pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-11-30 03:05:04 +00:00
parent 88337db02e
commit 26ca67a3be
36 changed files with 12758 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
oval/c10f1/ALT-PU-2024-14033/definitions.json Normal file
View File

@ -0,0 +1,94 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414033",
"Version": "oval:org.altlinux.errata:def:202414033",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14033: package `rpm-build` update to version 4.0.4-alt170.5.c10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14033",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14033",
"Source": "ALTPU"
}
],
"Description": "This update upgrades rpm-build to version 4.0.4-alt170.5.c10.1. \nSecurity Fix(es):\n\n * #36628: Добавить поддержку %pretrans скриптов\n\n * #46585: semver prerelease or tilde support",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-29"
},
"Updated": {
"Date": "2024-11-29"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "36628",
"Href": "https://bugzilla.altlinux.org/36628",
"Data": "Добавить поддержку %pretrans скриптов"
},
{
"ID": "46585",
"Href": "https://bugzilla.altlinux.org/46585",
"Data": "semver prerelease or tilde support"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414033001",
"Comment": "librpm is earlier than 0:4.0.4-alt170.5.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414033002",
"Comment": "librpmbuild is earlier than 0:4.0.4-alt170.5.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414033003",
"Comment": "rpm-build is earlier than 0:4.0.4-alt170.5.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414033004",
"Comment": "rpm-build-checkinstall is earlier than 0:4.0.4-alt170.5.c10.1"
}
]
}
]
}
}
]
}

52
oval/c10f1/ALT-PU-2024-14033/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414033001",
"Version": "1",
"Comment": "librpm is installed",
"Name": "librpm"
},
{
"ID": "oval:org.altlinux.errata:obj:202414033002",
"Version": "1",
"Comment": "librpmbuild is installed",
"Name": "librpmbuild"
},
{
"ID": "oval:org.altlinux.errata:obj:202414033003",
"Version": "1",
"Comment": "rpm-build is installed",
"Name": "rpm-build"
},
{
"ID": "oval:org.altlinux.errata:obj:202414033004",
"Version": "1",
"Comment": "rpm-build-checkinstall is installed",
"Name": "rpm-build-checkinstall"
}
]
}

23
oval/c10f1/ALT-PU-2024-14033/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414033001",
"Version": "1",
"Comment": "package EVR is earlier than 0:4.0.4-alt170.5.c10.1",
"Arch": {},
"EVR": {
"Text": "0:4.0.4-alt170.5.c10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/c10f1/ALT-PU-2024-14033/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414033001",
"Version": "1",
"Check": "all",
"Comment": "librpm is earlier than 0:4.0.4-alt170.5.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414033001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414033001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414033002",
"Version": "1",
"Check": "all",
"Comment": "librpmbuild is earlier than 0:4.0.4-alt170.5.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414033002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414033001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414033003",
"Version": "1",
"Check": "all",
"Comment": "rpm-build is earlier than 0:4.0.4-alt170.5.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414033003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414033001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414033004",
"Version": "1",
"Check": "all",
"Comment": "rpm-build-checkinstall is earlier than 0:4.0.4-alt170.5.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414033004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414033001"
}
}
]
}

131
oval/c10f1/ALT-PU-2024-14805/definitions.json Normal file
View File

@ -0,0 +1,131 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414805",
"Version": "oval:org.altlinux.errata:def:202414805",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14805: package `libtpms` update to version 0.9.6-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14805",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14805",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-01029",
"RefURL": "https://bdu.fstec.ru/vul/2023-01029",
"Source": "BDU"
},
{
"RefID": "BDU:2023-01188",
"RefURL": "https://bdu.fstec.ru/vul/2023-01188",
"Source": "BDU"
},
{
"RefID": "CVE-2023-1017",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-1017",
"Source": "CVE"
},
{
"RefID": "CVE-2023-1018",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-1018",
"Source": "CVE"
}
],
"Description": "This update upgrades libtpms to version 0.9.6-alt1. \nSecurity Fix(es):\n\n * BDU:2023-01029: Уязвимость функции CryptParameterDecryption микропрограммного обеспечения криптопроцессора Trusted Platform Module (TPM), позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2023-01188: Уязвимость функции CryptParameterDecryption микропрограммного обеспечения криптопроцессора Trusted Platform Module (TPM), позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * CVE-2023-1017: An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.\n\n * CVE-2023-1018: An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-29"
},
"Updated": {
"Date": "2024-11-29"
},
"BDUs": [
{
"ID": "BDU:2023-01029",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2023-01029",
"Impact": "Low",
"Public": "20230228"
},
{
"ID": "BDU:2023-01188",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2023-01188",
"Impact": "High",
"Public": "20230228"
}
],
"CVEs": [
{
"ID": "CVE-2023-1017",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-1017",
"Impact": "High",
"Public": "20230228"
},
{
"ID": "CVE-2023-1018",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-1018",
"Impact": "Low",
"Public": "20230228"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414805001",
"Comment": "libtpms is earlier than 0:0.9.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414805002",
"Comment": "libtpms-devel is earlier than 0:0.9.6-alt1"
}
]
}
]
}
}
]
}

40
oval/c10f1/ALT-PU-2024-14805/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414805001",
"Version": "1",
"Comment": "libtpms is installed",
"Name": "libtpms"
},
{
"ID": "oval:org.altlinux.errata:obj:202414805002",
"Version": "1",
"Comment": "libtpms-devel is installed",
"Name": "libtpms-devel"
}
]
}

23
oval/c10f1/ALT-PU-2024-14805/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414805001",
"Version": "1",
"Comment": "package EVR is earlier than 0:0.9.6-alt1",
"Arch": {},
"EVR": {
"Text": "0:0.9.6-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/c10f1/ALT-PU-2024-14805/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414805001",
"Version": "1",
"Check": "all",
"Comment": "libtpms is earlier than 0:0.9.6-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414805001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414805001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414805002",
"Version": "1",
"Check": "all",
"Comment": "libtpms-devel is earlier than 0:0.9.6-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414805002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414805001"
}
}
]
}

9242
oval/c10f1/ALT-PU-2024-14830/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

34
oval/c10f1/ALT-PU-2024-14830/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414830001",
"Version": "1",
"Comment": "chromium is installed",
"Name": "chromium"
}
]
}

