrades php8.2-xhprof to version 2.3.10-alt2.24. \nSecurity Fix(es):\n\n * #50919: Непрописанный файловый конфликт с пакетом php8.1-xhprof",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-10-17"
},
"Updated": {
"Date": "2024-10-17"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "50919",
"Href": "https://bugzilla.altlinux.org/50919",
"Data": "Непрописанный файловый конфликт с пакетом php8.1-xhprof"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202413713001",
"Comment": "php8.2-xhprof is earlier than 1:2.3.10-alt2.24"
}
]
}
]
}
}
]
}

34
oval/p10/ALT-PU-2024-13713/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202413713001",
"Version": "1",
"Comment": "php8.2-xhprof is installed",
"Name": "php8.2-xhprof"
}
]
}

23
oval/p10/ALT-PU-2024-13713/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202413713001",
"Version": "1",
"Comment": "package EVR is earlier than 1:2.3.10-alt2.24",
"Arch": {},
"EVR": {
"Text": "1:2.3.10-alt2.24",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p10/ALT-PU-2024-13713/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202413713001",
"Version": "1",
"Check": "all",
"Comment": "php8.2-xhprof is earlier than 1:2.3.10-alt2.24",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413713001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413713001"
}
}
]
}