From 2fe1234a012cd5cd9dd4b319cefbf03086450884 Mon Sep 17 00:00:00 2001 From: pepelyaevip Date: Wed, 18 Sep 2024 03:04:18 +0000 Subject: [PATCH] ALT Vulnerability --- oval/p10/ALT-PU-2024-11874/definitions.json | 113 ++++++ oval/p10/ALT-PU-2024-11874/objects.json | 52 +++ oval/p10/ALT-PU-2024-11874/states.json | 23 ++ oval/p10/ALT-PU-2024-11874/tests.json | 66 ++++ oval/p10/ALT-PU-2024-11876/definitions.json | 117 ++++++ oval/p10/ALT-PU-2024-11876/objects.json | 58 +++ oval/p10/ALT-PU-2024-11876/states.json | 23 ++ oval/p10/ALT-PU-2024-11876/tests.json | 78 ++++ oval/p10/ALT-PU-2024-12535/definitions.json | 416 ++++++++++++++++++++ oval/p10/ALT-PU-2024-12535/objects.json | 100 +++++ oval/p10/ALT-PU-2024-12535/states.json | 23 ++ oval/p10/ALT-PU-2024-12535/tests.json | 162 ++++++++ oval/p10/ALT-PU-2024-12622/definitions.json | 196 +++++++++ oval/p10/ALT-PU-2024-12622/objects.json | 70 ++++ oval/p10/ALT-PU-2024-12622/states.json | 23 ++ oval/p10/ALT-PU-2024-12622/tests.json | 102 +++++ oval/p9/ALT-PU-2024-11974/definitions.json | 206 ++++++++++ oval/p9/ALT-PU-2024-11974/objects.json | 76 ++++ oval/p9/ALT-PU-2024-11974/states.json | 23 ++ oval/p9/ALT-PU-2024-11974/tests.json | 114 ++++++ oval/p9/ALT-PU-2024-11976/definitions.json | 129 ++++++ oval/p9/ALT-PU-2024-11976/objects.json | 76 ++++ oval/p9/ALT-PU-2024-11976/states.json | 23 ++ oval/p9/ALT-PU-2024-11976/tests.json | 114 ++++++ 24 files changed, 2383 insertions(+) create mode 100644 oval/p10/ALT-PU-2024-11874/definitions.json create mode 100644 oval/p10/ALT-PU-2024-11874/objects.json create mode 100644 oval/p10/ALT-PU-2024-11874/states.json create mode 100644 oval/p10/ALT-PU-2024-11874/tests.json create mode 100644 oval/p10/ALT-PU-2024-11876/definitions.json create mode 100644 oval/p10/ALT-PU-2024-11876/objects.json create mode 100644 oval/p10/ALT-PU-2024-11876/states.json create mode 100644 oval/p10/ALT-PU-2024-11876/tests.json create mode 100644 oval/p10/ALT-PU-2024-12535/definitions.json create mode 100644 oval/p10/ALT-PU-2024-12535/objects.json create mode 100644 oval/p10/ALT-PU-2024-12535/states.json create mode 100644 oval/p10/ALT-PU-2024-12535/tests.json create mode 100644 oval/p10/ALT-PU-2024-12622/definitions.json create mode 100644 oval/p10/ALT-PU-2024-12622/objects.json create mode 100644 oval/p10/ALT-PU-2024-12622/states.json create mode 100644 oval/p10/ALT-PU-2024-12622/tests.json create mode 100644 oval/p9/ALT-PU-2024-11974/definitions.json create mode 100644 oval/p9/ALT-PU-2024-11974/objects.json create mode 100644 oval/p9/ALT-PU-2024-11974/states.json create mode 100644 oval/p9/ALT-PU-2024-11974/tests.json create mode 100644 oval/p9/ALT-PU-2024-11976/definitions.json create mode 100644 oval/p9/ALT-PU-2024-11976/objects.json create mode 100644 oval/p9/ALT-PU-2024-11976/states.json create mode 100644 oval/p9/ALT-PU-2024-11976/tests.json diff --git a/oval/p10/ALT-PU-2024-11874/definitions.json b/oval/p10/ALT-PU-2024-11874/definitions.json new file mode 100644 index 0000000000..b42d960735 --- /dev/null +++ b/oval/p10/ALT-PU-2024-11874/definitions.json @@ -0,0 +1,113 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202411874", + "Version": "oval:org.altlinux.errata:def:202411874", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-11874: package `fcitx5-configtool` update to version 5.1.1-alt3_1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-11874", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-11874", + "Source": "ALTPU" + } + ], + "Description": "This update upgrades fcitx5-configtool to version 5.1.1-alt3_1. \nSecurity Fix(es):\n\n * #48268: Прошу собрать данный пакет из Сизифа", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-09-17" + }, + "Updated": { + "Date": "2024-09-17" + }, + "BDUs": null, + "Bugzilla": [ + { + "ID": "48268", + "Href": "https://bugzilla.altlinux.org/48268", + "Data": "Прошу собрать данный пакет из Сизифа" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202411874001", + "Comment": "fcitx5-configtool is earlier than 0:5.1.1-alt3_1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411874002", + "Comment": "fcitx5-migrator is earlier than 0:5.1.1-alt3_1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411874003", + "Comment": "fcitx5-migrator-devel is earlier than 0:5.1.1-alt3_1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411874004", + "Comment": "kcm-fcitx5 is earlier than 0:5.1.1-alt3_1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-11874/objects.json b/oval/p10/ALT-PU-2024-11874/objects.json new file mode 100644 index 0000000000..a3023d7872 --- /dev/null +++ b/oval/p10/ALT-PU-2024-11874/objects.json @@ -0,0 +1,52 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202411874001", + "Version": "1", + "Comment": "fcitx5-configtool is installed", + "Name": "fcitx5-configtool" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411874002", + "Version": "1", + "Comment": "fcitx5-migrator is installed", + "Name": "fcitx5-migrator" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411874003", + "Version": "1", + "Comment": "fcitx5-migrator-devel is installed", + "Name": "fcitx5-migrator-devel" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411874004", + "Version": "1", + "Comment": "kcm-fcitx5 is installed", + "Name": "kcm-fcitx5" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-11874/states.json b/oval/p10/ALT-PU-2024-11874/states.json new file mode 100644 index 0000000000..b890fd47b3 --- /dev/null +++ b/oval/p10/ALT-PU-2024-11874/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202411874001", + "Version": "1", + "Comment": "package EVR is earlier than 0:5.1.1-alt3_1", + "Arch": {}, + "EVR": { + "Text": "0:5.1.1-alt3_1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-11874/tests.json b/oval/p10/ALT-PU-2024-11874/tests.json new file mode 100644 index 0000000000..3b068394e7 --- /dev/null +++ b/oval/p10/ALT-PU-2024-11874/tests.json @@ -0,0 +1,66 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202411874001", + "Version": "1", + "Check": "all", + "Comment": "fcitx5-configtool is earlier than 0:5.1.1-alt3_1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411874001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411874001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411874002", + "Version": "1", + "Check": "all", + "Comment": "fcitx5-migrator is earlier than 0:5.1.1-alt3_1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411874002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411874001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411874003", + "Version": "1", + "Check": "all", + "Comment": "fcitx5-migrator-devel is earlier than 0:5.1.1-alt3_1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411874003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411874001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411874004", + "Version": "1", + "Check": "all", + "Comment": "kcm-fcitx5 is earlier than 0:5.1.1-alt3_1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411874004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411874001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-11876/definitions.json b/oval/p10/ALT-PU-2024-11876/definitions.json new file mode 100644 index 0000000000..bf4cbc9a58 --- /dev/null +++ b/oval/p10/ALT-PU-2024-11876/definitions.json @@ -0,0 +1,117 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202411876", + "Version": "oval:org.altlinux.errata:def:202411876", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-11876: package `fcitx5` update to version 5.1.2-alt1_1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-11876", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-11876", + "Source": "ALTPU" + } + ], + "Description": "This update upgrades fcitx5 to version 5.1.2-alt1_1. \nSecurity Fix(es):\n\n * #46880: fcitx5-autostart: не выставляются необходимые переменные окружения", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-09-17" + }, + "Updated": { + "Date": "2024-09-17" + }, + "BDUs": null, + "Bugzilla": [ + { + "ID": "46880", + "Href": "https://bugzilla.altlinux.org/46880", + "Data": "fcitx5-autostart: не выставляются необходимые переменные окружения" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202411876001", + "Comment": "fcitx5 is earlier than 0:5.1.2-alt1_1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411876002", + "Comment": "fcitx5-autostart is earlier than 0:5.1.2-alt1_1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411876003", + "Comment": "fcitx5-data is earlier than 0:5.1.2-alt1_1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411876004", + "Comment": "fcitx5-devel is earlier than 0:5.1.2-alt1_1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411876005", + "Comment": "fcitx5-libs is earlier than 0:5.1.2-alt1_1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-11876/objects.json b/oval/p10/ALT-PU-2024-11876/objects.json new file mode 100644 index 0000000000..73bd150735 --- /dev/null +++ b/oval/p10/ALT-PU-2024-11876/objects.json @@ -0,0 +1,58 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202411876001", + "Version": "1", + "Comment": "fcitx5 is installed", + "Name": "fcitx5" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411876002", + "Version": "1", + "Comment": "fcitx5-autostart is installed", + "Name": "fcitx5-autostart" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411876003", + "Version": "1", + "Comment": "fcitx5-data is installed", + "Name": "fcitx5-data" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411876004", + "Version": "1", + "Comment": "fcitx5-devel is installed", + "Name": "fcitx5-devel" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411876005", + "Version": "1", + "Comment": "fcitx5-libs is installed", + "Name": "fcitx5-libs" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-11876/states.json b/oval/p10/ALT-PU-2024-11876/states.json new file mode 100644 index 0000000000..0365535fde --- /dev/null +++ b/oval/p10/ALT-PU-2024-11876/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202411876001", + "Version": "1", + "Comment": "package EVR is earlier than 0:5.1.2-alt1_1", + "Arch": {}, + "EVR": { + "Text": "0:5.1.2-alt1_1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-11876/tests.json b/oval/p10/ALT-PU-2024-11876/tests.json new file mode 100644 index 0000000000..94c762160e --- /dev/null +++ b/oval/p10/ALT-PU-2024-11876/tests.json @@ -0,0 +1,78 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202411876001", + "Version": "1", + "Check": "all", + "Comment": "fcitx5 is earlier than 0:5.1.2-alt1_1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411876001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411876001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411876002", + "Version": "1", + "Check": "all", + "Comment": "fcitx5-autostart is earlier than 