ALT Vulnerability
This commit is contained in:
parent
87c3b6c7d0
commit
24a6133bcc
@ -133,12 +133,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-00772",
|
"ID": "BDU:2019-00772",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||||
"CWE": "CWE-200",
|
"CWE": "CWE-200",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-00772",
|
"Href": "https://bdu.fstec.ru/vul/2019-00772",
|
||||||
"Impact": "Low",
|
"Impact": "Low",
|
||||||
"Public": "20181125"
|
"Public": "20181126"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-02785",
|
"ID": "BDU:2019-02785",
|
||||||
|
|||||||
@ -1086,12 +1086,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-00772",
|
"ID": "BDU:2019-00772",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||||
"CWE": "CWE-200",
|
"CWE": "CWE-200",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-00772",
|
"Href": "https://bdu.fstec.ru/vul/2019-00772",
|
||||||
"Impact": "Low",
|
"Impact": "Low",
|
||||||
"Public": "20181125"
|
"Public": "20181126"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-02785",
|
"ID": "BDU:2019-02785",
|
||||||
|
|||||||
@ -126,12 +126,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-03248",
|
"ID": "BDU:2019-03248",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
||||||
"CWE": "CWE-416",
|
"CWE": "CWE-416",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
||||||
"Impact": "High",
|
"Impact": "High",
|
||||||
"Public": "20181218"
|
"Public": "20181219"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2020-00842",
|
"ID": "BDU:2020-00842",
|
||||||
|
|||||||
@ -97,12 +97,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-03248",
|
"ID": "BDU:2019-03248",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
||||||
"CWE": "CWE-416",
|
"CWE": "CWE-416",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
||||||
"Impact": "High",
|
"Impact": "High",
|
||||||
"Public": "20181218"
|
"Public": "20181219"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2020-01474",
|
"ID": "BDU:2020-01474",
|
||||||
|
|||||||
@ -393,12 +393,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-03248",
|
"ID": "BDU:2019-03248",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
||||||
"CWE": "CWE-416",
|
"CWE": "CWE-416",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
||||||
"Impact": "High",
|
"Impact": "High",
|
||||||
"Public": "20181218"
|
"Public": "20181219"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-04515",
|
"ID": "BDU:2019-04515",
|
||||||
|
|||||||
440
oval/c10f1/ALT-PU-2024-16480/definitions.json
Normal file
440
oval/c10f1/ALT-PU-2024-16480/definitions.json
Normal file
File diff suppressed because one or more lines are too long
64
oval/c10f1/ALT-PU-2024-16480/objects.json
Normal file
64
oval/c10f1/ALT-PU-2024-16480/objects.json
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
{
|
||||||
|
"TextFileContent54Objects": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:4001",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "Evaluate `/etc/os-release` file content",
|
||||||
|
"Path": {
|
||||||
|
"Datatype": "string",
|
||||||
|
"Text": "/etc"
|
||||||
|
},
|
||||||
|
"Filepath": {
|
||||||
|
"Datatype": "string",
|
||||||
|
"Text": "os-release"
|
||||||
|
},
|
||||||
|
"Pattern": {
|
||||||
|
"Datatype": "string",
|
||||||
|
"Operation": "pattern match",
|
||||||
|
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
|
||||||
|
},
|
||||||
|
"Instance": {
|
||||||
|
"Datatype": "int",
|
||||||
|
"Text": "1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"RPMInfoObjects": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:202416480001",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "php8.1 is installed",
|
||||||
|
"Name": "php8.1"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:202416480002",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "php8.1-devel is installed",
|
||||||
|
"Name": "php8.1-devel"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:202416480003",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "php8.1-libs is installed",
|
||||||
|
"Name": "php8.1-libs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:202416480004",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "php8.1-mysqlnd is installed",
|
||||||
|
"Name": "php8.1-mysqlnd"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:202416480005",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "php8.1-openssl is installed",
|
||||||
|
"Name": "php8.1-openssl"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:202416480006",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "rpm-build-php8.1-version is installed",
|
||||||
|
"Name": "rpm-build-php8.1-version"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
23
oval/c10f1/ALT-PU-2024-16480/states.json
Normal file
23
oval/c10f1/ALT-PU-2024-16480/states.json
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
{
|
||||||
|
"TextFileContent54State": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:ste:4001",
|
||||||
|
"Version": "1",
|
||||||
|
"Text": {}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"RPMInfoStates": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:ste:202416480001",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "package EVR is earlier than 0:8.1.31-alt1",
|
||||||
|
"Arch": {},
|
||||||
|
"EVR": {
|
||||||
|
"Text": "0:8.1.31-alt1",
|
||||||
|
"Datatype": "evr_string",
|
||||||
|
"Operation": "less than"
|
||||||
|
},
|
||||||
|
"Subexpression": {}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
90
oval/c10f1/ALT-PU-2024-16480/tests.json
Normal file
90
oval/c10f1/ALT-PU-2024-16480/tests.json
Normal file
@ -0,0 +1,90 @@
|
|||||||
|
{
|
||||||
|
