pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-08-02 03:04:42 +00:00
parent 97e1d0e3e2
commit 274f74f65b
44 changed files with 4115 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
oval/c10f1/ALT-PU-2024-10370/definitions.json Normal file
View File

@ -0,0 +1,99 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202410370",
"Version": "oval:org.altlinux.errata:def:202410370",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-10370: package `cri-o1.28` update to version 1.28.8-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-10370",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-10370",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-04923",
"RefURL": "https://bdu.fstec.ru/vul/2024-04923",
"Source": "BDU"
},
{
"RefID": "CVE-2024-5154",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5154",
"Source": "CVE"
}
],
"Description": "This update upgrades cri-o1.28 to version 1.28.8-alt1. \nSecurity Fix(es):\n\n * BDU:2024-04923: Уязвимость прикладного программного интерфейса CRI-O Container Engine программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю читать и записывать произвольные файлы в хост-системе\n\n * CVE-2024-5154: A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-07-31"
},
"Updated": {
"Date": "2024-07-31"
},
"BDUs": [
{
"ID": "BDU:2024-04923",
"CVSS": "AV:N/AC:L/Au:M/C:C/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"CWE": "CWE-668",
"Href": "https://bdu.fstec.ru/vul/2024-04923",
"Impact": "High",
"Public": "20240612"
}
],
"CVEs": [
{
"ID": "CVE-2024-5154",
"CWE": "CWE-668",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5154",
"Impact": "None",
"Public": "20240612"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202410370001",
"Comment": "cri-o1.28 is earlier than 0:1.28.8-alt1"
}
]
}
]
}
}
]
}

34
oval/c10f1/ALT-PU-2024-10370/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202410370001",
"Version": "1",
"Comment": "cri-o1.28 is installed",
"Name": "cri-o1.28"
}
]
}

23
oval/c10f1/ALT-PU-2024-10370/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202410370001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.28.8-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.28.8-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c10f1/ALT-PU-2024-10370/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202410370001",
"Version": "1",
"Check": "all",
"Comment": "cri-o1.28 is earlier than 0:1.28.8-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410370001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410370001"
}
}
]
}

122
oval/c10f1/ALT-PU-2024-10525/definitions.json Normal file
View File

@ -0,0 +1,122 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202410525",
"Version": "oval:org.altlinux.errata:def:202410525",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-10525: package `kubernetes1.27` update to version 1.27.16-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-10525",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-10525",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-05549",
"RefURL": "https://bdu.fstec.ru/vul/2024-05549",
"Source": "BDU"
},
{
"RefID": "CVE-2024-5321",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321",
"Source": "CVE"
}
],
"Description": "This update upgrades kubernetes1.27 to version 1.27.16-alt1. \nSecurity Fix(es):\n\n * BDU:2024-05549: Уязвимость утилиты kubelet программного средства управления кластерами виртуальных машин Kubernetes для операционных систем Windows, связанная с некорректно используемыми стандартными разрешениями, позволяющая нарушителю изменить информацию, хранящуюся в журналах контейнеров\n\n * CVE-2024-5321: A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\\Users may be able to read container logs and NT AUTHORITY\\Authenticated Users may be able to modify container logs.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-08-01"
},
"Updated": {
"Date": "2024-08-01"
},
"BDUs": [
{
"ID": "BDU:2024-05549",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:P/A:N",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"CWE": "CWE-276",
"Href": "https://bdu.fstec.ru/vul/2024-05549",
"Impact": "Low",
"Public": "20240717"
}
],
"CVEs": [
{
"ID": "CVE-2024-5321",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321",
"Impact": "None",
"Public": "20240718"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202410525001",
"Comment": "kubernetes1.27-client is earlier than 0:1.27.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410525002",
"Comment": "kubernetes1.27-common is earlier than 0:1.27.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410525003",
"Comment": "kubernetes1.27-crio is earlier than 0:1.27.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410525004",
"Comment": "kubernetes1.27-kubeadm is earlier than 0:1.27.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410525005",
"Comment": "kubernetes1.27-kubelet is earlier than 0:1.27.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410525006",
"Comment": "kubernetes1.27-master is earlier than 0:1.27.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410525007",
"Comment": "kubernetes1.27-node is earlier than 0:1.27.16-alt1"
}
]
}
]
}
}
]
}

70
oval/c10f1/ALT-PU-2024-10525/objects.json Normal file
View File

@ -0,0 +1,70 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202410525001",
"Version": "1",
"Comment": "kubernetes1.27-client is installed",
"Name": "kubernetes1.27-client"
},
{
"ID": "oval:org.altlinux.errata:obj:202410525002",
"Version": "1",
"Comment": "kubernetes1.27-common is installed",
"Name": "kubernetes1.27-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202410525003",
"Version": "1",
"Comment": "kubernetes1.27-crio is installed",
"Name": "kubernetes1.27-crio"
},
{
"ID": "oval:org.altlinux.errata:obj:202410525004",
"Version": "1",
"Comment": "kubernetes1.27-kubeadm is installed",
"Name": "kubernetes1.27-kubeadm"
},
{
"ID": "oval:org.altlinux.errata:obj:202410525005",
"Version": "1",
"Comment": "kubernetes1.27-kubelet is installed",
"Name": "kubernetes1.27-kubelet"
},
{
"ID": "oval:org.altlinux.errata:obj:202410525006",
"Version": "1",
"Comment": "kubernetes1.27-master is installed",
"Name": "kubernetes1.27-master"
},
{
"ID": "oval:org.altlinux.errata:obj:202410525007",
"Version": "1",
"Comment": "kubernetes1.27-node is installed",
"Name": "kubernetes1.27-node"
}
]
}

23
oval/c10f1/ALT-PU-2024-10525/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202410525001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.27.16-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.27.16-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

102
oval/c10f1/ALT-PU-2024-10525/tests.json Normal file
View File

@ -0,0 +1,102 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202410525001",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.27-client is earlier than 0:1.27.16-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410525001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410525001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410525002",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.27-common is earlier than 0:1.27.16-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410525002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410525001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410525003",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.27-crio is earlier than 0:1.27.16-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410525003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410525001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410525004",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.27-kubeadm is earlier than 0:1.27.16-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410525004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410525001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410525005",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.27-kubelet is earlier than 0:1.27.16-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410525005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410525001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410525006",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.27-master is earlier than 0:1.27.16-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410525006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410525001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410525007",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.27-node is earlier than 0:1.27.16-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410525007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410525001"
}
}
]
}