23
oval/c10f1/ALT-PU-2024-14830/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414830001",
"Version": "1",
"Comment": "package EVR is earlier than 0:126.0.6478.182-alt0.c10.1",
"Arch": {},
"EVR": {
"Text": "0:126.0.6478.182-alt0.c10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c10f1/ALT-PU-2024-14830/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414830001",
"Version": "1",
"Check": "all",
"Comment": "chromium is earlier than 0:126.0.6478.182-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414830001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414830001"
}
}
]
}

265
oval/p10/ALT-PU-2024-16159/definitions.json Normal file
View File

@ -0,0 +1,265 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416159",
"Version": "oval:org.altlinux.errata:def:202416159",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16159: package `postgresql16` update to version 16.6-alt0.p10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16159",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16159",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-09679",
"RefURL": "https://bdu.fstec.ru/vul/2024-09679",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09681",
"RefURL": "https://bdu.fstec.ru/vul/2024-09681",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09682",
"RefURL": "https://bdu.fstec.ru/vul/2024-09682",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09684",
"RefURL": "https://bdu.fstec.ru/vul/2024-09684",
"Source": "BDU"
},
{
"RefID": "CVE-2024-10976",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10977",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10978",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10979",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979",
"Source": "CVE"
}
],
"Description": "This update upgrades postgresql16 to version 16.6-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2024-09679: Уязвимость переменных среды PL/Perl системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-09681: Уязвимость команд SET ROLE, SET SESSION системы управления базами данных PostgreSQL, позволяющая нарушителю повысить свои привилегии и получить доступ к защищаемой информации\n\n * BDU:2024-09682: Уязвимость компонента libpq системы управления базами данных PostgreSQL, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить атаку типа «человек посередине»\n\n * BDU:2024-09684: Уязвимость политики безопасности таблиц с защитой строк CREATE POLICY системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные команды\n\n * CVE-2024-10976: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10977: Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10978: Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10979: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-29"
},
"Updated": {
"Date": "2024-11-29"
},
"BDUs": [
{
"ID": "BDU:2024-09679",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-15, CWE-264",
"Href": "https://bdu.fstec.ru/vul/2024-09679",
"Impact": "High",
"Public": "20241114"
},
{
"ID": "BDU:2024-09681",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-264, CWE-266",
"Href": "https://bdu.fstec.ru/vul/2024-09681",
"Impact": "Low",
"Public": "20241114"
},
{
"ID": "BDU:2024-09682",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "CWE-264, CWE-348",
"Href": "https://bdu.fstec.ru/vul/2024-09682",
"Impact": "Low",
"Public": "20241114"
},
{
"ID": "BDU:2024-09684",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-264, CWE-1250",
"Href": "https://bdu.fstec.ru/vul/2024-09684",
"Impact": "Low",
"Public": "20241114"
}
],
"CVEs": [
{
"ID": "CVE-2024-10976",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10977",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10978",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10979",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979",
"Impact": "None",
"Public": "20241114"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416159001",
"Comment": "libecpg6 is earlier than 0:16.6-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416159002",
"Comment": "libecpg6-devel is earlier than 0:16.6-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416159003",
"Comment": "libecpg6-devel-static is earlier than 0:16.6-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416159004",
"Comment": "libpq5 is earlier than 0:16.6-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416159005",
"Comment": "libpq5-devel is earlier than 0:16.6-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416159006",
"Comment": "libpq5-devel-static is earlier than 0:16.6-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416159007",
"Comment": "postgresql-devel is earlier than 0:16.6-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416159008",
"Comment": "postgresql-devel-static is earlier than 0:16.6-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416159009",
"Comment": "postgresql16 is earlier than 0:16.6-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416159010",
"Comment": "postgresql16-contrib is earlier than 0:16.6-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416159011",
"Comment": "postgresql16-docs is earlier than 0:16.6-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416159012",
"Comment": "postgresql16-llvmjit is earlier than 0:16.6-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416159013",
"Comment": "postgresql16-perl is earlier than 0:16.6-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416159014",
"Comment": "postgresql16-python is earlier than 0:16.6-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416159015",
"Comment": "postgresql16-server is earlier than 0:16.6-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416159016",
"Comment": "postgresql16-server-devel is earlier than 0:16.6-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416159017",
"Comment": "postgresql16-tcl is earlier than 0:16.6-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416159018",
"Comment": "rpm-macros-postgresql is earlier than 0:16.6-alt0.p10.1"
}
]
}
]
}
}
]
}

136
oval/p10/ALT-PU-2024-16159/objects.json Normal file
View File

@ -0,0 +1,136 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416159001",
"Version": "1",
"Comment": "libecpg6 is installed",
"Name": "libecpg6"
},
{
"ID": "oval:org.altlinux.errata:obj:202416159002",
"Version": "1",
"Comment": "libecpg6-devel is installed",
"Name": "libecpg6-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416159003",
"Version": "1",
"Comment": "libecpg6-devel-static is installed",
"Name": "libecpg6-devel-static"
},
{
"ID": "oval:org.altlinux.errata:obj:202416159004",
"Version": "1",
"Comment": "libpq5 is installed",
"Name": "libpq5"
},
{
"ID": "oval:org.altlinux.errata:obj:202416159005",
"Version": "1",
"Comment": "libpq5-devel is installed",
"Name": "libpq5-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416159006",
"Version": "1",
"Comment": "libpq5-devel-static is installed",
"Name": "libpq5-devel-static"
},
{
"ID": "oval:org.altlinux.errata:obj:202416159007",
"Version": "1",
"Comment": "postgresql-devel is installed",
"Name": "postgresql-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416159008",
"Version": "1",
"Comment": "postgresql-devel-static is installed",
"Name": "postgresql-devel-static"
},
{
"ID": "oval:org.altlinux.errata:obj:202416159009",
"Version": "1",
"Comment": "postgresql16 is installed",
"Name": "postgresql16"
},
{
"ID": "oval:org.altlinux.errata:obj:202416159010",
"Version": "1",
"Comment": "postgresql16-contrib is installed",
"Name": "postgresql16-contrib"
},
{
"ID": "oval:org.altlinux.errata:obj:202416159011",
"Version": "1",
"Comment": "postgresql16-docs is installed",
"Name": "postgresql16-docs"
},
{
"ID": "oval:org.altlinux.errata:obj:202416159012",
"Version": "1",
"Comment": "postgresql16-llvmjit is installed",
"Name": "postgresql16-llvmjit"
},
{
"ID": "oval:org.altlinux.errata:obj:202416159013",
"Version": "1",
"Comment": "postgresql16-perl is installed",
"Name": "postgresql16-perl"
},
{
"ID": "oval:org.altlinux.errata:obj:202416159014",
"Version": "1",
"Comment": "postgresql16-python is installed",
"Name": "postgresql16-python"
},
{
"ID": "oval:org.altlinux.errata:obj:202416159015",
"Version": "1",
"Comment": "postgresql16-server is installed",
"Name": "postgresql16-server"
},
{
"ID": "oval:org.altlinux.errata:obj:202416159016",
"Version": "1",
"Comment": "postgresql16-server-devel is installed",
"Name": "postgresql16-server-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416159017",
"Version": "1",
"Comment": "postgresql16-tcl is installed",
"Name": "postgresql16-tcl"
},
{
"ID": "oval:org.altlinux.errata:obj:202416159018",
"Version": "1",
"Comment": "rpm-macros-postgresql is installed",
"Name": "rpm-macros-postgresql"
}
]
}