"TextFileContent54Tests": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:4001",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:4001"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"RPMInfoTests": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:202416480001",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "php8.1 is earlier than 0:8.1.31-alt1",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:202416480001"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:202416480001"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:202416480002",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "php8.1-devel is earlier than 0:8.1.31-alt1",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:202416480002"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:202416480001"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:202416480003",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "php8.1-libs is earlier than 0:8.1.31-alt1",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:202416480003"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:202416480001"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:202416480004",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "php8.1-mysqlnd is earlier than 0:8.1.31-alt1",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:202416480004"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:202416480001"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:202416480005",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "php8.1-openssl is earlier than 0:8.1.31-alt1",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:202416480005"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:202416480001"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:202416480006",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "rpm-build-php8.1-version is earlier than 0:8.1.31-alt1",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:202416480006"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:202416480001"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
77
oval/c10f1/ALT-PU-2024-16482/definitions.json
Normal file
77
oval/c10f1/ALT-PU-2024-16482/definitions.json
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
{
|
||||||
|
"Definition": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:def:202416482",
|
||||||
|
"Version": "oval:org.altlinux.errata:def:202416482",
|
||||||
|
"Class": "patch",
|
||||||
|
"Metadata": {
|
||||||
|
"Title": "ALT-PU-2024-16482: package `php8.1-ssh2` update to version 1.4.1-alt1.31",
|
||||||
|
"AffectedList": [
|
||||||
|
{
|
||||||
|
"Family": "unix",
|
||||||
|
"Platforms": [
|
||||||
|
"ALT Linux branch c10f1"
|
||||||
|
],
|
||||||
|
"Products": [
|
||||||
|
"ALT SP Workstation",
|
||||||
|
"ALT SP Server"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"References": [
|
||||||
|
{
|
||||||
|
"RefID": "ALT-PU-2024-16482",
|
||||||
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16482",
|
||||||
|
"Source": "ALTPU"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"Description": "This update upgrades php8.1-ssh2 to version 1.4.1-alt1.31. \nSecurity Fix(es):\n\n * #51645: Segfault при запуске функции ssh2_auth_pubkey_file",
|
||||||
|
"Advisory": {
|
||||||
|
"From": "errata.altlinux.org",
|
||||||
|
"Severity": "Low",
|
||||||
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||||||
|
"Issued": {
|
||||||
|
"Date": "2024-12-06"
|
||||||
|
},
|
||||||
|
"Updated": {
|
||||||
|
"Date": "2024-12-06"
|
||||||
|
},
|
||||||
|
"BDUs": null,
|
||||||
|
"Bugzilla": [
|
||||||
|
{
|
||||||
|
"ID": "51645",
|
||||||
|
"Href": "https://bugzilla.altlinux.org/51645",
|
||||||
|
"Data": "Segfault при запуске функции ssh2_auth_pubkey_file"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"AffectedCPEs": {
|
||||||
|
"CPEs": [
|
||||||
|
"cpe:/o:alt:spworkstation:10",
|
||||||
|
"cpe:/o:alt:spserver:10"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"Criteria": {
|
||||||
|
"Operator": "AND",
|
||||||
|
"Criterions": [
|
||||||
|
{
|
||||||
|
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
||||||
|
"Comment": "ALT Linux must be installed"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"Criterias": [
|
||||||
|
{
|
||||||
|
"Operator": "OR",
|
||||||
|
"Criterions": [
|
||||||
|
{
|
||||||
|
"TestRef": "oval:org.altlinux.errata:tst:202416482001",
|
||||||
|
"Comment": "php8.1-ssh2 is earlier than 1:1.4.1-alt1.31"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
34
oval/c10f1/ALT-PU-2024-16482/objects.json
Normal file
34
oval/c10f1/ALT-PU-2024-16482/objects.json
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
{
|
||||||
|
"TextFileContent54Objects": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:4001",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "Evaluate `/etc/os-release` file content",
|
||||||
|
"Path": {
|
||||||
|
"Datatype": "string",
|
||||||
|
"Text": "/etc"
|
||||||
|
},
|
||||||
|
"Filepath": {
|
||||||
|
"Datatype": "string",
|
||||||
|
"Text": "os-release"
|
||||||
|
},
|
||||||
|
"Pattern": {
|
||||||
|
"Datatype": "string",
|
||||||
|
"Operation": "pattern match",
|
||||||
|
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
|
||||||
|
},
|
||||||
|
"Instance": {
|
||||||
|
"Datatype": "int",
|
||||||
|
"Text": "1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"RPMInfoObjects": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:202416482001",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "php8.1-ssh2 is installed",
|
||||||
|
"Name": "php8.1-ssh2"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
23
oval/c10f1/ALT-PU-2024-16482/states.json
Normal file
23
oval/c10f1/ALT-PU-2024-16482/states.json
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
{
|
||||||
|
"TextFileContent54State": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:ste:4001",
|
||||||
|
"Version": "1",
|
||||||
|
"Text": {}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"RPMInfoStates": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:ste:202416482001",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "package EVR is earlier than 1:1.4.1-alt1.31",
|
||||||
|
"Arch": {},
|
||||||
|
"EVR": {
|
||||||
|
"Text": "1:1.4.1-alt1.31",
|
||||||
|
"Datatype": "evr_string",
|
||||||
|
"Operation": "less than"
|
||||||
|
},
|
||||||
|
"Subexpression": {}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
30
oval/c10f1/ALT-PU-2024-16482/tests.json
Normal file
30
oval/c10f1/ALT-PU-2024-16482/tests.json
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
{
|
||||||
|
"TextFileContent54Tests": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:4001",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:4001"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"RPMInfoTests": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:202416482001",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "php8.1-ssh2 is earlier than 1:1.4.1-alt1.31",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:202416482001"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:202416482001"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
77
oval/c10f1/ALT-PU-2024-16483/definitions.json
Normal file
77
oval/c10f1/ALT-PU-2024-16483/definitions.json
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
{
|
||||||
|
"Definition": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:def:202416483",
|
||||||
|