122
oval/c10f1/ALT-PU-2024-10527/definitions.json Normal file
View File

@ -0,0 +1,122 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202410527",
"Version": "oval:org.altlinux.errata:def:202410527",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-10527: package `kubernetes1.28` update to version 1.28.12-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-10527",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-10527",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-05549",
"RefURL": "https://bdu.fstec.ru/vul/2024-05549",
"Source": "BDU"
},
{
"RefID": "CVE-2024-5321",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321",
"Source": "CVE"
}
],
"Description": "This update upgrades kubernetes1.28 to version 1.28.12-alt1. \nSecurity Fix(es):\n\n * BDU:2024-05549: Уязвимость утилиты kubelet программного средства управления кластерами виртуальных машин Kubernetes для операционных систем Windows, связанная с некорректно используемыми стандартными разрешениями, позволяющая нарушителю изменить информацию, хранящуюся в журналах контейнеров\n\n * CVE-2024-5321: A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\\Users may be able to read container logs and NT AUTHORITY\\Authenticated Users may be able to modify container logs.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-08-01"
},
"Updated": {
"Date": "2024-08-01"
},
"BDUs": [
{
"ID": "BDU:2024-05549",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:P/A:N",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"CWE": "CWE-276",
"Href": "https://bdu.fstec.ru/vul/2024-05549",
"Impact": "Low",
"Public": "20240717"
}
],
"CVEs": [
{
"ID": "CVE-2024-5321",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321",
"Impact": "None",
"Public": "20240718"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202410527001",
"Comment": "kubernetes1.28-client is earlier than 0:1.28.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410527002",
"Comment": "kubernetes1.28-common is earlier than 0:1.28.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410527003",
"Comment": "kubernetes1.28-crio is earlier than 0:1.28.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410527004",
"Comment": "kubernetes1.28-kubeadm is earlier than 0:1.28.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410527005",
"Comment": "kubernetes1.28-kubelet is earlier than 0:1.28.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410527006",
"Comment": "kubernetes1.28-master is earlier than 0:1.28.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410527007",
"Comment": "kubernetes1.28-node is earlier than 0:1.28.12-alt1"
}
]
}
]
}
}
]
}

70
oval/c10f1/ALT-PU-2024-10527/objects.json Normal file
View File

@ -0,0 +1,70 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202410527001",
"Version": "1",
"Comment": "kubernetes1.28-client is installed",
"Name": "kubernetes1.28-client"
},
{
"ID": "oval:org.altlinux.errata:obj:202410527002",
"Version": "1",
"Comment": "kubernetes1.28-common is installed",
"Name": "kubernetes1.28-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202410527003",
"Version": "1",
"Comment": "kubernetes1.28-crio is installed",
"Name": "kubernetes1.28-crio"
},
{
"ID": "oval:org.altlinux.errata:obj:202410527004",
"Version": "1",
"Comment": "kubernetes1.28-kubeadm is installed",
"Name": "kubernetes1.28-kubeadm"
},
{
"ID": "oval:org.altlinux.errata:obj:202410527005",
"Version": "1",
"Comment": "kubernetes1.28-kubelet is installed",
"Name": "kubernetes1.28-kubelet"
},
{
"ID": "oval:org.altlinux.errata:obj:202410527006",
"Version": "1",
"Comment": "kubernetes1.28-master is installed",
"Name": "kubernetes1.28-master"
},
{
"ID": "oval:org.altlinux.errata:obj:202410527007",
"Version": "1",
"Comment": "kubernetes1.28-node is installed",
"Name": "kubernetes1.28-node"
}
]
}

23
oval/c10f1/ALT-PU-2024-10527/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202410527001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.28.12-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.28.12-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

102
oval/c10f1/ALT-PU-2024-10527/tests.json Normal file
View File

@ -0,0 +1,102 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202410527001",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.28-client is earlier than 0:1.28.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410527001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410527001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410527002",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.28-common is earlier than 0:1.28.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410527002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410527001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410527003",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.28-crio is earlier than 0:1.28.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410527003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410527001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410527004",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.28-kubeadm is earlier than 0:1.28.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410527004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410527001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410527005",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.28-kubelet is earlier than 0:1.28.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410527005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410527001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410527006",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.28-master is earlier than 0:1.28.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410527006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410527001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410527007",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.28-node is earlier than 0:1.28.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410527007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410527001"
}
}
]
}

99
oval/c9f2/ALT-PU-2024-10221/definitions.json Normal file
View File

@ -0,0 +1,99 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202410221",
"Version": "oval:org.altlinux.errata:def:202410221",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-10221: package `apache2-mod_http2` update to version 2.0.29-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-10221",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-10221",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-05194",
"RefURL": "https://bdu.fstec.ru/vul/2024-05194",
"Source": "BDU"
},
{
"RefID": "CVE-2024-36387",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-36387",
"Source": "CVE"
}
],
"Description": "This update upgrades apache2-mod_http2 to version 2.0.29-alt1. \nSecurity Fix(es):\n\n * BDU:2024-05194: Уязвимость протокола WebSocket веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2024-36387: Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-07-31"
},
"Updated": {
"Date": "2024-07-31"
},
"BDUs": [
{
"ID": "BDU:2024-05194",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2024-05194",
"Impact": "Low",
"Public": "20240527"
}
],
"CVEs": [
{
"ID": "CVE-2024-36387",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-36387",
"Impact": "None",
"Public": "20240701"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202410221001",
"Comment": "apache2-mod_http2 is earlier than 0:2.0.29-alt1"
}
]
}
]
}
}
]
}

34
oval/c9f2/ALT-PU-2024-10221/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202410221001",
"Version": "1",
"Comment": "apache2-mod_http2 is installed",
"Name": "apache2-mod_http2"
}
]
}

23
oval/c9f2/ALT-PU-2024-10221/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202410221001",
"Version": "1",
"Comment": "package EVR is earlier than 0:2.0.29-alt1",
"Arch": {},
"EVR": {
"Text": "0:2.0.29-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c9f2/ALT-PU-2024-10221/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202410221001",
"Version": "1",
"Check": "all",
"Comment": "apache2-mod_http2 is earlier than 0:2.0.29-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410221001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410221001"
}
}
]
}