23
oval/p10/ALT-PU-2024-16159/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416159001",
"Version": "1",
"Comment": "package EVR is earlier than 0:16.6-alt0.p10.1",
"Arch": {},
"EVR": {
"Text": "0:16.6-alt0.p10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

234
oval/p10/ALT-PU-2024-16159/tests.json Normal file
View File

@ -0,0 +1,234 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416159001",
"Version": "1",
"Check": "all",
"Comment": "libecpg6 is earlier than 0:16.6-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416159001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416159001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416159002",
"Version": "1",
"Check": "all",
"Comment": "libecpg6-devel is earlier than 0:16.6-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416159002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416159001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416159003",
"Version": "1",
"Check": "all",
"Comment": "libecpg6-devel-static is earlier than 0:16.6-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416159003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416159001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416159004",
"Version": "1",
"Check": "all",
"Comment": "libpq5 is earlier than 0:16.6-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416159004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416159001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416159005",
"Version": "1",
"Check": "all",
"Comment": "libpq5-devel is earlier than 0:16.6-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416159005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416159001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416159006",
"Version": "1",
"Check": "all",
"Comment": "libpq5-devel-static is earlier than 0:16.6-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416159006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416159001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416159007",
"Version": "1",
"Check": "all",
"Comment": "postgresql-devel is earlier than 0:16.6-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416159007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416159001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416159008",
"Version": "1",
"Check": "all",
"Comment": "postgresql-devel-static is earlier than 0:16.6-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416159008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416159001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416159009",
"Version": "1",
"Check": "all",
"Comment": "postgresql16 is earlier than 0:16.6-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416159009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416159001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416159010",
"Version": "1",
"Check": "all",
"Comment": "postgresql16-contrib is earlier than 0:16.6-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416159010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416159001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416159011",
"Version": "1",
"Check": "all",
"Comment": "postgresql16-docs is earlier than 0:16.6-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416159011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416159001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416159012",
"Version": "1",
"Check": "all",
"Comment": "postgresql16-llvmjit is earlier than 0:16.6-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416159012"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416159001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416159013",
"Version": "1",
"Check": "all",
"Comment": "postgresql16-perl is earlier than 0:16.6-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416159013"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416159001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416159014",
"Version": "1",
"Check": "all",
"Comment": "postgresql16-python is earlier than 0:16.6-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416159014"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416159001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416159015",
"Version": "1",
"Check": "all",
"Comment": "postgresql16-server is earlier than 0:16.6-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416159015"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416159001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416159016",
"Version": "1",
"Check": "all",
"Comment": "postgresql16-server-devel is earlier than 0:16.6-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416159016"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416159001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416159017",
"Version": "1",
"Check": "all",
"Comment": "postgresql16-tcl is earlier than 0:16.6-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416159017"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416159001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416159018",
"Version": "1",
"Check": "all",
"Comment": "rpm-macros-postgresql is earlier than 0:16.6-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416159018"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416159001"
}
}
]
}

229
oval/p10/ALT-PU-2024-16161/definitions.json Normal file
View File

@ -0,0 +1,229 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416161",
"Version": "oval:org.altlinux.errata:def:202416161",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16161: package `postgresql12` update to version 12.22-alt0.p10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16161",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16161",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-09679",
"RefURL": "https://bdu.fstec.ru/vul/2024-09679",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09681",
"RefURL": "https://bdu.fstec.ru/vul/2024-09681",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09682",
"RefURL": "https://bdu.fstec.ru/vul/2024-09682",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09684",
"RefURL": "https://bdu.fstec.ru/vul/2024-09684",
"Source": "BDU"
},
{
"RefID": "CVE-2024-10976",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10977",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10978",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10979",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979",
"Source": "CVE"
}
],
"Description": "This update upgrades postgresql12 to version 12.22-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2024-09679: Уязвимость переменных среды PL/Perl системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-09681: Уязвимость команд SET ROLE, SET SESSION системы управления базами данных PostgreSQL, позволяющая нарушителю повысить свои привилегии и получить доступ к защищаемой информации\n\n * BDU:2024-09682: Уязвимость компонента libpq системы управления базами данных PostgreSQL, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить атаку типа «человек посередине»\n\n * BDU:2024-09684: Уязвимость политики безопасности таблиц с защитой строк CREATE POLICY системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные команды\n\n * CVE-2024-10976: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10977: Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10978: Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10979: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-29"
},
"Updated": {
"Date": "2024-11-29"
},
"BDUs": [
{
"ID": "BDU:2024-09679",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-15, CWE-264",
"Href": "https://bdu.fstec.ru/vul/2024-09679",
"Impact": "High",
"Public": "20241114"
},
{
"ID": "BDU:2024-09681",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-264, CWE-266",
"Href": "https://bdu.fstec.ru/vul/2024-09681",
"Impact": "Low",
"Public": "20241114"
},
{
"ID": "BDU:2024-09682",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "CWE-264, CWE-348",
"Href": "https://bdu.fstec.ru/vul/2024-09682",
"Impact": "Low",
"Public": "20241114"
},
{
"ID": "BDU:2024-09684",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-264, CWE-1250",
"Href": "https://bdu.fstec.ru/vul/2024-09684",
"Impact": "Low",
"Public": "20241114"
}
],
"CVEs": [
{
"ID": "CVE-2024-10976",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10977",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10978",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10979",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979",
"Impact": "None",
"Public": "20241114"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416161001",
"Comment": "postgresql12 is earlier than 0:12.22-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416161002",
"Comment": "postgresql12-contrib is earlier than 0:12.22-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416161003",
"Comment": "postgresql12-docs is earlier than 0:12.22-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416161004",
"Comment": "postgresql12-llvmjit is earlier than 0:12.22-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416161005",
"Comment": "postgresql12-perl is earlier than 0:12.22-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416161006",
"Comment": "postgresql12-python is earlier than 0:12.22-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416161007",
"Comment": "postgresql12-server is earlier than 0:12.22-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416161008",
"Comment": "postgresql12-server-devel is earlier than 0:12.22-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416161009",
"Comment": "postgresql12-tcl is earlier than 0:12.22-alt0.p10.1"
}
]
}
]
}
}
]
}