"Version": "oval:org.altlinux.errata:def:202416483",
|
||||||
|
"Class": "patch",
|
||||||
|
"Metadata": {
|
||||||
|
"Title": "ALT-PU-2024-16483: package `php8.1-xhprof` update to version 2.3.10-alt2.31",
|
||||||
|
"AffectedList": [
|
||||||
|
{
|
||||||
|
"Family": "unix",
|
||||||
|
"Platforms": [
|
||||||
|
"ALT Linux branch c10f1"
|
||||||
|
],
|
||||||
|
"Products": [
|
||||||
|
"ALT SP Workstation",
|
||||||
|
"ALT SP Server"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"References": [
|
||||||
|
{
|
||||||
|
"RefID": "ALT-PU-2024-16483",
|
||||||
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16483",
|
||||||
|
"Source": "ALTPU"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"Description": "This update upgrades php8.1-xhprof to version 2.3.10-alt2.31. \nSecurity Fix(es):\n\n * #50919: Непрописанный файловый конфликт с пакетом php8.1-xhprof",
|
||||||
|
"Advisory": {
|
||||||
|
"From": "errata.altlinux.org",
|
||||||
|
"Severity": "Low",
|
||||||
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||||||
|
"Issued": {
|
||||||
|
"Date": "2024-12-06"
|
||||||
|
},
|
||||||
|
"Updated": {
|
||||||
|
"Date": "2024-12-06"
|
||||||
|
},
|
||||||
|
"BDUs": null,
|
||||||
|
"Bugzilla": [
|
||||||
|
{
|
||||||
|
"ID": "50919",
|
||||||
|
"Href": "https://bugzilla.altlinux.org/50919",
|
||||||
|
"Data": "Непрописанный файловый конфликт с пакетом php8.1-xhprof"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"AffectedCPEs": {
|
||||||
|
"CPEs": [
|
||||||
|
"cpe:/o:alt:spworkstation:10",
|
||||||
|
"cpe:/o:alt:spserver:10"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"Criteria": {
|
||||||
|
"Operator": "AND",
|
||||||
|
"Criterions": [
|
||||||
|
{
|
||||||
|
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
||||||
|
"Comment": "ALT Linux must be installed"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"Criterias": [
|
||||||
|
{
|
||||||
|
"Operator": "OR",
|
||||||
|
"Criterions": [
|
||||||
|
{
|
||||||
|
"TestRef": "oval:org.altlinux.errata:tst:202416483001",
|
||||||
|
"Comment": "php8.1-xhprof is earlier than 1:2.3.10-alt2.31"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
34
oval/c10f1/ALT-PU-2024-16483/objects.json
Normal file
34
oval/c10f1/ALT-PU-2024-16483/objects.json
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
{
|
||||||
|
"TextFileContent54Objects": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:4001",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "Evaluate `/etc/os-release` file content",
|
||||||
|
"Path": {
|
||||||
|
"Datatype": "string",
|
||||||
|
"Text": "/etc"
|
||||||
|
},
|
||||||
|
"Filepath": {
|
||||||
|
"Datatype": "string",
|
||||||
|
"Text": "os-release"
|
||||||
|
},
|
||||||
|
"Pattern": {
|
||||||
|
"Datatype": "string",
|
||||||
|
"Operation": "pattern match",
|
||||||
|
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
|
||||||
|
},
|
||||||
|
"Instance": {
|
||||||
|
"Datatype": "int",
|
||||||
|
"Text": "1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"RPMInfoObjects": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:202416483001",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "php8.1-xhprof is installed",
|
||||||
|
"Name": "php8.1-xhprof"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
23
oval/c10f1/ALT-PU-2024-16483/states.json
Normal file
23
oval/c10f1/ALT-PU-2024-16483/states.json
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
{
|
||||||
|
"TextFileContent54State": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:ste:4001",
|
||||||
|
"Version": "1",
|
||||||
|
"Text": {}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"RPMInfoStates": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:ste:202416483001",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "package EVR is earlier than 1:2.3.10-alt2.31",
|
||||||
|
"Arch": {},
|
||||||
|
"EVR": {
|
||||||
|
"Text": "1:2.3.10-alt2.31",
|
||||||
|
"Datatype": "evr_string",
|
||||||
|
"Operation": "less than"
|
||||||
|
},
|
||||||
|
"Subexpression": {}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
30
oval/c10f1/ALT-PU-2024-16483/tests.json
Normal file
30
oval/c10f1/ALT-PU-2024-16483/tests.json
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
{
|
||||||
|
"TextFileContent54Tests": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:4001",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:4001"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"RPMInfoTests": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:202416483001",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "php8.1-xhprof is earlier than 1:2.3.10-alt2.31",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:202416483001"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:202416483001"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
108
oval/c10f1/ALT-PU-2024-16516/definitions.json
Normal file
108
oval/c10f1/ALT-PU-2024-16516/definitions.json
Normal file
@ -0,0 +1,108 @@
|
|||||||
|
{
|
||||||
|
"Definition": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:def:202416516",
|
||||||
|
"Version": "oval:org.altlinux.errata:def:202416516",
|
||||||
|
"Class": "patch",
|
||||||
|
"Metadata": {
|
||||||
|
"Title": "ALT-PU-2024-16516: package `gem-yajl-ruby` update to version 1.4.3-alt1",
|
||||||
|
"AffectedList": [
|
||||||
|
{
|
||||||
|
"Family": "unix",
|
||||||
|
"Platforms": [
|
||||||
|
"ALT Linux branch c10f1"
|
||||||
|
],
|
||||||
|
"Products": [
|
||||||
|
"ALT SP Workstation",
|
||||||
|
"ALT SP Server"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"References": [
|
||||||
|
{
|
||||||
|
"RefID": "ALT-PU-2024-16516",
|
||||||
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16516",
|
||||||
|
"Source": "ALTPU"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"RefID": "BDU:2023-07630",
|
||||||
|
"RefURL": "https://bdu.fstec.ru/vul/2023-07630",
|
||||||
|
"Source": "BDU"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"RefID": "CVE-2022-24795",
|
||||||
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-24795",
|
||||||
|
"Source": "CVE"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"Description": "This update upgrades gem-yajl-ruby to version 1.4.3-alt1. \nSecurity Fix(es):\n\n * BDU:2023-07630: Уязвимость компонента yajl_buf.c библиотеки JSON YAJL-ruby, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * CVE-2022-24795: yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf-\u003ealloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.",
|
||||||
|
"Advisory": {
|
||||||
|