379
oval/c9f2/ALT-PU-2024-10223/definitions.json Normal file
View File

@ -0,0 +1,379 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202410223",
"Version": "oval:org.altlinux.errata:def:202410223",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-10223: package `apache2` update to version 2.4.61-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-10223",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-10223",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-04936",
"RefURL": "https://bdu.fstec.ru/vul/2024-04936",
"Source": "BDU"
},
{
"RefID": "BDU:2024-05131",
"RefURL": "https://bdu.fstec.ru/vul/2024-05131",
"Source": "BDU"
},
{
"RefID": "BDU:2024-05194",
"RefURL": "https://bdu.fstec.ru/vul/2024-05194",
"Source": "BDU"
},
{
"RefID": "BDU:2024-05195",
"RefURL": "https://bdu.fstec.ru/vul/2024-05195",
"Source": "BDU"
},
{
"RefID": "BDU:2024-05354",
"RefURL": "https://bdu.fstec.ru/vul/2024-05354",
"Source": "BDU"
},
{
"RefID": "BDU:2024-05631",
"RefURL": "https://bdu.fstec.ru/vul/2024-05631",
"Source": "BDU"
},
{
"RefID": "CVE-2024-36387",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-36387",
"Source": "CVE"
},
{
"RefID": "CVE-2024-38472",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-38472",
"Source": "CVE"
},
{
"RefID": "CVE-2024-38473",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-38473",
"Source": "CVE"
},
{
"RefID": "CVE-2024-38474",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-38474",
"Source": "CVE"
},
{
"RefID": "CVE-2024-38475",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-38475",
"Source": "CVE"
},
{
"RefID": "CVE-2024-38476",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-38476",
"Source": "CVE"
},
{
"RefID": "CVE-2024-38477",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-38477",
"Source": "CVE"
},
{
"RefID": "CVE-2024-39573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-39573",
"Source": "CVE"
},
{
"RefID": "CVE-2024-39884",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-39884",
"Source": "CVE"
}
],
"Description": "This update upgrades apache2 to version 2.4.61-alt1. \nSecurity Fix(es):\n\n * BDU:2024-04936: Уязвимость функции mod_rewrite веб-сервера Apache HTTP Server, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-05131: Уязвимость ядра веб-сервера Apache HTTP Server, связанная с включением функций из недостоверной контролируемой области, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-05194: Уязвимость протокола WebSocket веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-05195: Уязвимость модуля mod_proxy веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-05354: Уязвимость веб-сервера Apache HTTP Server связана с недостаточной проверкой поступающих запросов, позволяющая нарушителю осуществить SSRF-атаку\n\n * BDU:2024-05631: Уязвимость модуля mod_rewrite веб-сервера Apache HTTP Server, позволяющая нарушителю осуществить SSRF-атаку\n\n * CVE-2024-36387: Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.\n\n * CVE-2024-38472: SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content \nUsers are recommended to upgrade to version 2.4.60 which fixes this issue.  Note: Existing configurations that access UNC paths will have to configure new directive \"UNCList\" to allow access during request processing.\n\n * CVE-2024-38473: Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\n * CVE-2024-38474: Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.\n\n * CVE-2024-38475: Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. \n\nSubstitutions in server context that use a backreferences or variables as the first segment of the substitution are affected.  Some unsafe RewiteRules will be broken by this change and the rewrite flag \"UnsafePrefixStat\" can be used to opt back in once ensuring the substitution is appropriately constrained.\n\n * CVE-2024-38476: Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\n * CVE-2024-38477: null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\n * CVE-2024-39573: Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\n * CVE-2024-39884: A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.61, which fixes this issue.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-07-31"
},
"Updated": {
"Date": "2024-07-31"
},
"BDUs": [
{
"ID": "BDU:2024-04936",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-116",
"Href": "https://bdu.fstec.ru/vul/2024-04936",
"Impact": "Critical",
"Public": "20240701"
},
{
"ID": "BDU:2024-05131",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-829",
"Href": "https://bdu.fstec.ru/vul/2024-05131",
"Impact": "Critical",
"Public": "20240701"
},
{
"ID": "BDU:2024-05194",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2024-05194",
"Impact": "Low",
"Public": "20240527"
},
{
"ID": "BDU:2024-05195",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404, CWE-476",
"Href": "https://bdu.fstec.ru/vul/2024-05195",
"Impact": "High",
"Public": "20240401"
},
{
"ID": "BDU:2024-05354",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-918",
"Href": "https://bdu.fstec.ru/vul/2024-05354",
"Impact": "High",
"Public": "20240701"
},
{
"ID": "BDU:2024-05631",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-20, CWE-918",
"Href": "https://bdu.fstec.ru/vul/2024-05631",
"Impact": "High",
"Public": "20240401"
}
],
"CVEs": [
{
"ID": "CVE-2024-36387",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-36387",
"Impact": "None",
"Public": "20240701"
},
{
"ID": "CVE-2024-38472",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-38472",
"Impact": "None",
"Public": "20240701"
},
{
"ID": "CVE-2024-38473",
"CWE": "CWE-116",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-38473",
"Impact": "None",
"Public": "20240701"
},
{
"ID": "CVE-2024-38474",
"CWE": "CWE-116",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-38474",
"Impact": "None",
"Public": "20240701"
},
{
"ID": "CVE-2024-38475",
"CWE": "CWE-116",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-38475",
"Impact": "None",
"Public": "20240701"
},
{
"ID": "CVE-2024-38476",
"CWE": "CWE-829",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-38476",
"Impact": "None",
"Public": "20240701"
},
{
"ID": "CVE-2024-38477",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-38477",
"Impact": "None",
"Public": "20240701"
},
{
"ID": "CVE-2024-39573",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-39573",
"Impact": "None",
"Public": "20240701"
},
{
"ID": "CVE-2024-39884",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-39884",
"Impact": "None",
"Public": "20240704"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202410223001",
"Comment": "apache2 is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223002",
"Comment": "apache2-ab is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223003",
"Comment": "apache2-base is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223004",
"Comment": "apache2-cgi-bin is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223005",
"Comment": "apache2-cgi-bin-printenv is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223006",
"Comment": "apache2-cgi-bin-test-cgi is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223007",
"Comment": "apache2-compat is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223008",
"Comment": "apache2-configs-A1PROXIED is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223009",
"Comment": "apache2-datadirs is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223010",
"Comment": "apache2-devel is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223011",
"Comment": "apache2-docs is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223012",
"Comment": "apache2-full is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223013",
"Comment": "apache2-htcacheclean is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223014",
"Comment": "apache2-htcacheclean-control is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223015",
"Comment": "apache2-html is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223016",
"Comment": "apache2-htpasswd is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223017",
"Comment": "apache2-httpd-event is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223018",
"Comment": "apache2-httpd-prefork is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223019",
"Comment": "apache2-httpd-worker is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223020",
"Comment": "apache2-icons is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223021",
"Comment": "apache2-manual is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223022",
"Comment": "apache2-manual-addons is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223023",
"Comment": "apache2-mod_cache_disk is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223024",
"Comment": "apache2-mod_ldap is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223025",
"Comment": "apache2-mod_proxy_html is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223026",
"Comment": "apache2-mod_ssl is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223027",
"Comment": "apache2-mod_ssl-compat is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223028",
"Comment": "apache2-mods is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223029",
"Comment": "apache2-suexec is earlier than 1:2.4.61-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410223030",
"Comment": "rpm-build-apache2 is earlier than 1:2.4.61-alt1"
}
]
}
]
}
}
]
}