82
oval/p10/ALT-PU-2024-16161/objects.json Normal file
View File

@ -0,0 +1,82 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416161001",
"Version": "1",
"Comment": "postgresql12 is installed",
"Name": "postgresql12"
},
{
"ID": "oval:org.altlinux.errata:obj:202416161002",
"Version": "1",
"Comment": "postgresql12-contrib is installed",
"Name": "postgresql12-contrib"
},
{
"ID": "oval:org.altlinux.errata:obj:202416161003",
"Version": "1",
"Comment": "postgresql12-docs is installed",
"Name": "postgresql12-docs"
},
{
"ID": "oval:org.altlinux.errata:obj:202416161004",
"Version": "1",
"Comment": "postgresql12-llvmjit is installed",
"Name": "postgresql12-llvmjit"
},
{
"ID": "oval:org.altlinux.errata:obj:202416161005",
"Version": "1",
"Comment": "postgresql12-perl is installed",
"Name": "postgresql12-perl"
},
{
"ID": "oval:org.altlinux.errata:obj:202416161006",
"Version": "1",
"Comment": "postgresql12-python is installed",
"Name": "postgresql12-python"
},
{
"ID": "oval:org.altlinux.errata:obj:202416161007",
"Version": "1",
"Comment": "postgresql12-server is installed",
"Name": "postgresql12-server"
},
{
"ID": "oval:org.altlinux.errata:obj:202416161008",
"Version": "1",
"Comment": "postgresql12-server-devel is installed",
"Name": "postgresql12-server-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416161009",
"Version": "1",
"Comment": "postgresql12-tcl is installed",
"Name": "postgresql12-tcl"
}
]
}

23
oval/p10/ALT-PU-2024-16161/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416161001",
"Version": "1",
"Comment": "package EVR is earlier than 0:12.22-alt0.p10.1",
"Arch": {},
"EVR": {
"Text": "0:12.22-alt0.p10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

126
oval/p10/ALT-PU-2024-16161/tests.json Normal file
View File

@ -0,0 +1,126 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416161001",
"Version": "1",
"Check": "all",
"Comment": "postgresql12 is earlier than 0:12.22-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416161001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416161001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416161002",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-contrib is earlier than 0:12.22-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416161002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416161001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416161003",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-docs is earlier than 0:12.22-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416161003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416161001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416161004",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-llvmjit is earlier than 0:12.22-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416161004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416161001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416161005",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-perl is earlier than 0:12.22-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416161005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416161001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416161006",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-python is earlier than 0:12.22-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416161006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416161001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416161007",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-server is earlier than 0:12.22-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416161007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416161001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416161008",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-server-devel is earlier than 0:12.22-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416161008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416161001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416161009",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-tcl is earlier than 0:12.22-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416161009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416161001"
}
}
]
}

229
oval/p10/ALT-PU-2024-16162/definitions.json Normal file
View File

@ -0,0 +1,229 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416162",
"Version": "oval:org.altlinux.errata:def:202416162",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16162: package `postgresql13` update to version 13.18-alt0.p10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16162",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16162",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-09679",
"RefURL": "https://bdu.fstec.ru/vul/2024-09679",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09681",
"RefURL": "https://bdu.fstec.ru/vul/2024-09681",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09682",
"RefURL": "https://bdu.fstec.ru/vul/2024-09682",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09684",
"RefURL": "https://bdu.fstec.ru/vul/2024-09684",
"Source": "BDU"
},
{
"RefID": "CVE-2024-10976",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10977",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10978",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10979",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979",
"Source": "CVE"
}
],
"Description": "This update upgrades postgresql13 to version 13.18-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2024-09679: Уязвимость переменных среды PL/Perl системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-09681: Уязвимость команд SET ROLE, SET SESSION системы управления базами данных PostgreSQL, позволяющая нарушителю повысить свои привилегии и получить доступ к защищаемой информации\n\n * BDU:2024-09682: Уязвимость компонента libpq системы управления базами данных PostgreSQL, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить атаку типа «человек посередине»\n\n * BDU:2024-09684: Уязвимость политики безопасности таблиц с защитой строк CREATE POLICY системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные команды\n\n * CVE-2024-10976: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10977: Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10978: Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10979: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-29"
},
"Updated": {
"Date": "2024-11-29"
},
"BDUs": [
{
"ID": "BDU:2024-09679",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-15, CWE-264",
"Href": "https://bdu.fstec.ru/vul/2024-09679",
"Impact": "High",
"Public": "20241114"
},
{
"ID": "BDU:2024-09681",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-264, CWE-266",
"Href": "https://bdu.fstec.ru/vul/2024-09681",
"Impact": "Low",
"Public": "20241114"
},
{
"ID": "BDU:2024-09682",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "CWE-264, CWE-348",
"Href": "https://bdu.fstec.ru/vul/2024-09682",
"Impact": "Low",
"Public": "20241114"
},
{
"ID": "BDU:2024-09684",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-264, CWE-1250",
"Href": "https://bdu.fstec.ru/vul/2024-09684",
"Impact": "Low",
"Public": "20241114"
}
],
"CVEs": [
{
"ID": "CVE-2024-10976",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10977",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10978",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10979",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979",
"Impact": "None",
"Public": "20241114"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416162001",
"Comment": "postgresql13 is earlier than 0:13.18-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416162002",
"Comment": "postgresql13-contrib is earlier than 0:13.18-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416162003",
"Comment": "postgresql13-docs is earlier than 0:13.18-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416162004",
"Comment": "postgresql13-llvmjit is earlier than 0:13.18-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416162005",
"Comment": "postgresql13-perl is earlier than 0:13.18-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416162006",
"Comment": "postgresql13-python is earlier than 0:13.18-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416162007",
"Comment": "postgresql13-server is earlier than 0:13.18-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416162008",
"Comment": "postgresql13-server-devel is earlier than 0:13.18-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416162009",
"Comment": "postgresql13-tcl is earlier than 0:13.18-alt0.p10.1"
}
]
}
]
}
}
]
}