"From": "errata.altlinux.org",
|
||||||
|
"Severity": "High",
|
||||||
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||||||
|
"Issued": {
|
||||||
|
"Date": "2024-12-06"
|
||||||
|
},
|
||||||
|
"Updated": {
|
||||||
|
"Date": "2024-12-06"
|
||||||
|
},
|
||||||
|
"BDUs": [
|
||||||
|
{
|
||||||
|
"ID": "BDU:2023-07630",
|
||||||
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
|
||||||
|
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||||
|
"CWE": "CWE-122",
|
||||||
|
"Href": "https://bdu.fstec.ru/vul/2023-07630",
|
||||||
|
"Impact": "High",
|
||||||
|
"Public": "20220405"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"CVEs": [
|
||||||
|
{
|
||||||
|
"ID": "CVE-2022-24795",
|
||||||
|
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
||||||
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||||
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-24795",
|
||||||
|
"Impact": "High",
|
||||||
|
"Public": "20220405"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"AffectedCPEs": {
|
||||||
|
"CPEs": [
|
||||||
|
"cpe:/o:alt:spworkstation:10",
|
||||||
|
"cpe:/o:alt:spserver:10"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"Criteria": {
|
||||||
|
"Operator": "AND",
|
||||||
|
"Criterions": [
|
||||||
|
{
|
||||||
|
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
||||||
|
"Comment": "ALT Linux must be installed"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"Criterias": [
|
||||||
|
{
|
||||||
|
"Operator": "OR",
|
||||||
|
"Criterions": [
|
||||||
|
{
|
||||||
|
"TestRef": "oval:org.altlinux.errata:tst:202416516001",
|
||||||
|
"Comment": "gem-yajl-ruby is earlier than 0:1.4.3-alt1"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"TestRef": "oval:org.altlinux.errata:tst:202416516002",
|
||||||
|
"Comment": "gem-yajl-ruby-devel is earlier than 0:1.4.3-alt1"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"TestRef": "oval:org.altlinux.errata:tst:202416516003",
|
||||||
|
"Comment": "gem-yajl-ruby-doc is earlier than 0:1.4.3-alt1"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
46
oval/c10f1/ALT-PU-2024-16516/objects.json
Normal file
46
oval/c10f1/ALT-PU-2024-16516/objects.json
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
{
|
||||||
|
"TextFileContent54Objects": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:4001",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "Evaluate `/etc/os-release` file content",
|
||||||
|
"Path": {
|
||||||
|
"Datatype": "string",
|
||||||
|
"Text": "/etc"
|
||||||
|
},
|
||||||
|
"Filepath": {
|
||||||
|
"Datatype": "string",
|
||||||
|
"Text": "os-release"
|
||||||
|
},
|
||||||
|
"Pattern": {
|
||||||
|
"Datatype": "string",
|
||||||
|
"Operation": "pattern match",
|
||||||
|
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
|
||||||
|
},
|
||||||
|
"Instance": {
|
||||||
|
"Datatype": "int",
|
||||||
|
"Text": "1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"RPMInfoObjects": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:202416516001",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "gem-yajl-ruby is installed",
|
||||||
|
"Name": "gem-yajl-ruby"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:202416516002",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "gem-yajl-ruby-devel is installed",
|
||||||
|
"Name": "gem-yajl-ruby-devel"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:202416516003",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "gem-yajl-ruby-doc is installed",
|
||||||
|
"Name": "gem-yajl-ruby-doc"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
23
oval/c10f1/ALT-PU-2024-16516/states.json
Normal file
23
oval/c10f1/ALT-PU-2024-16516/states.json
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
{
|
||||||
|
"TextFileContent54State": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:ste:4001",
|
||||||
|
"Version": "1",
|
||||||
|
"Text": {}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"RPMInfoStates": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:ste:202416516001",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "package EVR is earlier than 0:1.4.3-alt1",
|
||||||
|
"Arch": {},
|
||||||
|
"EVR": {
|
||||||
|
"Text": "0:1.4.3-alt1",
|
||||||
|
"Datatype": "evr_string",
|
||||||
|
"Operation": "less than"
|
||||||
|
},
|
||||||
|
"Subexpression": {}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
54
oval/c10f1/ALT-PU-2024-16516/tests.json
Normal file
54
oval/c10f1/ALT-PU-2024-16516/tests.json
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
{
|
||||||
|
"TextFileContent54Tests": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:4001",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:4001"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"RPMInfoTests": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:202416516001",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "gem-yajl-ruby is earlier than 0:1.4.3-alt1",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:202416516001"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:202416516001"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:202416516002",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "gem-yajl-ruby-devel is earlier than 0:1.4.3-alt1",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:202416516002"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:202416516001"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:202416516003",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "gem-yajl-ruby-doc is earlier than 0:1.4.3-alt1",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:202416516003"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:202416516001"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
224
oval/c10f1/ALT-PU-2024-16520/definitions.json
Normal file
224
oval/c10f1/ALT-PU-2024-16520/definitions.json
Normal file
@ -0,0 +1,224 @@
|
|||||||
|
{
|
||||||
|
"Definition": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:def:202416520",
|
||||||
|
"Version": "oval:org.altlinux.errata:def:202416520",
|
||||||
|
"Class": "patch",
|
||||||
|
"Metadata": {
|
||||||
|
"Title": "ALT-PU-2024-16520: package `php8.2` update to version 8.2.26-alt1",
|
||||||
|
"AffectedList": [
|
||||||
|
{
|
||||||
|
"Family": "unix",
|
||||||
|
"Platforms": [
|
||||||
|
"ALT Linux branch c10f1"
|
||||||
|
],
|
||||||
|
"Products": [
|
||||||
|
"ALT SP Workstation",
|
||||||
|
"ALT SP Server"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"References": [
|
||||||
|
{
|
||||||
|
"RefID": "ALT-PU-2024-16520",
|
||||||