208
oval/c9f2/ALT-PU-2024-10223/objects.json Normal file
View File

@ -0,0 +1,208 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202410223001",
"Version": "1",
"Comment": "apache2 is installed",
"Name": "apache2"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223002",
"Version": "1",
"Comment": "apache2-ab is installed",
"Name": "apache2-ab"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223003",
"Version": "1",
"Comment": "apache2-base is installed",
"Name": "apache2-base"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223004",
"Version": "1",
"Comment": "apache2-cgi-bin is installed",
"Name": "apache2-cgi-bin"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223005",
"Version": "1",
"Comment": "apache2-cgi-bin-printenv is installed",
"Name": "apache2-cgi-bin-printenv"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223006",
"Version": "1",
"Comment": "apache2-cgi-bin-test-cgi is installed",
"Name": "apache2-cgi-bin-test-cgi"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223007",
"Version": "1",
"Comment": "apache2-compat is installed",
"Name": "apache2-compat"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223008",
"Version": "1",
"Comment": "apache2-configs-A1PROXIED is installed",
"Name": "apache2-configs-A1PROXIED"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223009",
"Version": "1",
"Comment": "apache2-datadirs is installed",
"Name": "apache2-datadirs"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223010",
"Version": "1",
"Comment": "apache2-devel is installed",
"Name": "apache2-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223011",
"Version": "1",
"Comment": "apache2-docs is installed",
"Name": "apache2-docs"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223012",
"Version": "1",
"Comment": "apache2-full is installed",
"Name": "apache2-full"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223013",
"Version": "1",
"Comment": "apache2-htcacheclean is installed",
"Name": "apache2-htcacheclean"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223014",
"Version": "1",
"Comment": "apache2-htcacheclean-control is installed",
"Name": "apache2-htcacheclean-control"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223015",
"Version": "1",
"Comment": "apache2-html is installed",
"Name": "apache2-html"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223016",
"Version": "1",
"Comment": "apache2-htpasswd is installed",
"Name": "apache2-htpasswd"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223017",
"Version": "1",
"Comment": "apache2-httpd-event is installed",
"Name": "apache2-httpd-event"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223018",
"Version": "1",
"Comment": "apache2-httpd-prefork is installed",
"Name": "apache2-httpd-prefork"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223019",
"Version": "1",
"Comment": "apache2-httpd-worker is installed",
"Name": "apache2-httpd-worker"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223020",
"Version": "1",
"Comment": "apache2-icons is installed",
"Name": "apache2-icons"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223021",
"Version": "1",
"Comment": "apache2-manual is installed",
"Name": "apache2-manual"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223022",
"Version": "1",
"Comment": "apache2-manual-addons is installed",
"Name": "apache2-manual-addons"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223023",
"Version": "1",
"Comment": "apache2-mod_cache_disk is installed",
"Name": "apache2-mod_cache_disk"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223024",
"Version": "1",
"Comment": "apache2-mod_ldap is installed",
"Name": "apache2-mod_ldap"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223025",
"Version": "1",
"Comment": "apache2-mod_proxy_html is installed",
"Name": "apache2-mod_proxy_html"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223026",
"Version": "1",
"Comment": "apache2-mod_ssl is installed",
"Name": "apache2-mod_ssl"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223027",
"Version": "1",
"Comment": "apache2-mod_ssl-compat is installed",
"Name": "apache2-mod_ssl-compat"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223028",
"Version": "1",
"Comment": "apache2-mods is installed",
"Name": "apache2-mods"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223029",
"Version": "1",
"Comment": "apache2-suexec is installed",
"Name": "apache2-suexec"
},
{
"ID": "oval:org.altlinux.errata:obj:202410223030",
"Version": "1",
"Comment": "rpm-build-apache2 is installed",
"Name": "rpm-build-apache2"
}
]
}

23
oval/c9f2/ALT-PU-2024-10223/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202410223001",
"Version": "1",
"Comment": "package EVR is earlier than 1:2.4.61-alt1",
"Arch": {},
"EVR": {
"Text": "1:2.4.61-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

378
oval/c9f2/ALT-PU-2024-10223/tests.json Normal file
View File

@ -0,0 +1,378 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202410223001",
"Version": "1",
"Check": "all",
"Comment": "apache2 is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223002",
"Version": "1",
"Check": "all",
"Comment": "apache2-ab is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223003",
"Version": "1",
"Check": "all",
"Comment": "apache2-base is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223004",
"Version": "1",
"Check": "all",
"Comment": "apache2-cgi-bin is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223005",
"Version": "1",
"Check": "all",
"Comment": "apache2-cgi-bin-printenv is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223006",
"Version": "1",
"Check": "all",
"Comment": "apache2-cgi-bin-test-cgi is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223007",
"Version": "1",
"Check": "all",
"Comment": "apache2-compat is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223008",
"Version": "1",
"Check": "all",
"Comment": "apache2-configs-A1PROXIED is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223009",
"Version": "1",
"Check": "all",
"Comment": "apache2-datadirs is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223010",
"Version": "1",
"Check": "all",
"Comment": "apache2-devel is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223011",
"Version": "1",
"Check": "all",
"Comment": "apache2-docs is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223012",
"Version": "1",
"Check": "all",
"Comment": "apache2-full is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223012"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223013",
"Version": "1",
"Check": "all",
"Comment": "apache2-htcacheclean is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223013"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223014",
"Version": "1",
"Check": "all",
"Comment": "apache2-htcacheclean-control is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223014"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223015",
"Version": "1",
"Check": "all",
"Comment": "apache2-html is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223015"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223016",
"Version": "1",
"Check": "all",
"Comment": "apache2-htpasswd is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223016"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223017",
"Version": "1",
"Check": "all",
"Comment": "apache2-httpd-event is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223017"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223018",
"Version": "1",
"Check": "all",
"Comment": "apache2-httpd-prefork is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223018"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223019",
"Version": "1",
"Check": "all",
"Comment": "apache2-httpd-worker is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223019"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223020",
"Version": "1",
"Check": "all",
"Comment": "apache2-icons is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223020"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223021",
"Version": "1",
"Check": "all",
"Comment": "apache2-manual is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223021"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223022",
"Version": "1",
"Check": "all",
"Comment": "apache2-manual-addons is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223022"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223023",
"Version": "1",
"Check": "all",
"Comment": "apache2-mod_cache_disk is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223023"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223024",
"Version": "1",
"Check": "all",
"Comment": "apache2-mod_ldap is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223024"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223025",
"Version": "1",
"Check": "all",
"Comment": "apache2-mod_proxy_html is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223025"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223026",
"Version": "1",
"Check": "all",
"Comment": "apache2-mod_ssl is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223026"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223027",
"Version": "1",
"Check": "all",
"Comment": "apache2-mod_ssl-compat is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223027"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223028",
"Version": "1",
"Check": "all",
"Comment": "apache2-mods is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223028"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223029",
"Version": "1",
"Check": "all",
"Comment": "apache2-suexec is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223029"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410223030",
"Version": "1",
"Check": "all",
"Comment": "rpm-build-apache2 is earlier than 1:2.4.61-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410223030"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410223001"
}
}
]
}