0:5.1.2-alt1_1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411876002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411876001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411876003", + "Version": "1", + "Check": "all", + "Comment": "fcitx5-data is earlier than 0:5.1.2-alt1_1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411876003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411876001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411876004", + "Version": "1", + "Check": "all", + "Comment": "fcitx5-devel is earlier than 0:5.1.2-alt1_1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411876004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411876001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411876005", + "Version": "1", + "Check": "all", + "Comment": "fcitx5-libs is earlier than 0:5.1.2-alt1_1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411876005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411876001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-12535/definitions.json b/oval/p10/ALT-PU-2024-12535/definitions.json new file mode 100644 index 0000000000..3298794e2c --- /dev/null +++ b/oval/p10/ALT-PU-2024-12535/definitions.json @@ -0,0 +1,416 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202412535", + "Version": "oval:org.altlinux.errata:def:202412535", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-12535: package `kernel-image-std-def` update to version 5.10.226-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-12535", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-12535", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-06732", + "RefURL": "https://bdu.fstec.ru/vul/2024-06732", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-06745", + "RefURL": "https://bdu.fstec.ru/vul/2024-06745", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-41011", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-41011", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-44947", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-44947", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-44987", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-44987", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-44989", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-44989", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-44990", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-44990", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-44995", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-44995", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-44998", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-44998", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-44999", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-44999", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-45006", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-45006", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-45016", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-45016", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-45018", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-45018", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-45021", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-45021", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-45025", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-45025", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-45026", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-45026", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-45028", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-45028", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-46673", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46673", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-46674", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46674", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-46677", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46677", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-46685", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46685", + "Source": "CVE" + } + ], + "Description": "This update upgrades kernel-image-std-def to version 5.10.226-alt1. \nSecurity Fix(es):\n\n * BDU:2024-06732: Уязвимость функции gtp_dev_xmit() модуля drivers/net/gtp.c ядра операционных систем Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-06745: Уязвимость функции dequeue_rx() ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2024-41011: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: don't allow mapping the MMIO HDP page with large pages\n\nWe don't get the right offset in that case. The GPU has\nan unused 4K area of the register BAR space into which you can\nremap registers. We remap the HDP flush registers into this\nspace to allow userspace (CPU or GPU) to flush the HDP when it\nupdates VRAM. However, on systems with \u003e4K pages, we end up\nexposing PAGE_SIZE of MMIO space.\n\n * CVE-2024-44947: In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter).\n\n * CVE-2024-44987: In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent UAF in ip6_send_skb()\n\nsyzbot reported an UAF in ip6_send_skb() [1]\n\nAfter ip6_local_out() has returned, we no longer can safely\ndereference rt, unless we hold rcu_read_lock().\n\nA similar issue has been fixed in commit\na688caa34beb (\"ipv6: take rcu lock in rawv6_send_hdrinc()\")\n\nAnother potential issue in ip6_finish_output2() is handled in a\nseparate patch.