82
oval/p10/ALT-PU-2024-16162/objects.json Normal file
View File

@ -0,0 +1,82 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416162001",
"Version": "1",
"Comment": "postgresql13 is installed",
"Name": "postgresql13"
},
{
"ID": "oval:org.altlinux.errata:obj:202416162002",
"Version": "1",
"Comment": "postgresql13-contrib is installed",
"Name": "postgresql13-contrib"
},
{
"ID": "oval:org.altlinux.errata:obj:202416162003",
"Version": "1",
"Comment": "postgresql13-docs is installed",
"Name": "postgresql13-docs"
},
{
"ID": "oval:org.altlinux.errata:obj:202416162004",
"Version": "1",
"Comment": "postgresql13-llvmjit is installed",
"Name": "postgresql13-llvmjit"
},
{
"ID": "oval:org.altlinux.errata:obj:202416162005",
"Version": "1",
"Comment": "postgresql13-perl is installed",
"Name": "postgresql13-perl"
},
{
"ID": "oval:org.altlinux.errata:obj:202416162006",
"Version": "1",
"Comment": "postgresql13-python is installed",
"Name": "postgresql13-python"
},
{
"ID": "oval:org.altlinux.errata:obj:202416162007",
"Version": "1",
"Comment": "postgresql13-server is installed",
"Name": "postgresql13-server"
},
{
"ID": "oval:org.altlinux.errata:obj:202416162008",
"Version": "1",
"Comment": "postgresql13-server-devel is installed",
"Name": "postgresql13-server-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416162009",
"Version": "1",
"Comment": "postgresql13-tcl is installed",
"Name": "postgresql13-tcl"
}
]
}

23
oval/p10/ALT-PU-2024-16162/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416162001",
"Version": "1",
"Comment": "package EVR is earlier than 0:13.18-alt0.p10.1",
"Arch": {},
"EVR": {
"Text": "0:13.18-alt0.p10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

126
oval/p10/ALT-PU-2024-16162/tests.json Normal file
View File

@ -0,0 +1,126 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416162001",
"Version": "1",
"Check": "all",
"Comment": "postgresql13 is earlier than 0:13.18-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416162001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416162001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416162002",
"Version": "1",
"Check": "all",
"Comment": "postgresql13-contrib is earlier than 0:13.18-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416162002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416162001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416162003",
"Version": "1",
"Check": "all",
"Comment": "postgresql13-docs is earlier than 0:13.18-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416162003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416162001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416162004",
"Version": "1",
"Check": "all",
"Comment": "postgresql13-llvmjit is earlier than 0:13.18-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416162004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416162001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416162005",
"Version": "1",
"Check": "all",
"Comment": "postgresql13-perl is earlier than 0:13.18-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416162005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416162001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416162006",
"Version": "1",
"Check": "all",
"Comment": "postgresql13-python is earlier than 0:13.18-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416162006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416162001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416162007",
"Version": "1",
"Check": "all",
"Comment": "postgresql13-server is earlier than 0:13.18-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416162007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416162001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416162008",
"Version": "1",
"Check": "all",
"Comment": "postgresql13-server-devel is earlier than 0:13.18-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416162008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416162001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416162009",
"Version": "1",
"Check": "all",
"Comment": "postgresql13-tcl is earlier than 0:13.18-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416162009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416162001"
}
}
]
}

229
oval/p10/ALT-PU-2024-16163/definitions.json Normal file
View File

@ -0,0 +1,229 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416163",
"Version": "oval:org.altlinux.errata:def:202416163",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16163: package `postgresql14` update to version 14.15-alt0.p10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16163",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16163",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-09679",
"RefURL": "https://bdu.fstec.ru/vul/2024-09679",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09681",
"RefURL": "https://bdu.fstec.ru/vul/2024-09681",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09682",
"RefURL": "https://bdu.fstec.ru/vul/2024-09682",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09684",
"RefURL": "https://bdu.fstec.ru/vul/2024-09684",
"Source": "BDU"
},
{
"RefID": "CVE-2024-10976",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10977",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10978",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10979",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979",
"Source": "CVE"
}
],
"Description": "This update upgrades postgresql14 to version 14.15-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2024-09679: Уязвимость переменных среды PL/Perl системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-09681: Уязвимость команд SET ROLE, SET SESSION системы управления базами данных PostgreSQL, позволяющая нарушителю повысить свои привилегии и получить доступ к защищаемой информации\n\n * BDU:2024-09682: Уязвимость компонента libpq системы управления базами данных PostgreSQL, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить атаку типа «человек посередине»\n\n * BDU:2024-09684: Уязвимость политики безопасности таблиц с защитой строк CREATE POLICY системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные команды\n\n * CVE-2024-10976: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10977: Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10978: Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10979: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-29"
},
"Updated": {
"Date": "2024-11-29"
},
"BDUs": [
{
"ID": "BDU:2024-09679",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-15, CWE-264",
"Href": "https://bdu.fstec.ru/vul/2024-09679",
"Impact": "High",
"Public": "20241114"
},
{
"ID": "BDU:2024-09681",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-264, CWE-266",
"Href": "https://bdu.fstec.ru/vul/2024-09681",
"Impact": "Low",
"Public": "20241114"
},
{
"ID": "BDU:2024-09682",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "CWE-264, CWE-348",
"Href": "https://bdu.fstec.ru/vul/2024-09682",
"Impact": "Low",
"Public": "20241114"
},
{
"ID": "BDU:2024-09684",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-264, CWE-1250",
"Href": "https://bdu.fstec.ru/vul/2024-09684",
"Impact": "Low",
"Public": "20241114"
}
],
"CVEs": [
{
"ID": "CVE-2024-10976",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10977",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10978",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10979",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979",
"Impact": "None",
"Public": "20241114"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416163001",
"Comment": "postgresql14 is earlier than 0:14.15-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416163002",
"Comment": "postgresql14-contrib is earlier than 0:14.15-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416163003",
"Comment": "postgresql14-docs is earlier than 0:14.15-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416163004",
"Comment": "postgresql14-llvmjit is earlier than 0:14.15-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416163005",
"Comment": "postgresql14-perl is earlier than 0:14.15-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416163006",
"Comment": "postgresql14-python is earlier than 0:14.15-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416163007",
"Comment": "postgresql14-server is earlier than 0:14.15-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416163008",
"Comment": "postgresql14-server-devel is earlier than 0:14.15-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416163009",
"Comment": "postgresql14-tcl is earlier than 0:14.15-alt0.p10.1"
}
]
}
]
}
}
]
}