244
oval/c9f2/ALT-PU-2024-10427/definitions.json Normal file
View File

@ -0,0 +1,244 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202410427",
"Version": "oval:org.altlinux.errata:def:202410427",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-10427: package `yandex-browser-stable` update to version 24.6.1.893-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-10427",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-10427",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-03377",
"RefURL": "https://bdu.fstec.ru/vul/2024-03377",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03378",
"RefURL": "https://bdu.fstec.ru/vul/2024-03378",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03379",
"RefURL": "https://bdu.fstec.ru/vul/2024-03379",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03876",
"RefURL": "https://bdu.fstec.ru/vul/2024-03876",
"Source": "BDU"
},
{
"RefID": "BDU:2024-03877",
"RefURL": "https://bdu.fstec.ru/vul/2024-03877",
"Source": "BDU"
},
{
"RefID": "BDU:2024-04460",
"RefURL": "https://bdu.fstec.ru/vul/2024-04460",
"Source": "BDU"
},
{
"RefID": "CVE-2024-4058",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-4058",
"Source": "CVE"
},
{
"RefID": "CVE-2024-4059",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-4059",
"Source": "CVE"
},
{
"RefID": "CVE-2024-4060",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-4060",
"Source": "CVE"
},
{
"RefID": "CVE-2024-4331",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-4331",
"Source": "CVE"
},
{
"RefID": "CVE-2024-4368",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-4368",
"Source": "CVE"
},
{
"RefID": "CVE-2024-5274",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5274",
"Source": "CVE"
}
],
"Description": "This update upgrades yandex-browser-stable to version 24.6.1.893-alt1. \nSecurity Fix(es):\n\n * BDU:2024-03377: Уязвимость компонента Dawn браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-03378: Уязвимость интерфейса обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2024-03379: Уязвимость библиотеки ANGLE браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти защитный механизм песочницы и выполнить произвольный код\n\n * BDU:2024-03876: Уязвимость технологии Picture In Picture браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-03877: Уязвимость компонента Dawn браузера Google Chrome, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-04460: Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome , позволяющая нарушителю выполнить произвольный код\n\n * CVE-2024-4058: Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)\n\n * CVE-2024-4059: Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2024-4060: Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2024-4331: Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2024-4368: Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2024-5274: Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)\n\n * #49811: Устанавливает стороннее ПО неизвестного происхождения\n\n * #50127: Автозапуск портит рабочий стол KDE Plasma\n\n * #50301: Виснет при наличии виртуальной клавиатуры Maliit в Wayland",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-07-31"
},
"Updated": {
"Date": "2024-07-31"
},
"BDUs": [
{
"ID": "BDU:2024-03377",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2024-03377",
"Impact": "High",
"Public": "20240409"
},
{
"ID": "BDU:2024-03378",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2024-03378",
"Impact": "Low",
"Public": "20240408"
},
{
"ID": "BDU:2024-03379",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-843",
"Href": "https://bdu.fstec.ru/vul/2024-03379",
"Impact": "Critical",
"Public": "20240402"
},
{
"ID": "BDU:2024-03876",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-416",
"Href": "https://bdu.fstec.ru/vul/2024-03876",
"Impact": "High",
"Public": "20240416"
},
{
"ID": "BDU:2024-03877",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-416",
"Href": "https://bdu.fstec.ru/vul/2024-03877",
"Impact": "High",
"Public": "20240416"
},
{
"ID": "BDU:2024-04460",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-843",
"Href": "https://bdu.fstec.ru/vul/2024-04460",
"Impact": "High",
"Public": "20240523"
}
],
"CVEs": [
{
"ID": "CVE-2024-4058",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-843",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4058",
"Impact": "High",
"Public": "20240501"
},
{
"ID": "CVE-2024-4059",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4059",
"Impact": "None",
"Public": "20240501"
},
{
"ID": "CVE-2024-4060",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4060",
"Impact": "None",
"Public": "20240501"
},
{
"ID": "CVE-2024-4331",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4331",
"Impact": "None",
"Public": "20240501"
},
{
"ID": "CVE-2024-4368",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4368",
"Impact": "None",
"Public": "20240501"
},
{
"ID": "CVE-2024-5274",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-843",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5274",
"Impact": "High",
"Public": "20240528"
}
],
"Bugzilla": [
{
"ID": "49811",
"Href": "https://bugzilla.altlinux.org/49811",
"Data": "Устанавливает стороннее ПО неизвестного происхождения"
},
{
"ID": "50127",
"Href": "https://bugzilla.altlinux.org/50127",
"Data": "Автозапуск портит рабочий стол KDE Plasma"
},
{
"ID": "50301",
"Href": "https://bugzilla.altlinux.org/50301",
"Data": "Виснет при наличии виртуальной клавиатуры Maliit в Wayland"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202410427001",
"Comment": "yandex-browser-stable is earlier than 0:24.6.1.893-alt1"
}
]
}
]
}
}
]
}

34
oval/c9f2/ALT-PU-2024-10427/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202410427001",
"Version": "1",
"Comment": "yandex-browser-stable is installed",
"Name": "yandex-browser-stable"
}
]
}

23
oval/c9f2/ALT-PU-2024-10427/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202410427001",
"Version": "1",
"Comment": "package EVR is earlier than 0:24.6.1.893-alt1",
"Arch": {},
"EVR": {
"Text": "0:24.6.1.893-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c9f2/ALT-PU-2024-10427/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202410427001",
"Version": "1",
"Check": "all",
"Comment": "yandex-browser-stable is earlier than 0:24.6.1.893-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410427001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410427001"
}
}
]
}

217
oval/c9f2/ALT-PU-2024-9899/definitions.json Normal file
View File

@ -0,0 +1,217 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20249899",
"Version": "oval:org.altlinux.errata:def:20249899",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-9899: package `mupdf` update to version 1.18.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-9899",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-9899",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-01778",
"RefURL": "https://bdu.fstec.ru/vul/2021-01778",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01673",
"RefURL": "https://bdu.fstec.ru/vul/2022-01673",
"Source": "BDU"
},
{
"RefID": "CVE-2017-5991",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5991",
"Source": "CVE"
},
{
"RefID": "CVE-2018-10289",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-10289",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16647",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16647",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16648",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16648",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14975",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14975",
"Source": "CVE"
},
{
"RefID": "CVE-2020-16600",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-16600",
"Source": "CVE"
},
{
"RefID": "CVE-2020-19609",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-19609",
"Source": "CVE"
},
{
"RefID": "CVE-2020-26519",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-26519",
"Source": "CVE"
}
],
"Description": "This update upgrades mupdf to version 1.18.0-alt1. \nSecurity Fix(es):\n\n * BDU:2021-01778: Уязвимость программы просмотра PDF-файлов MuPDf, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01673: Уязвимость функции tiff_expand_colormap() программы просмотра PDF-файлов MuPDf, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2017-5991: An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.\n\n * CVE-2018-10289: In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.\n\n * CVE-2018-16647: In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file.\n\n * CVE-2018-16648: In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow.\n\n * CVE-2019-14975: Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.\n\n * CVE-2020-16600: A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.\n\n * CVE-2020-19609: Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.\n\n * CVE-2020-26519: Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-07-31"
},
"Updated": {
"Date": "2024-07-31"
},
"BDUs": [
{
"ID": "BDU:2021-01778",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-01778",
"Impact": "Low",
"Public": "20200925"
},
{
"ID": "BDU:2022-01673",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-01673",
"Impact": "Low",
"Public": "20190606"
}
],
"CVEs": [
{
"ID": "CVE-2017-5991",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5991",
"Impact": "High",
"Public": "20170215"
},
{
"ID": "CVE-2018-10289",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-10289",
"Impact": "Low",
"Public": "20180422"
},
{
"ID": "CVE-2018-16647",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16647",
"Impact": "Low",
"Public": "20180906"
},
{
"ID": "CVE-2018-16648",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-129",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16648",
"Impact": "Low",
"Public": "20180906"
},
{
"ID": "CVE-2019-14975",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14975",
"Impact": "High",
"Public": "20190814"
},
{
"ID": "CVE-2020-16600",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-16600",
"Impact": "High",
"Public": "20201209"
},
{
"ID": "CVE-2020-19609",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-19609",
"Impact": "Low",
"Public": "20210721"
},
{
"ID": "CVE-2020-26519",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-26519",
"Impact": "Low",
"Public": "20201002"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20249899001",
"Comment": "mupdf is earlier than 0:1.18.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20249899002",
"Comment": "mupdf-devel is earlier than 0:1.18.0-alt1"
}
]
}
]
}
}
]
}