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16520",
|
||||||
|
"Source": "ALTPU"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"RefID": "BDU:2024-09951",
|
||||||
|
"RefURL": "https://bdu.fstec.ru/vul/2024-09951",
|
||||||
|
"Source": "BDU"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"RefID": "BDU:2024-10540",
|
||||||
|
"RefURL": "https://bdu.fstec.ru/vul/2024-10540",
|
||||||
|
"Source": "BDU"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"RefID": "BDU:2024-10555",
|
||||||
|
"RefURL": "https://bdu.fstec.ru/vul/2024-10555",
|
||||||
|
"Source": "BDU"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"RefID": "BDU:2024-10563",
|
||||||
|
"RefURL": "https://bdu.fstec.ru/vul/2024-10563",
|
||||||
|
"Source": "BDU"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"RefID": "BDU:2024-10571",
|
||||||
|
"RefURL": "https://bdu.fstec.ru/vul/2024-10571",
|
||||||
|
"Source": "BDU"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"RefID": "CVE-2024-11233",
|
||||||
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-11233",
|
||||||
|
"Source": "CVE"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"RefID": "CVE-2024-11234",
|
||||||
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-11234",
|
||||||
|
"Source": "CVE"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"RefID": "CVE-2024-11236",
|
||||||
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-11236",
|
||||||
|
"Source": "CVE"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"RefID": "CVE-2024-8929",
|
||||||
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8929",
|
||||||
|
"Source": "CVE"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"RefID": "CVE-2024-8932",
|
||||||
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8932",
|
||||||
|
"Source": "CVE"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"Description": "This update upgrades php8.2 to version 8.2.26-alt1. \nSecurity Fix(es):\n\n * BDU:2024-09951: Уязвимость компонентов dblib и firebird интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-10540: Уязвимость фильтра convert.quoted-printable-decode интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-10555: Уязвимость конфигурации request_fulluri интерпретатора языка программирования PHP, позволяющая нарушителю отправить скрытый HTTP-запрос (атака типа HTTP Request Smuggling)\n\n * BDU:2024-10563: Уязвимость функции static enum_func_status php_mysqlnd_rset_field_read() интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2024-10571: Уязвимость функции ldap_escape() интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2024-11233: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.\n\n * CVE-2024-11234: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and \"request_fulluri\" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.\n\n * CVE-2024-11236: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.\n\n * CVE-2024-8929: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.\n\n * CVE-2024-8932: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.",
|
||||||
|
"Advisory": {
|
||||||
|
"From": "errata.altlinux.org",
|
||||||
|
"Severity": "Critical",
|
||||||
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||||||
|
"Issued": {
|
||||||
|
"Date": "2024-12-06"
|
||||||
|
},
|
||||||
|
"Updated": {
|
||||||
|
"Date": "2024-12-06"
|
||||||
|
},
|
||||||
|
"BDUs": [
|
||||||
|
{
|
||||||
|
"ID": "BDU:2024-09951",
|
||||||
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
||||||
|
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||||
|
"CWE": "CWE-190",
|
||||||
|
"Href": "https://bdu.fstec.ru/vul/2024-09951",
|
||||||
|
"Impact": "Critical",
|
||||||
|
"Public": "20241120"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "BDU:2024-10540",
|
||||||
|
"CVSS": "AV:N/AC:H/Au:N/C:P/I:N/A:P",
|
||||||
|
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
|
||||||
|
"CWE": "CWE-122, CWE-787",
|
||||||
|
"Href": "https://bdu.fstec.ru/vul/2024-10540",
|
||||||
|
"Impact": "Low",
|
||||||
|
"Public": "20241115"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "BDU:2024-10555",
|
||||||
|
"CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
|
||||||
|
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
|
||||||
|
"CWE": "CWE-20, CWE-74, CWE-93, CWE-444",
|
||||||
|
"Href": "https://bdu.fstec.ru/vul/2024-10555",
|
||||||
|
"Impact": "Low",
|
||||||
|
"Public": "20241115"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "BDU:2024-10563",
|
||||||
|
"CVSS": "AV:A/AC:H/Au:S/C:C/I:N/A:N",
|
||||||
|
"CVSS3": "AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
|
||||||
|
"CWE": "CWE-125, CWE-126, CWE-200",
|
||||||
|
"Href": "https://bdu.fstec.ru/vul/2024-10563",
|
||||||
|
"Impact": "Low",
|
||||||
|
"Public": "20241115"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "BDU:2024-10571",
|
||||||
|
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
||||||
|
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||||
|
"CWE": "CWE-787",
|
||||||
|
"Href": "https://bdu.fstec.ru/vul/2024-10571",
|
||||||
|
"Impact": "Critical",
|
||||||
|
"Public": "20241115"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"CVEs": [
|
||||||
|
{
|
||||||
|
"ID": "CVE-2024-11233",
|
||||||
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
|
||||||
|
"CWE": "CWE-787",
|
||||||
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-11233",
|
||||||
|
"Impact": "High",
|
||||||
|
"Public": "20241124"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "CVE-2024-11234",
|
||||||
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
|
||||||
|
"CWE": "CWE-74",
|
||||||
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-11234",
|
||||||
|
"Impact": "High",
|
||||||
|
"Public": "20241124"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "CVE-2024-11236",
|
||||||
|
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||||
|
"CWE": "CWE-190",
|
||||||
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-11236",
|
||||||
|
"Impact": "Critical",
|
||||||
|
"Public": "20241124"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "CVE-2024-8929",
|
||||||
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8929",
|
||||||
|
"Impact": "None",
|
||||||
|
"Public": "20241122"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "CVE-2024-8932",
|
||||||
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8932",
|
||||||
|
"Impact": "None",
|
||||||
|
"Public": "20241122"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"AffectedCPEs": {
|
||||||
|
"CPEs": [
|
||||||