82
oval/p10/ALT-PU-2024-16163/objects.json Normal file
View File

@ -0,0 +1,82 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416163001",
"Version": "1",
"Comment": "postgresql14 is installed",
"Name": "postgresql14"
},
{
"ID": "oval:org.altlinux.errata:obj:202416163002",
"Version": "1",
"Comment": "postgresql14-contrib is installed",
"Name": "postgresql14-contrib"
},
{
"ID": "oval:org.altlinux.errata:obj:202416163003",
"Version": "1",
"Comment": "postgresql14-docs is installed",
"Name": "postgresql14-docs"
},
{
"ID": "oval:org.altlinux.errata:obj:202416163004",
"Version": "1",
"Comment": "postgresql14-llvmjit is installed",
"Name": "postgresql14-llvmjit"
},
{
"ID": "oval:org.altlinux.errata:obj:202416163005",
"Version": "1",
"Comment": "postgresql14-perl is installed",
"Name": "postgresql14-perl"
},
{
"ID": "oval:org.altlinux.errata:obj:202416163006",
"Version": "1",
"Comment": "postgresql14-python is installed",
"Name": "postgresql14-python"
},
{
"ID": "oval:org.altlinux.errata:obj:202416163007",
"Version": "1",
"Comment": "postgresql14-server is installed",
"Name": "postgresql14-server"
},
{
"ID": "oval:org.altlinux.errata:obj:202416163008",
"Version": "1",
"Comment": "postgresql14-server-devel is installed",
"Name": "postgresql14-server-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416163009",
"Version": "1",
"Comment": "postgresql14-tcl is installed",
"Name": "postgresql14-tcl"
}
]
}

23
oval/p10/ALT-PU-2024-16163/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416163001",
"Version": "1",
"Comment": "package EVR is earlier than 0:14.15-alt0.p10.1",
"Arch": {},
"EVR": {
"Text": "0:14.15-alt0.p10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

126
oval/p10/ALT-PU-2024-16163/tests.json Normal file
View File

@ -0,0 +1,126 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416163001",
"Version": "1",
"Check": "all",
"Comment": "postgresql14 is earlier than 0:14.15-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416163001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416163001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416163002",
"Version": "1",
"Check": "all",
"Comment": "postgresql14-contrib is earlier than 0:14.15-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416163002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416163001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416163003",
"Version": "1",
"Check": "all",
"Comment": "postgresql14-docs is earlier than 0:14.15-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416163003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416163001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416163004",
"Version": "1",
"Check": "all",
"Comment": "postgresql14-llvmjit is earlier than 0:14.15-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416163004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416163001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416163005",
"Version": "1",
"Check": "all",
"Comment": "postgresql14-perl is earlier than 0:14.15-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416163005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416163001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416163006",
"Version": "1",
"Check": "all",
"Comment": "postgresql14-python is earlier than 0:14.15-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416163006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416163001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416163007",
"Version": "1",
"Check": "all",
"Comment": "postgresql14-server is earlier than 0:14.15-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416163007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416163001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416163008",
"Version": "1",
"Check": "all",
"Comment": "postgresql14-server-devel is earlier than 0:14.15-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416163008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416163001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416163009",
"Version": "1",
"Check": "all",
"Comment": "postgresql14-tcl is earlier than 0:14.15-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416163009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416163001"
}
}
]
}