40
oval/c9f2/ALT-PU-2024-9899/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20249899001",
"Version": "1",
"Comment": "mupdf is installed",
"Name": "mupdf"
},
{
"ID": "oval:org.altlinux.errata:obj:20249899002",
"Version": "1",
"Comment": "mupdf-devel is installed",
"Name": "mupdf-devel"
}
]
}

23
oval/c9f2/ALT-PU-2024-9899/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20249899001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.18.0-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.18.0-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/c9f2/ALT-PU-2024-9899/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20249899001",
"Version": "1",
"Check": "all",
"Comment": "mupdf is earlier than 0:1.18.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20249899001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20249899001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20249899002",
"Version": "1",
"Check": "all",
"Comment": "mupdf-devel is earlier than 0:1.18.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20249899002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20249899001"
}
}
]
}

125
oval/p10/ALT-PU-2024-10132/definitions.json Normal file
View File

@ -0,0 +1,125 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202410132",
"Version": "oval:org.altlinux.errata:def:202410132",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-10132: package `plasma5-kwin` update to version 5.27.11-alt4",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-10132",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-10132",
"Source": "ALTPU"
}
],
"Description": "This update upgrades plasma5-kwin to version 5.27.11-alt4. \nSecurity Fix(es):\n\n * #50516: Обновление до libwayland-* 1.23..0 ломает вход в систему в KDE",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-07-31"
},
"Updated": {
"Date": "2024-07-31"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "50516",
"Href": "https://bugzilla.altlinux.org/50516",
"Data": "Обновление до libwayland-* 1.23..0 ломает вход в систему в KDE"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202410132001",
"Comment": "libkcmkwincommon5 is earlier than 0:5.27.11-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410132002",
"Comment": "libkwin5 is earlier than 0:5.27.11-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410132003",
"Comment": "libkwineffects14 is earlier than 0:5.27.11-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410132004",
"Comment": "libkwinglutils14 is earlier than 0:5.27.11-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410132005",
"Comment": "plasma5-kwin is earlier than 0:5.27.11-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410132006",
"Comment": "plasma5-kwin-common is earlier than 0:5.27.11-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410132007",
"Comment": "plasma5-kwin-devel is earlier than 0:5.27.11-alt4"
}
]
}
]
}
}
]
}

70
oval/p10/ALT-PU-2024-10132/objects.json Normal file
View File

@ -0,0 +1,70 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202410132001",
"Version": "1",
"Comment": "libkcmkwincommon5 is installed",
"Name": "libkcmkwincommon5"
},
{
"ID": "oval:org.altlinux.errata:obj:202410132002",
"Version": "1",
"Comment": "libkwin5 is installed",
"Name": "libkwin5"
},
{
"ID": "oval:org.altlinux.errata:obj:202410132003",
"Version": "1",
"Comment": "libkwineffects14 is installed",
"Name": "libkwineffects14"
},
{
"ID": "oval:org.altlinux.errata:obj:202410132004",
"Version": "1",
"Comment": "libkwinglutils14 is installed",
"Name": "libkwinglutils14"
},
{
"ID": "oval:org.altlinux.errata:obj:202410132005",
"Version": "1",
"Comment": "plasma5-kwin is installed",
"Name": "plasma5-kwin"
},
{
"ID": "oval:org.altlinux.errata:obj:202410132006",
"Version": "1",
"Comment": "plasma5-kwin-common is installed",
"Name": "plasma5-kwin-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202410132007",
"Version": "1",
"Comment": "plasma5-kwin-devel is installed",
"Name": "plasma5-kwin-devel"
}
]
}

23
oval/p10/ALT-PU-2024-10132/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202410132001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.27.11-alt4",
"Arch": {},
"EVR": {
"Text": "0:5.27.11-alt4",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

102
oval/p10/ALT-PU-2024-10132/tests.json Normal file
View File

@ -0,0 +1,102 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202410132001",
"Version": "1",
"Check": "all",
"Comment": "libkcmkwincommon5 is earlier than 0:5.27.11-alt4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410132001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410132001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410132002",
"Version": "1",
"Check": "all",
"Comment": "libkwin5 is earlier than 0:5.27.11-alt4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410132002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410132001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410132003",
"Version": "1",
"Check": "all",
"Comment": "libkwineffects14 is earlier than 0:5.27.11-alt4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410132003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410132001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410132004",
"Version": "1",
"Check": "all",
"Comment": "libkwinglutils14 is earlier than 0:5.27.11-alt4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410132004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410132001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410132005",
"Version": "1",
"Check": "all",
"Comment": "plasma5-kwin is earlier than 0:5.27.11-alt4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410132005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410132001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410132006",
"Version": "1",
"Check": "all",
"Comment": "plasma5-kwin-common is earlier than 0:5.27.11-alt4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410132006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410132001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410132007",
"Version": "1",
"Check": "all",
"Comment": "plasma5-kwin-devel is earlier than 0:5.27.11-alt4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410132007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410132001"
}
}
]
}

146
oval/p10/ALT-PU-2024-10383/definitions.json Normal file
View File

@ -0,0 +1,146 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202410383",
"Version": "oval:org.altlinux.errata:def:202410383",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-10383: package `kubernetes1.27` update to version 1.27.16-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-10383",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-10383",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-05549",
"RefURL": "https://bdu.fstec.ru/vul/2024-05549",
"Source": "BDU"
},
{
"RefID": "CVE-2024-5321",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321",
"Source": "CVE"
}
],
"Description": "This update upgrades kubernetes1.27 to version 1.27.16-alt1. \nSecurity Fix(es):\n\n * BDU:2024-05549: Уязвимость утилиты kubelet программного средства управления кластерами виртуальных машин Kubernetes для операционных систем Windows, связанная с некорректно используемыми стандартными разрешениями, позволяющая нарушителю изменить информацию, хранящуюся в журналах контейнеров\n\n * CVE-2024-5321: A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\\Users may be able to read container logs and NT AUTHORITY\\Authenticated Users may be able to modify container logs.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-08-01"
},
"Updated": {
"Date": "2024-08-01"
},
"BDUs": [
{
"ID": "BDU:2024-05549",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:P/A:N",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"CWE": "CWE-276",
"Href": "https://bdu.fstec.ru/vul/2024-05549",
"Impact": "Low",
"Public": "20240717"
}
],
"CVEs": [
{
"ID": "CVE-2024-5321",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321",
"Impact": "None",
"Public": "20240718"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202410383001",
"Comment": "kubernetes1.27-client is earlier than 0:1.27.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410383002",
"Comment": "kubernetes1.27-common is earlier than 0:1.27.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410383003",
"Comment": "kubernetes1.27-crio is earlier than 0:1.27.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410383004",
"Comment": "kubernetes1.27-kubeadm is earlier than 0:1.27.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410383005",
"Comment": "kubernetes1.27-kubelet is earlier than 0:1.27.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410383006",
"Comment": "kubernetes1.27-master is earlier than 0:1.27.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410383007",
"Comment": "kubernetes1.27-node is earlier than 0:1.27.16-alt1"
}
]
}
]
}
}
]
}