|
"cpe:/o:alt:spworkstation:10",
|
||||||
|
"cpe:/o:alt:spserver:10"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"Criteria": {
|
||||||
|
"Operator": "AND",
|
||||||
|
"Criterions": [
|
||||||
|
{
|
||||||
|
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
||||||
|
"Comment": "ALT Linux must be installed"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"Criterias": [
|
||||||
|
{
|
||||||
|
"Operator": "OR",
|
||||||
|
"Criterions": [
|
||||||
|
{
|
||||||
|
"TestRef": "oval:org.altlinux.errata:tst:202416520001",
|
||||||
|
"Comment": "php8.2 is earlier than 0:8.2.26-alt1"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"TestRef": "oval:org.altlinux.errata:tst:202416520002",
|
||||||
|
"Comment": "php8.2-devel is earlier than 0:8.2.26-alt1"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"TestRef": "oval:org.altlinux.errata:tst:202416520003",
|
||||||
|
"Comment": "php8.2-libs is earlier than 0:8.2.26-alt1"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"TestRef": "oval:org.altlinux.errata:tst:202416520004",
|
||||||
|
"Comment": "php8.2-mysqlnd is earlier than 0:8.2.26-alt1"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"TestRef": "oval:org.altlinux.errata:tst:202416520005",
|
||||||
|
"Comment": "php8.2-openssl is earlier than 0:8.2.26-alt1"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"TestRef": "oval:org.altlinux.errata:tst:202416520006",
|
||||||
|
"Comment": "rpm-build-php8.2-version is earlier than 0:8.2.26-alt1"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
64
oval/c10f1/ALT-PU-2024-16520/objects.json
Normal file
64
oval/c10f1/ALT-PU-2024-16520/objects.json
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
{
|
||||||
|
"TextFileContent54Objects": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:4001",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "Evaluate `/etc/os-release` file content",
|
||||||
|
"Path": {
|
||||||
|
"Datatype": "string",
|
||||||
|
"Text": "/etc"
|
||||||
|
},
|
||||||
|
"Filepath": {
|
||||||
|
"Datatype": "string",
|
||||||
|
"Text": "os-release"
|
||||||
|
},
|
||||||
|
"Pattern": {
|
||||||
|
"Datatype": "string",
|
||||||
|
"Operation": "pattern match",
|
||||||
|
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
|
||||||
|
},
|
||||||
|
"Instance": {
|
||||||
|
"Datatype": "int",
|
||||||
|
"Text": "1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"RPMInfoObjects": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:202416520001",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "php8.2 is installed",
|
||||||
|
"Name": "php8.2"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:202416520002",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "php8.2-devel is installed",
|
||||||
|
"Name": "php8.2-devel"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:202416520003",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "php8.2-libs is installed",
|
||||||
|
"Name": "php8.2-libs"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:202416520004",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "php8.2-mysqlnd is installed",
|
||||||
|
"Name": "php8.2-mysqlnd"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:202416520005",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "php8.2-openssl is installed",
|
||||||
|
"Name": "php8.2-openssl"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:202416520006",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "rpm-build-php8.2-version is installed",
|
||||||
|
"Name": "rpm-build-php8.2-version"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
23
oval/c10f1/ALT-PU-2024-16520/states.json
Normal file
23
oval/c10f1/ALT-PU-2024-16520/states.json
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
{
|
||||||
|
"TextFileContent54State": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:ste:4001",
|
||||||
|
"Version": "1",
|
||||||
|
"Text": {}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"RPMInfoStates": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:ste:202416520001",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "package EVR is earlier than 0:8.2.26-alt1",
|
||||||
|
"Arch": {},
|
||||||
|
"EVR": {
|
||||||
|
"Text": "0:8.2.26-alt1",
|
||||||
|
"Datatype": "evr_string",
|
||||||
|
"Operation": "less than"
|
||||||
|
},
|
||||||
|
"Subexpression": {}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
90
oval/c10f1/ALT-PU-2024-16520/tests.json
Normal file
90
oval/c10f1/ALT-PU-2024-16520/tests.json
Normal file
@ -0,0 +1,90 @@
|
|||||||
|
{
|
||||||
|
"TextFileContent54Tests": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:4001",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:4001"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"RPMInfoTests": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:202416520001",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "php8.2 is earlier than 0:8.2.26-alt1",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:202416520001"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:202416520001"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:202416520002",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "php8.2-devel is earlier than 0:8.2.26-alt1",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:202416520002"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:202416520001"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:202416520003",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "php8.2-libs is earlier than 0:8.2.26-alt1",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:202416520003"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:202416520001"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:202416520004",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "php8.2-mysqlnd is earlier than 0:8.2.26-alt1",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:202416520004"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:202416520001"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:202416520005",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "php8.2-openssl is earlier than 0:8.2.26-alt1",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:202416520005"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:202416520001"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:202416520006",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "rpm-build-php8.2-version is earlier than 0:8.2.26-alt1",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:202416520006"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:202416520001"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