\n\n[1]\n BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\nRead of size 8 at addr ffff88806dde4858 by task syz.1.380/6530\n\nCPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\n rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588\n rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n sock_write_iter+0x2dd/0x400 net/socket.c:1160\n do_iter_readv_writev+0x60a/0x890\n vfs_writev+0x37c/0xbb0 fs/read_write.c:971\n do_writev+0x1b1/0x350 fs/read_write.c:1018\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f936bf79e79\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79\nRDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004\nRBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8\n \u003c/TASK\u003e\n\nAllocated by task 6530:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:312 [inline]\n __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3988 [inline]\n slab_alloc_node mm/slub.c:4037 [inline]\n kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044\n dst_alloc+0x12b/0x190 net/core/dst.c:89\n ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670\n make_blackhole net/xfrm/xfrm_policy.c:3120 [inline]\n xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313\n ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257\n rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n ___sys_sendmsg net/socket.c:2651 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 45:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2252 [inline]\n slab_free mm/slub.c:4473 [inline]\n kmem_cache_free+0x145/0x350 mm/slub.c:4548\n dst_destroy+0x2ac/0x460 net/core/dst.c:124\n rcu_do_batch kernel/rcu/tree.c:2569 [inline]\n rcu_core+0xafd/0x1830 kernel/rcu/tree.\n---truncated---\n\n * CVE-2024-44989: In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn't set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 \u003c83\u003e 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS: 00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel: \u003cTASK\u003e\n kernel: ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: ? page_fault_oops+0x142/0x4c0\n kernel: ? do_user_addr_fault+0x65/0x670\n kernel: ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: ? exc_page_fault+0x7b/0x180\n kernel: ? asm_exc_page_fault+0x22/0x30\n kernel: ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel: xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: ip_push_pending_frames+0x56/0x80\n\n * CVE-2024-44990: In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix null pointer deref in bond_ipsec_offload_ok\n\nWe must check if there is an active slave before dereferencing the pointer.\n\n * CVE-2024-44995: In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix a deadlock problem when config TC during resetting\n\nWhen config TC during the reset process, may cause a deadlock, the flow is\nas below:\n pf reset start\n ¦\n ?\n ......\nsetup tc ¦\n ¦ ?\n ? DOWN: napi_disable()\nnapi_disable()(skip) ¦\n ¦ ¦\n ? ?\n ...... ......\n ¦ ¦\n ? ¦\nnapi_enable() ¦\n ?\n UINIT: netif_napi_del()\n ¦\n ?\n ......\n ¦\n ?\n INIT: netif_napi_add()\n ¦\n ?\n ...... global reset start\n ¦ ¦\n ? ?\n UP: napi_enable()(skip) ......\n ¦ ¦\n ? ?\n ...... napi_disable()\n\nIn reset process, the driver will DOWN the port and then UINIT, in this\ncase, the setup tc process will UP the port before UINIT, so cause the\nproblem. Adds a DOWN process in UINIT to fix it.\n\n * CVE-2024-44998: In the Linux kernel, the following vulnerability has been resolved:\n\natm: idt77252: prevent use after free in dequeue_rx()\n\nWe can't dereference \"skb\" after calling vcc-\u003epush() because the skb\nis released.\n\n * CVE-2024-44999: In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: pull network headers in gtp_dev_xmit()\n\nsyzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1]\n\nWe must make sure the IPv4 or Ipv6 header is pulled in skb-\u003ehead\nbefore accessing fields in them.\n\nUse pskb_inet_may_pull() to fix this issue.\n\n[1]\nBUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n __netdev_start_xmit include/linux/netdevice.h:4913 [inline]\n netdev_start_xmit include/linux/netdevice.h:4922 [inline]\n xmit_one net/core/dev.c:3580 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596\n __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423\n dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3145 [inline]\n packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n __sys_sendto+0x685/0x830 net/socket.c:2204\n __do_sys_sendto net/socket.c:2216 [inline]\n __se_sys_sendto net/socket.c:2212 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3994 [inline]\n slab_alloc_node mm/slub.c:4037 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674\n alloc_skb include/linux/skbuff.h:1320 [inline]\n alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815\n packet_alloc_skb net/packet/af_packet.c:2994 [inline]\n packet_snd net/packet/af_packet.c:3088 [inline]\n packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:745\n __sys_sendto+0x685/0x830 net/socket.c:2204\n __do_sys_sendto net/socket.c:2216 [inline]\n __se_sys_sendto net/socket.c:2212 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\n\n * CVE-2024-45006: In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix Panther point NULL pointer deref at full-speed re-enumeration\n\nre-enumerating full-speed devices after a failed address device command\ncan trigger a NULL pointer dereference.