70
oval/p10/ALT-PU-2024-10383/objects.json Normal file
View File

@ -0,0 +1,70 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202410383001",
"Version": "1",
"Comment": "kubernetes1.27-client is installed",
"Name": "kubernetes1.27-client"
},
{
"ID": "oval:org.altlinux.errata:obj:202410383002",
"Version": "1",
"Comment": "kubernetes1.27-common is installed",
"Name": "kubernetes1.27-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202410383003",
"Version": "1",
"Comment": "kubernetes1.27-crio is installed",
"Name": "kubernetes1.27-crio"
},
{
"ID": "oval:org.altlinux.errata:obj:202410383004",
"Version": "1",
"Comment": "kubernetes1.27-kubeadm is installed",
"Name": "kubernetes1.27-kubeadm"
},
{
"ID": "oval:org.altlinux.errata:obj:202410383005",
"Version": "1",
"Comment": "kubernetes1.27-kubelet is installed",
"Name": "kubernetes1.27-kubelet"
},
{
"ID": "oval:org.altlinux.errata:obj:202410383006",
"Version": "1",
"Comment": "kubernetes1.27-master is installed",
"Name": "kubernetes1.27-master"
},
{
"ID": "oval:org.altlinux.errata:obj:202410383007",
"Version": "1",
"Comment": "kubernetes1.27-node is installed",
"Name": "kubernetes1.27-node"
}
]
}

23
oval/p10/ALT-PU-2024-10383/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202410383001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.27.16-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.27.16-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

102
oval/p10/ALT-PU-2024-10383/tests.json Normal file
View File

@ -0,0 +1,102 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202410383001",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.27-client is earlier than 0:1.27.16-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410383001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410383001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410383002",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.27-common is earlier than 0:1.27.16-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410383002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410383001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410383003",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.27-crio is earlier than 0:1.27.16-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410383003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410383001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410383004",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.27-kubeadm is earlier than 0:1.27.16-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410383004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410383001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410383005",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.27-kubelet is earlier than 0:1.27.16-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410383005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410383001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410383006",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.27-master is earlier than 0:1.27.16-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410383006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410383001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410383007",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.27-node is earlier than 0:1.27.16-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410383007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410383001"
}
}
]
}

146
oval/p10/ALT-PU-2024-10385/definitions.json Normal file
View File

@ -0,0 +1,146 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202410385",
"Version": "oval:org.altlinux.errata:def:202410385",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-10385: package `kubernetes1.28` update to version 1.28.12-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-10385",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-10385",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-05549",
"RefURL": "https://bdu.fstec.ru/vul/2024-05549",
"Source": "BDU"
},
{
"RefID": "CVE-2024-5321",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321",
"Source": "CVE"
}
],
"Description": "This update upgrades kubernetes1.28 to version 1.28.12-alt1. \nSecurity Fix(es):\n\n * BDU:2024-05549: Уязвимость утилиты kubelet программного средства управления кластерами виртуальных машин Kubernetes для операционных систем Windows, связанная с некорректно используемыми стандартными разрешениями, позволяющая нарушителю изменить информацию, хранящуюся в журналах контейнеров\n\n * CVE-2024-5321: A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\\Users may be able to read container logs and NT AUTHORITY\\Authenticated Users may be able to modify container logs.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-08-01"
},
"Updated": {
"Date": "2024-08-01"
},
"BDUs": [
{
"ID": "BDU:2024-05549",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:P/A:N",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"CWE": "CWE-276",
"Href": "https://bdu.fstec.ru/vul/2024-05549",
"Impact": "Low",
"Public": "20240717"
}
],
"CVEs": [
{
"ID": "CVE-2024-5321",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321",
"Impact": "None",
"Public": "20240718"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202410385001",
"Comment": "kubernetes1.28-client is earlier than 0:1.28.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410385002",
"Comment": "kubernetes1.28-common is earlier than 0:1.28.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410385003",
"Comment": "kubernetes1.28-crio is earlier than 0:1.28.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410385004",
"Comment": "kubernetes1.28-kubeadm is earlier than 0:1.28.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410385005",
"Comment": "kubernetes1.28-kubelet is earlier than 0:1.28.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410385006",
"Comment": "kubernetes1.28-master is earlier than 0:1.28.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410385007",
"Comment": "kubernetes1.28-node is earlier than 0:1.28.12-alt1"
}
]
}
]
}
}
]
}

70
oval/p10/ALT-PU-2024-10385/objects.json Normal file
View File

@ -0,0 +1,70 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202410385001",
"Version": "1",
"Comment": "kubernetes1.28-client is installed",
"Name": "kubernetes1.28-client"
},
{
"ID": "oval:org.altlinux.errata:obj:202410385002",
"Version": "1",
"Comment": "kubernetes1.28-common is installed",
"Name": "kubernetes1.28-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202410385003",
"Version": "1",
"Comment": "kubernetes1.28-crio is installed",
"Name": "kubernetes1.28-crio"
},
{
"ID": "oval:org.altlinux.errata:obj:202410385004",
"Version": "1",
"Comment": "kubernetes1.28-kubeadm is installed",
"Name": "kubernetes1.28-kubeadm"
},
{
"ID": "oval:org.altlinux.errata:obj:202410385005",
"Version": "1",
"Comment": "kubernetes1.28-kubelet is installed",
"Name": "kubernetes1.28-kubelet"
},
{
"ID": "oval:org.altlinux.errata:obj:202410385006",
"Version": "1",
"Comment": "kubernetes1.28-master is installed",
"Name": "kubernetes1.28-master"
},
{
"ID": "oval:org.altlinux.errata:obj:202410385007",
"Version": "1",
"Comment": "kubernetes1.28-node is installed",
"Name": "kubernetes1.28-node"
}
]
}

23
oval/p10/ALT-PU-2024-10385/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202410385001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.28.12-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.28.12-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

102
oval/p10/ALT-PU-2024-10385/tests.json Normal file
View File

@ -0,0 +1,102 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202410385001",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.28-client is earlier than 0:1.28.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410385001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410385001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410385002",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.28-common is earlier than 0:1.28.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410385002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410385001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410385003",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.28-crio is earlier than 0:1.28.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410385003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410385001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410385004",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.28-kubeadm is earlier than 0:1.28.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410385004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410385001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410385005",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.28-kubelet is earlier than 0:1.28.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410385005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410385001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410385006",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.28-master is earlier than 0:1.28.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410385006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410385001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410385007",
"Version": "1",
"Check": "all",
"Comment": "kubernetes1.28-node is earlier than 0:1.28.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410385007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410385001"
}
}
]
}