77
oval/c10f1/ALT-PU-2024-16522/definitions.json
Normal file
77
oval/c10f1/ALT-PU-2024-16522/definitions.json
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
{
|
||||||
|
"Definition": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:def:202416522",
|
||||||
|
"Version": "oval:org.altlinux.errata:def:202416522",
|
||||||
|
"Class": "patch",
|
||||||
|
"Metadata": {
|
||||||
|
"Title": "ALT-PU-2024-16522: package `php8.2-ssh2` update to version 1.4.1-alt1.26",
|
||||||
|
"AffectedList": [
|
||||||
|
{
|
||||||
|
"Family": "unix",
|
||||||
|
"Platforms": [
|
||||||
|
"ALT Linux branch c10f1"
|
||||||
|
],
|
||||||
|
"Products": [
|
||||||
|
"ALT SP Workstation",
|
||||||
|
"ALT SP Server"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"References": [
|
||||||
|
{
|
||||||
|
"RefID": "ALT-PU-2024-16522",
|
||||||
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16522",
|
||||||
|
"Source": "ALTPU"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"Description": "This update upgrades php8.2-ssh2 to version 1.4.1-alt1.26. \nSecurity Fix(es):\n\n * #51645: Segfault при запуске функции ssh2_auth_pubkey_file",
|
||||||
|
"Advisory": {
|
||||||
|
"From": "errata.altlinux.org",
|
||||||
|
"Severity": "Low",
|
||||||
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||||||
|
"Issued": {
|
||||||
|
"Date": "2024-12-06"
|
||||||
|
},
|
||||||
|
"Updated": {
|
||||||
|
"Date": "2024-12-06"
|
||||||
|
},
|
||||||
|
"BDUs": null,
|
||||||
|
"Bugzilla": [
|
||||||
|
{
|
||||||
|
"ID": "51645",
|
||||||
|
"Href": "https://bugzilla.altlinux.org/51645",
|
||||||
|
"Data": "Segfault при запуске функции ssh2_auth_pubkey_file"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"AffectedCPEs": {
|
||||||
|
"CPEs": [
|
||||||
|
"cpe:/o:alt:spworkstation:10",
|
||||||
|
"cpe:/o:alt:spserver:10"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"Criteria": {
|
||||||
|
"Operator": "AND",
|
||||||
|
"Criterions": [
|
||||||
|
{
|
||||||
|
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
||||||
|
"Comment": "ALT Linux must be installed"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"Criterias": [
|
||||||
|
{
|
||||||
|
"Operator": "OR",
|
||||||
|
"Criterions": [
|
||||||
|
{
|
||||||
|
"TestRef": "oval:org.altlinux.errata:tst:202416522001",
|
||||||
|
"Comment": "php8.2-ssh2 is earlier than 1:1.4.1-alt1.26"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
34
oval/c10f1/ALT-PU-2024-16522/objects.json
Normal file
34
oval/c10f1/ALT-PU-2024-16522/objects.json
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
{
|
||||||
|
"TextFileContent54Objects": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:4001",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "Evaluate `/etc/os-release` file content",
|
||||||
|
"Path": {
|
||||||
|
"Datatype": "string",
|
||||||
|
"Text": "/etc"
|
||||||
|
},
|
||||||
|
"Filepath": {
|
||||||
|
"Datatype": "string",
|
||||||
|
"Text": "os-release"
|
||||||
|
},
|
||||||
|
"Pattern": {
|
||||||
|
"Datatype": "string",
|
||||||
|
"Operation": "pattern match",
|
||||||
|
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
|
||||||
|
},
|
||||||
|
"Instance": {
|
||||||
|
"Datatype": "int",
|
||||||
|
"Text": "1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"RPMInfoObjects": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:obj:202416522001",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "php8.2-ssh2 is installed",
|
||||||
|
"Name": "php8.2-ssh2"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
23
oval/c10f1/ALT-PU-2024-16522/states.json
Normal file
23
oval/c10f1/ALT-PU-2024-16522/states.json
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
{
|
||||||
|
"TextFileContent54State": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:ste:4001",
|
||||||
|
"Version": "1",
|
||||||
|
"Text": {}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"RPMInfoStates": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:ste:202416522001",
|
||||||
|
"Version": "1",
|
||||||
|
"Comment": "package EVR is earlier than 1:1.4.1-alt1.26",
|
||||||
|
"Arch": {},
|
||||||
|
"EVR": {
|
||||||
|
"Text": "1:1.4.1-alt1.26",
|
||||||
|
"Datatype": "evr_string",
|
||||||
|
"Operation": "less than"
|
||||||
|
},
|
||||||
|
"Subexpression": {}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
30
oval/c10f1/ALT-PU-2024-16522/tests.json
Normal file
30
oval/c10f1/ALT-PU-2024-16522/tests.json
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
{
|
||||||
|
"TextFileContent54Tests": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:4001",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:4001"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"RPMInfoTests": [
|
||||||
|
{
|
||||||
|
"ID": "oval:org.altlinux.errata:tst:202416522001",
|
||||||
|
"Version": "1",
|
||||||
|
"Check": "all",
|
||||||
|
"Comment": "php8.2-ssh2 is earlier than 1:1.4.1-alt1.26",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:org.altlinux.errata:obj:202416522001"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:org.altlinux.errata:ste:202416522001"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
@ -133,12 +133,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-00772",
|
"ID": "BDU:2019-00772",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||||
"CWE": "CWE-200",
|
"CWE": "CWE-200",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-00772",
|
"Href": "https://bdu.fstec.ru/vul/2019-00772",
|
||||||
"Impact": "Low",
|
"Impact": "Low",
|
||||||
"Public": "20181125"
|
"Public": "20181126"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-02785",
|
"ID": "BDU:2019-02785",
|
||||||
|
|||||||
@ -1086,12 +1086,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-00772",
|
"ID": "BDU:2019-00772",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||||
"CWE": "CWE-200",
|
"CWE": "CWE-200",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-00772",
|
"Href": "https://bdu.fstec.ru/vul/2019-00772",
|
||||||
"Impact": "Low",
|
"Impact": "Low",
|
||||||
"Public": "20181125"
|
"Public": "20181126"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-02785",
|
"ID": "BDU:2019-02785",
|
||||||
|
|||||||
@ -126,12 +126,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-03248",
|
"ID": "BDU:2019-03248",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
||||||
"CWE": "CWE-416",
|
"CWE": "CWE-416",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
||||||
"Impact": "High",
|
"Impact": "High",