229
oval/p10/ALT-PU-2024-16164/definitions.json Normal file
View File

@ -0,0 +1,229 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416164",
"Version": "oval:org.altlinux.errata:def:202416164",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16164: package `postgresql15` update to version 15.10-alt0.p10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16164",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16164",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-09679",
"RefURL": "https://bdu.fstec.ru/vul/2024-09679",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09681",
"RefURL": "https://bdu.fstec.ru/vul/2024-09681",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09682",
"RefURL": "https://bdu.fstec.ru/vul/2024-09682",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09684",
"RefURL": "https://bdu.fstec.ru/vul/2024-09684",
"Source": "BDU"
},
{
"RefID": "CVE-2024-10976",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10977",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10978",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10979",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979",
"Source": "CVE"
}
],
"Description": "This update upgrades postgresql15 to version 15.10-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2024-09679: Уязвимость переменных среды PL/Perl системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-09681: Уязвимость команд SET ROLE, SET SESSION системы управления базами данных PostgreSQL, позволяющая нарушителю повысить свои привилегии и получить доступ к защищаемой информации\n\n * BDU:2024-09682: Уязвимость компонента libpq системы управления базами данных PostgreSQL, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить атаку типа «человек посередине»\n\n * BDU:2024-09684: Уязвимость политики безопасности таблиц с защитой строк CREATE POLICY системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные команды\n\n * CVE-2024-10976: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10977: Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10978: Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10979: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-29"
},
"Updated": {
"Date": "2024-11-29"
},
"BDUs": [
{
"ID": "BDU:2024-09679",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-15, CWE-264",
"Href": "https://bdu.fstec.ru/vul/2024-09679",
"Impact": "High",
"Public": "20241114"
},
{
"ID": "BDU:2024-09681",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-264, CWE-266",
"Href": "https://bdu.fstec.ru/vul/2024-09681",
"Impact": "Low",
"Public": "20241114"
},
{
"ID": "BDU:2024-09682",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "CWE-264, CWE-348",
"Href": "https://bdu.fstec.ru/vul/2024-09682",
"Impact": "Low",
"Public": "20241114"
},
{
"ID": "BDU:2024-09684",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-264, CWE-1250",
"Href": "https://bdu.fstec.ru/vul/2024-09684",
"Impact": "Low",
"Public": "20241114"
}
],
"CVEs": [
{
"ID": "CVE-2024-10976",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10977",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10978",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10979",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979",
"Impact": "None",
"Public": "20241114"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416164001",
"Comment": "postgresql15 is earlier than 0:15.10-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416164002",
"Comment": "postgresql15-contrib is earlier than 0:15.10-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416164003",
"Comment": "postgresql15-docs is earlier than 0:15.10-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416164004",
"Comment": "postgresql15-llvmjit is earlier than 0:15.10-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416164005",
"Comment": "postgresql15-perl is earlier than 0:15.10-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416164006",
"Comment": "postgresql15-python is earlier than 0:15.10-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416164007",
"Comment": "postgresql15-server is earlier than 0:15.10-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416164008",
"Comment": "postgresql15-server-devel is earlier than 0:15.10-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416164009",
"Comment": "postgresql15-tcl is earlier than 0:15.10-alt0.p10.1"
}
]
}
]
}
}
]
}

82
oval/p10/ALT-PU-2024-16164/objects.json Normal file
View File

@ -0,0 +1,82 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416164001",
"Version": "1",
"Comment": "postgresql15 is installed",
"Name": "postgresql15"
},
{
"ID": "oval:org.altlinux.errata:obj:202416164002",
"Version": "1",
"Comment": "postgresql15-contrib is installed",
"Name": "postgresql15-contrib"
},
{
"ID": "oval:org.altlinux.errata:obj:202416164003",
"Version": "1",
"Comment": "postgresql15-docs is installed",
"Name": "postgresql15-docs"
},
{
"ID": "oval:org.altlinux.errata:obj:202416164004",
"Version": "1",
"Comment": "postgresql15-llvmjit is installed",
"Name": "postgresql15-llvmjit"
},
{
"ID": "oval:org.altlinux.errata:obj:202416164005",
"Version": "1",
"Comment": "postgresql15-perl is installed",
"Name": "postgresql15-perl"
},
{
"ID": "oval:org.altlinux.errata:obj:202416164006",
"Version": "1",
"Comment": "postgresql15-python is installed",
"Name": "postgresql15-python"
},
{
"ID": "oval:org.altlinux.errata:obj:202416164007",
"Version": "1",
"Comment": "postgresql15-server is installed",
"Name": "postgresql15-server"
},
{
"ID": "oval:org.altlinux.errata:obj:202416164008",
"Version": "1",
"Comment": "postgresql15-server-devel is installed",
"Name": "postgresql15-server-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416164009",
"Version": "1",
"Comment": "postgresql15-tcl is installed",
"Name": "postgresql15-tcl"
}
]
}

23
oval/p10/ALT-PU-2024-16164/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416164001",
"Version": "1",
"Comment": "package EVR is earlier than 0:15.10-alt0.p10.1",
"Arch": {},
"EVR": {
"Text": "0:15.10-alt0.p10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

126
oval/p10/ALT-PU-2024-16164/tests.json Normal file
View File

@ -0,0 +1,126 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416164001",
"Version": "1",
"Check": "all",
"Comment": "postgresql15 is earlier than 0:15.10-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416164001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416164001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416164002",
"Version": "1",
"Check": "all",
"Comment": "postgresql15-contrib is earlier than 0:15.10-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416164002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416164001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416164003",
"Version": "1",
"Check": "all",
"Comment": "postgresql15-docs is earlier than 0:15.10-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416164003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416164001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416164004",
"Version": "1",
"Check": "all",
"Comment": "postgresql15-llvmjit is earlier than 0:15.10-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416164004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416164001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416164005",
"Version": "1",
"Check": "all",
"Comment": "postgresql15-perl is earlier than 0:15.10-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416164005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416164001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416164006",
"Version": "1",
"Check": "all",
"Comment": "postgresql15-python is earlier than 0:15.10-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416164006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416164001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416164007",
"Version": "1",
"Check": "all",
"Comment": "postgresql15-server is earlier than 0:15.10-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416164007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416164001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416164008",
"Version": "1",
"Check": "all",
"Comment": "postgresql15-server-devel is earlier than 0:15.10-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416164008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416164001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416164009",
"Version": "1",
"Check": "all",
"Comment": "postgresql15-tcl is earlier than 0:15.10-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416164009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416164001"
}
}
]
}