181
oval/p10/ALT-PU-2024-10465/definitions.json Normal file
View File

@ -0,0 +1,181 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202410465",
"Version": "oval:org.altlinux.errata:def:202410465",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-10465: package `kernel-image-std-def` update to version 5.10.223-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-10465",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-10465",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-05829",
"RefURL": "https://bdu.fstec.ru/vul/2024-05829",
"Source": "BDU"
},
{
"RefID": "CVE-2024-41007",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-41007",
"Source": "CVE"
},
{
"RefID": "CVE-2024-42229",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-42229",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-std-def to version 5.10.223-alt1. \nSecurity Fix(es):\n\n * BDU:2024-05829: Уязвимость функции kfree_sensitive ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2024-41007: In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: avoid too many retransmit packets\n\nIf a TCP socket is using TCP_USER_TIMEOUT, and the other peer\nretracted its window to zero, tcp_retransmit_timer() can\nretransmit a packet every two jiffies (2 ms for HZ=1000),\nfor about 4 minutes after TCP_USER_TIMEOUT has 'expired'.\n\nThe fix is to make sure tcp_rtx_probe0_timed_out() takes\nicsk-\u003eicsk_user_timeout into account.\n\nBefore blamed commit, the socket would not timeout after\nicsk-\u003eicsk_user_timeout, but would use standard exponential\nbackoff for the retransmits.\n\nAlso worth noting that before commit e89688e3e978 (\"net: tcp:\nfix unexcepted socket die when snd_wnd is 0\"), the issue\nwould last 2 minutes instead of 4.\n\n * CVE-2024-42229: In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aead,cipher - zeroize key buffer after use\n\nI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding\ncryptographic information should be zeroized once they are no longer\nneeded. Accomplish this by using kfree_sensitive for buffers that\npreviously held the private key.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-08-01"
},
"Updated": {
"Date": "2024-08-01"
},
"BDUs": [
{
"ID": "BDU:2024-05829",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2024-05829",
"Impact": "High",
"Public": "20240730"
}
],
"CVEs": [
{
"ID": "CVE-2024-41007",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-41007",
"Impact": "Low",
"Public": "20240715"
},
{
"ID": "CVE-2024-42229",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-42229",
"Impact": "Low",
"Public": "20240730"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202410465001",
"Comment": "kernel-doc-std is earlier than 2:5.10.223-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410465002",
"Comment": "kernel-headers-modules-std-def is earlier than 2:5.10.223-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410465003",
"Comment": "kernel-headers-std-def is earlier than 2:5.10.223-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410465004",
"Comment": "kernel-image-domU-std-def is earlier than 2:5.10.223-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410465005",
"Comment": "kernel-image-std-def is earlier than 2:5.10.223-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410465006",
"Comment": "kernel-image-std-def-checkinstall is earlier than 2:5.10.223-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410465007",
"Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.10.223-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410465008",
"Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.10.223-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410465009",
"Comment": "kernel-modules-drm-std-def is earlier than 2:5.10.223-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410465010",
"Comment": "kernel-modules-ide-std-def is earlier than 2:5.10.223-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410465011",
"Comment": "kernel-modules-midgard-be-m1000-std-def is earlier than 2:5.10.223-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410465012",
"Comment": "kernel-modules-staging-std-def is earlier than 2:5.10.223-alt1"
}
]
}
]
}
}
]
}

100
oval/p10/ALT-PU-2024-10465/objects.json Normal file
View File

@ -0,0 +1,100 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202410465001",
"Version": "1",
"Comment": "kernel-doc-std is installed",
"Name": "kernel-doc-std"
},
{
"ID": "oval:org.altlinux.errata:obj:202410465002",
"Version": "1",
"Comment": "kernel-headers-modules-std-def is installed",
"Name": "kernel-headers-modules-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202410465003",
"Version": "1",
"Comment": "kernel-headers-std-def is installed",
"Name": "kernel-headers-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202410465004",
"Version": "1",
"Comment": "kernel-image-domU-std-def is installed",
"Name": "kernel-image-domU-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202410465005",
"Version": "1",
"Comment": "kernel-image-std-def is installed",
"Name": "kernel-image-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202410465006",
"Version": "1",
"Comment": "kernel-image-std-def-checkinstall is installed",
"Name": "kernel-image-std-def-checkinstall"
},
{
"ID": "oval:org.altlinux.errata:obj:202410465007",
"Version": "1",
"Comment": "kernel-modules-drm-ancient-std-def is installed",
"Name": "kernel-modules-drm-ancient-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202410465008",
"Version": "1",
"Comment": "kernel-modules-drm-nouveau-std-def is installed",
"Name": "kernel-modules-drm-nouveau-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202410465009",
"Version": "1",
"Comment": "kernel-modules-drm-std-def is installed",
"Name": "kernel-modules-drm-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202410465010",
"Version": "1",
"Comment": "kernel-modules-ide-std-def is installed",
"Name": "kernel-modules-ide-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202410465011",
"Version": "1",
"Comment": "kernel-modules-midgard-be-m1000-std-def is installed",
"Name": "kernel-modules-midgard-be-m1000-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202410465012",
"Version": "1",
"Comment": "kernel-modules-staging-std-def is installed",
"Name": "kernel-modules-staging-std-def"
}
]
}

23
oval/p10/ALT-PU-2024-10465/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202410465001",
"Version": "1",
"Comment": "package EVR is earlier than 2:5.10.223-alt1",
"Arch": {},
"EVR": {
"Text": "2:5.10.223-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

162
oval/p10/ALT-PU-2024-10465/tests.json Normal file
View File

@ -0,0 +1,162 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202410465001",
"Version": "1",
"Check": "all",
"Comment": "kernel-doc-std is earlier than 2:5.10.223-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410465001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410465001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410465002",
"Version": "1",
"Check": "all",
"Comment": "kernel-headers-modules-std-def is earlier than 2:5.10.223-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410465002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410465001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410465003",
"Version": "1",
"Check": "all",
"Comment": "kernel-headers-std-def is earlier than 2:5.10.223-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410465003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410465001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410465004",
"Version": "1",
"Check": "all",
"Comment": "kernel-image-domU-std-def is earlier than 2:5.10.223-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410465004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410465001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410465005",
"Version": "1",
"Check": "all",
"Comment": "kernel-image-std-def is earlier than 2:5.10.223-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410465005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410465001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410465006",
"Version": "1",
"Check": "all",
"Comment": "kernel-image-std-def-checkinstall is earlier than 2:5.10.223-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410465006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410465001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410465007",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.10.223-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410465007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410465001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410465008",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.10.223-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410465008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410465001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410465009",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-drm-std-def is earlier than 2:5.10.223-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410465009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410465001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410465010",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-ide-std-def is earlier than 2:5.10.223-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410465010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410465001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410465011",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-midgard-be-m1000-std-def is earlier than 2:5.10.223-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410465011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410465001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202410465012",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-staging-std-def is earlier than 2:5.10.223-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202410465012"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202410465001"
}
}
]
}