|
||||||
"Public": "20181218"
|
"Public": "20181219"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2020-00842",
|
"ID": "BDU:2020-00842",
|
||||||
|
|||||||
@ -97,12 +97,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-03248",
|
"ID": "BDU:2019-03248",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
||||||
"CWE": "CWE-416",
|
"CWE": "CWE-416",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
||||||
"Impact": "High",
|
"Impact": "High",
|
||||||
"Public": "20181218"
|
"Public": "20181219"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2020-01474",
|
"ID": "BDU:2020-01474",
|
||||||
|
|||||||
@ -393,12 +393,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-03248",
|
"ID": "BDU:2019-03248",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
||||||
"CWE": "CWE-416",
|
"CWE": "CWE-416",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
||||||
"Impact": "High",
|
"Impact": "High",
|
||||||
"Public": "20181218"
|
"Public": "20181219"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-04515",
|
"ID": "BDU:2019-04515",
|
||||||
|
|||||||
@ -138,12 +138,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-00772",
|
"ID": "BDU:2019-00772",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||||
"CWE": "CWE-200",
|
"CWE": "CWE-200",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-00772",
|
"Href": "https://bdu.fstec.ru/vul/2019-00772",
|
||||||
"Impact": "Low",
|
"Impact": "Low",
|
||||||
"Public": "20181125"
|
"Public": "20181126"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-02785",
|
"ID": "BDU:2019-02785",
|
||||||
|
|||||||
@ -1091,12 +1091,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-00772",
|
"ID": "BDU:2019-00772",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||||
"CWE": "CWE-200",
|
"CWE": "CWE-200",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-00772",
|
"Href": "https://bdu.fstec.ru/vul/2019-00772",
|
||||||
"Impact": "Low",
|
"Impact": "Low",
|
||||||
"Public": "20181125"
|
"Public": "20181126"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-02785",
|
"ID": "BDU:2019-02785",
|
||||||
|
|||||||
@ -131,12 +131,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-03248",
|
"ID": "BDU:2019-03248",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
||||||
"CWE": "CWE-416",
|
"CWE": "CWE-416",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
||||||
"Impact": "High",
|
"Impact": "High",
|
||||||
"Public": "20181218"
|
"Public": "20181219"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2020-00842",
|
"ID": "BDU:2020-00842",
|
||||||
|
|||||||
@ -102,12 +102,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-03248",
|
"ID": "BDU:2019-03248",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
||||||
"CWE": "CWE-416",
|
"CWE": "CWE-416",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
||||||
"Impact": "High",
|
"Impact": "High",
|
||||||
"Public": "20181218"
|
"Public": "20181219"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2020-01474",
|
"ID": "BDU:2020-01474",
|
||||||
|
|||||||
@ -398,12 +398,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-03248",
|
"ID": "BDU:2019-03248",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
||||||
"CWE": "CWE-416",
|
"CWE": "CWE-416",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
||||||
"Impact": "High",
|
"Impact": "High",
|
||||||
"Public": "20181218"
|
"Public": "20181219"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-04515",
|
"ID": "BDU:2019-04515",
|
||||||
|
|||||||
@ -6320,7 +6320,7 @@
|
|||||||
"CWE": "CWE-476",
|
"CWE": "CWE-476",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2024-00985",
|
"Href": "https://bdu.fstec.ru/vul/2024-00985",
|
||||||
"Impact": "High",
|
"Impact": "High",
|
||||||
"Public": "20240127"
|
"Public": "20240128"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2024-01036",
|
"ID": "BDU:2024-01036",
|
||||||
|
|||||||
@ -138,12 +138,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-00772",
|
"ID": "BDU:2019-00772",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||||
"CWE": "CWE-200",
|
"CWE": "CWE-200",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-00772",
|
"Href": "https://bdu.fstec.ru/vul/2019-00772",
|
||||||
"Impact": "Low",
|
"Impact": "Low",
|
||||||
"Public": "20181125"
|
"Public": "20181126"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-02785",
|
"ID": "BDU:2019-02785",
|
||||||
|
|||||||
@ -1091,12 +1091,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-00772",
|
"ID": "BDU:2019-00772",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
|
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||||
"CWE": "CWE-200",
|
"CWE": "CWE-200",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-00772",
|
"Href": "https://bdu.fstec.ru/vul/2019-00772",
|
||||||
"Impact": "Low",
|
"Impact": "Low",
|
||||||
"Public": "20181125"
|
"Public": "20181126"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-02785",
|
"ID": "BDU:2019-02785",
|
||||||
|
|||||||
@ -131,12 +131,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-03248",
|
"ID": "BDU:2019-03248",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
||||||
"CWE": "CWE-416",
|
"CWE": "CWE-416",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
||||||
"Impact": "High",
|
"Impact": "High",
|
||||||
"Public": "20181218"
|
"Public": "20181219"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2020-00842",
|
"ID": "BDU:2020-00842",
|
||||||
|
|||||||
@ -102,12 +102,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-03248",
|
"ID": "BDU:2019-03248",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
||||||
"CWE": "CWE-416",
|
"CWE": "CWE-416",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
||||||
"Impact": "High",
|
"Impact": "High",
|
||||||
"Public": "20181218"
|
"Public": "20181219"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2020-01474",
|
"ID": "BDU:2020-01474",
|
||||||
|
|||||||
@ -398,12 +398,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-03248",
|
"ID": "BDU:2019-03248",
|
||||||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||||||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
||||||
"CWE": "CWE-416",
|
"CWE": "CWE-416",
|
||||||
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
"Href": "https://bdu.fstec.ru/vul/2019-03248",
|
||||||
"Impact": "High",
|
"Impact": "High",
|
||||||
"Public": "20181218"
|
"Public": "20181219"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ID": "BDU:2019-04515",
|
"ID": "BDU:2019-04515",
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user