229
oval/p10/ALT-PU-2024-16165/definitions.json Normal file
View File

@ -0,0 +1,229 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416165",
"Version": "oval:org.altlinux.errata:def:202416165",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16165: package `postgresql15-1C` update to version 15.8-alt0.p10.3",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16165",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16165",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-09679",
"RefURL": "https://bdu.fstec.ru/vul/2024-09679",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09681",
"RefURL": "https://bdu.fstec.ru/vul/2024-09681",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09682",
"RefURL": "https://bdu.fstec.ru/vul/2024-09682",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09684",
"RefURL": "https://bdu.fstec.ru/vul/2024-09684",
"Source": "BDU"
},
{
"RefID": "CVE-2024-10976",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10977",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10978",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10979",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979",
"Source": "CVE"
}
],
"Description": "This update upgrades postgresql15-1C to version 15.8-alt0.p10.3. \nSecurity Fix(es):\n\n * BDU:2024-09679: Уязвимость переменных среды PL/Perl системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-09681: Уязвимость команд SET ROLE, SET SESSION системы управления базами данных PostgreSQL, позволяющая нарушителю повысить свои привилегии и получить доступ к защищаемой информации\n\n * BDU:2024-09682: Уязвимость компонента libpq системы управления базами данных PostgreSQL, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить атаку типа «человек посередине»\n\n * BDU:2024-09684: Уязвимость политики безопасности таблиц с защитой строк CREATE POLICY системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные команды\n\n * CVE-2024-10976: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10977: Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10978: Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10979: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-29"
},
"Updated": {
"Date": "2024-11-29"
},
"BDUs": [
{
"ID": "BDU:2024-09679",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-15, CWE-264",
"Href": "https://bdu.fstec.ru/vul/2024-09679",
"Impact": "High",
"Public": "20241114"
},
{
"ID": "BDU:2024-09681",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-264, CWE-266",
"Href": "https://bdu.fstec.ru/vul/2024-09681",
"Impact": "Low",
"Public": "20241114"
},
{
"ID": "BDU:2024-09682",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "CWE-264, CWE-348",
"Href": "https://bdu.fstec.ru/vul/2024-09682",
"Impact": "Low",
"Public": "20241114"
},
{
"ID": "BDU:2024-09684",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-264, CWE-1250",
"Href": "https://bdu.fstec.ru/vul/2024-09684",
"Impact": "Low",
"Public": "20241114"
}
],
"CVEs": [
{
"ID": "CVE-2024-10976",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10977",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10978",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10979",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979",
"Impact": "None",
"Public": "20241114"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416165001",
"Comment": "postgresql15-1C is earlier than 0:15.8-alt0.p10.3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416165002",
"Comment": "postgresql15-1C-contrib is earlier than 0:15.8-alt0.p10.3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416165003",
"Comment": "postgresql15-1C-docs is earlier than 0:15.8-alt0.p10.3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416165004",
"Comment": "postgresql15-1C-llvmjit is earlier than 0:15.8-alt0.p10.3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416165005",
"Comment": "postgresql15-1C-perl is earlier than 0:15.8-alt0.p10.3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416165006",
"Comment": "postgresql15-1C-python is earlier than 0:15.8-alt0.p10.3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416165007",
"Comment": "postgresql15-1C-server is earlier than 0:15.8-alt0.p10.3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416165008",
"Comment": "postgresql15-1C-server-devel is earlier than 0:15.8-alt0.p10.3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416165009",
"Comment": "postgresql15-1C-tcl is earlier than 0:15.8-alt0.p10.3"
}
]
}
]
}
}
]
}

82
oval/p10/ALT-PU-2024-16165/objects.json Normal file
View File

@ -0,0 +1,82 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416165001",
"Version": "1",
"Comment": "postgresql15-1C is installed",
"Name": "postgresql15-1C"
},
{
"ID": "oval:org.altlinux.errata:obj:202416165002",
"Version": "1",
"Comment": "postgresql15-1C-contrib is installed",
"Name": "postgresql15-1C-contrib"
},
{
"ID": "oval:org.altlinux.errata:obj:202416165003",
"Version": "1",
"Comment": "postgresql15-1C-docs is installed",
"Name": "postgresql15-1C-docs"
},
{
"ID": "oval:org.altlinux.errata:obj:202416165004",
"Version": "1",
"Comment": "postgresql15-1C-llvmjit is installed",
"Name": "postgresql15-1C-llvmjit"
},
{
"ID": "oval:org.altlinux.errata:obj:202416165005",
"Version": "1",
"Comment": "postgresql15-1C-perl is installed",
"Name": "postgresql15-1C-perl"
},
{
"ID": "oval:org.altlinux.errata:obj:202416165006",
"Version": "1",
"Comment": "postgresql15-1C-python is installed",
"Name": "postgresql15-1C-python"
},
{
"ID": "oval:org.altlinux.errata:obj:202416165007",
"Version": "1",
"Comment": "postgresql15-1C-server is installed",
"Name": "postgresql15-1C-server"
},
{
"ID": "oval:org.altlinux.errata:obj:202416165008",
"Version": "1",
"Comment": "postgresql15-1C-server-devel is installed",
"Name": "postgresql15-1C-server-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416165009",
"Version": "1",
"Comment": "postgresql15-1C-tcl is installed",
"Name": "postgresql15-1C-tcl"
}
]
}

23
oval/p10/ALT-PU-2024-16165/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416165001",
"Version": "1",
"Comment": "package EVR is earlier than 0:15.8-alt0.p10.3",
"Arch": {},
"EVR": {
"Text": "0:15.8-alt0.p10.3",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

126
oval/p10/ALT-PU-2024-16165/tests.json Normal file
View File

@ -0,0 +1,126 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416165001",
"Version": "1",
"Check": "all",
"Comment": "postgresql15-1C is earlier than 0:15.8-alt0.p10.3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416165001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416165001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416165002",
"Version": "1",
"Check": "all",
"Comment": "postgresql15-1C-contrib is earlier than 0:15.8-alt0.p10.3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416165002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416165001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416165003",
"Version": "1",
"Check": "all",
"Comment": "postgresql15-1C-docs is earlier than 0:15.8-alt0.p10.3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416165003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416165001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416165004",
"Version": "1",
"Check": "all",
"Comment": "postgresql15-1C-llvmjit is earlier than 0:15.8-alt0.p10.3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416165004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416165001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416165005",
"Version": "1",
"Check": "all",
"Comment": "postgresql15-1C-perl is earlier than 0:15.8-alt0.p10.3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416165005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416165001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416165006",
"Version": "1",
"Check": "all",
"Comment": "postgresql15-1C-python is earlier than 0:15.8-alt0.p10.3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416165006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416165001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416165007",
"Version": "1",
"Check": "all",
"Comment": "postgresql15-1C-server is earlier than 0:15.8-alt0.p10.3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416165007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416165001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416165008",
"Version": "1",
"Check": "all",
"Comment": "postgresql15-1C-server-devel is earlier than 0:15.8-alt0.p10.3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416165008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416165001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416165009",
"Version": "1",
"Check": "all",
"Comment": "postgresql15-1C-tcl is earlier than 0:15.8-alt0.p10.3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416165009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416165001"
}
}
]
}