pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-07-13 03:04:59 +00:00
parent cdc37ecc6f
commit 2dae4da41e
4 changed files with 346 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

151
oval/c10f1/ALT-PU-2024-9856/definitions.json Normal file
View File

@ -0,0 +1,151 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20249856",
"Version": "oval:org.altlinux.errata:def:20249856",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-9856: package `golang` update to version 1.21.11-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-9856",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-9856",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-04485",
"RefURL": "https://bdu.fstec.ru/vul/2024-04485",
"Source": "BDU"
},
{
"RefID": "BDU:2024-04486",
"RefURL": "https://bdu.fstec.ru/vul/2024-04486",
"Source": "BDU"
},
{
"RefID": "CVE-2024-24789",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-24789",
"Source": "CVE"
},
{
"RefID": "CVE-2024-24790",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-24790",
"Source": "CVE"
}
],
"Description": "This update upgrades golang to version 1.21.11-alt1. \nSecurity Fix(es):\n\n * BDU:2024-04485: Уязвимость пакета archive-zip языка программирования Golang, позволяющая нарушителю создать произвольный zip-файл\n\n * BDU:2024-04486: Уязвимость компонента net-netip языка программирования Golang, связанная с неправильным контролем доступа, позволяющая нарушителю обойти существующую политику ограничения доступа\n\n * CVE-2024-24789: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.\n\n * CVE-2024-24790: The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-07-12"
},
"Updated": {
"Date": "2024-07-12"
},
"BDUs": [
{
"ID": "BDU:2024-04485",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-20, CWE-200",
"Href": "https://bdu.fstec.ru/vul/2024-04485",
"Impact": "Low",
"Public": "20240605"
},
{
"ID": "BDU:2024-04486",
"CVSS": "AV:L/AC:H/Au:N/C:P/I:C/A:P",
"CVSS3": "AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"CWE": "CWE-284",
"Href": "https://bdu.fstec.ru/vul/2024-04486",
"Impact": "Low",
"Public": "20240605"
}
],
"CVEs": [
{
"ID": "CVE-2024-24789",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-24789",
"Impact": "Low",
"Public": "20240605"
},
{
"ID": "CVE-2024-24790",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-24790",
"Impact": "Critical",
"Public": "20240605"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20249856001",
"Comment": "golang is earlier than 0:1.21.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20249856002",
"Comment": "golang-docs is earlier than 0:1.21.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20249856003",
"Comment": "golang-gdb is earlier than 0:1.21.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20249856004",
"Comment": "golang-misc is earlier than 0:1.21.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20249856005",
"Comment": "golang-shared is earlier than 0:1.21.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20249856006",
"Comment": "golang-src is earlier than 0:1.21.11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20249856007",
"Comment": "golang-tests is earlier than 0:1.21.11-alt1"
}
]
}
]
}
}
]
}

70
oval/c10f1/ALT-PU-2024-9856/objects.json Normal file
View File

@ -0,0 +1,70 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20249856001",
"Version": "1",
"Comment": "golang is installed",
"Name": "golang"
},
{
"ID": "oval:org.altlinux.errata:obj:20249856002",
"Version": "1",
"Comment": "golang-docs is installed",
"Name": "golang-docs"
},
{
"ID": "oval:org.altlinux.errata:obj:20249856003",
"Version": "1",
"Comment": "golang-gdb is installed",
"Name": "golang-gdb"
},
{
"ID": "oval:org.altlinux.errata:obj:20249856004",
"Version": "1",
"Comment": "golang-misc is installed",
"Name": "golang-misc"
},
{
"ID": "oval:org.altlinux.errata:obj:20249856005",
"Version": "1",
"Comment": "golang-shared is installed",
"Name": "golang-shared"
},
{
"ID": "oval:org.altlinux.errata:obj:20249856006",
"Version": "1",
"Comment": "golang-src is installed",
"Name": "golang-src"
},
{
"ID": "oval:org.altlinux.errata:obj:20249856007",
"Version": "1",
"Comment": "golang-tests is installed",
"Name": "golang-tests"
}
]
}

23
oval/c10f1/ALT-PU-2024-9856/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20249856001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.21.11-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.21.11-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

102
oval/c10f1/ALT-PU-2024-9856/tests.json Normal file
View File

@ -0,0 +1,102 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20249856001",
"Version": "1",
"Check": "all",
"Comment": "golang is earlier than 0:1.21.11-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20249856001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20249856001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20249856002",
"Version": "1",
"Check": "all",
"Comment": "golang-docs is earlier than 0:1.21.11-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20249856002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20249856001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20249856003",
"Version": "1",
"Check": "all",
"Comment": "golang-gdb is earlier than 0:1.21.11-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20249856003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20249856001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20249856004",
"Version": "1",
"Check": "all",
"Comment": "golang-misc is earlier than 0:1.21.11-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20249856004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20249856001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20249856005",
"Version": "1",
"Check": "all",
"Comment": "golang-shared is earlier than 0:1.21.11-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20249856005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20249856001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20249856006",
"Version": "1",
"Check": "all",
"Comment": "golang-src is earlier than 0:1.21.11-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20249856006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20249856001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20249856007",
"Version": "1",
"Check": "all",
"Comment": "golang-tests is earlier than 0:1.21.11-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20249856007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20249856001"
}
}
]
}