\n\nFull-speed devices may need to reconfigure the endpoint 0 Max Packet Size\nvalue during enumeration. Usb core calls usb_ep0_reinit() in this case,\nwhich ends up calling xhci_configure_endpoint().\n\nOn Panther point xHC the xhci_configure_endpoint() function will\nadditionally check and reserve bandwidth in software. Other hosts do\nthis in hardware\n\nIf xHC address device command fails then a new xhci_virt_device structure\nis allocated as part of re-enabling the slot, but the bandwidth table\npointers are not set up properly here.\nThis triggers the NULL pointer dereference the next time usb_ep0_reinit()\nis called and xhci_configure_endpoint() tries to check and reserve\nbandwidth\n\n[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd\n[46710.713699] usb 3-1: Device not responding to setup address.\n[46710.917684] usb 3-1: Device not responding to setup address.\n[46711.125536] usb 3-1: device not accepting address 5, error -71\n[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[46711.125600] #PF: supervisor read access in kernel mode\n[46711.125603] #PF: error_code(0x0000) - not-present page\n[46711.125606] PGD 0 P4D 0\n[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1\n[46711.125620] Hardware name: Gigabyte Technology Co., Ltd.\n[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore]\n[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c\n\nFix this by making sure bandwidth table pointers are set up correctly\nafter a failed address device command, and additionally by avoiding\nchecking for bandwidth in cases like this where no actual endpoints are\nadded or removed, i.e. only context for default control endpoint 0 is\nevaluated.\n\n * CVE-2024-45016: In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a (\"net: netem: fix skb length BUG_ON in __skb_to_sgvec\")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc's q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq-\u003eenqueue() and then\n the original packet is also dropped.\n- If rootq-\u003eenqueue() sends the duplicated packet to a different qdisc\n and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS.\n\n * CVE-2024-45018: In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: initialise extack before use\n\nFix missing initialisation of extack in flow offload.\n\n * CVE-2024-45021: In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg_write_event_control(): fix a user-triggerable oops\n\nwe are *not* guaranteed that anything past the terminating NUL\nis mapped (let alone initialized with anything sane).\n\n * CVE-2024-45025: In the Linux kernel, the following vulnerability has been resolved:\n\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\n\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\ncount/BITS_PER_LONG bits from old-\u003efull_fds_bits[] and fill\nthe rest with zeroes. What it does is copying enough words\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\nThat works fine, *if* all bits past the cutoff point are\nclear. Otherwise we are risking garbage from the last word\nwe'd copied.\n\nFor most of the callers that is true - expand_fdtable() has\ncount equal to old-\u003emax_fds, so there's no open descriptors\npast count, let alone fully occupied words in -\u003eopen_fds[],\nwhich is what bits in -\u003efull_fds_bits[] correspond to.\n\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\nwhich is the smallest multiple of BITS_PER_LONG that covers all\nopened descriptors below max_fds. In the common case (copying on\nfork()) max_fds is ~0U, so all opened descriptors will be below\nit and we are fine, by the same reasons why the call in expand_fdtable()\nis safe.\n\nUnfortunately, there is a case where max_fds is less than that\nand where we might, indeed, end up with junk in -\u003efull_fds_bits[] -\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\n\t* descriptor table being currently shared\n\t* 'to' being above the current capacity of descriptor table\n\t* 'from' being just under some chunk of opened descriptors.\nIn that case we end up with observably wrong behaviour - e.g. spawn\na child with CLONE_FILES, get all descriptors in range 0..127 open,\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\nup with descriptor #128, despite #64 being observably not open.\n\nThe minimally invasive fix would be to deal with that in dup_fd().\nIf this proves to add measurable overhead, we can go that way, but\nlet's try to fix copy_fd_bitmaps() first.\n\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\nbits; it's 'count' argument is always a multiple of BITS_PER_LONG,\nso we are not losing any information, and that way we can use the\nsame helper for all three bitmaps - compiler will see that count\nis a multiple of BITS_PER_LONG for the large ones, so it'll generate\nplain memcpy()+memset().\n\nReproducer added to tools/testing/selftests/core/close_range_test.c\n\n * CVE-2024-45026: In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error recovery leading to data corruption on ESE devices\n\nExtent Space Efficient (ESE) or thin provisioned volumes need to be\nformatted on demand during usual IO processing.\n\nThe dasd_ese_needs_format function checks for error codes that signal\nthe non existence of a proper track format.\n\nThe check for incorrect length is to imprecise since other error cases\nleading to transport of insufficient data also have this flag set.\nThis might lead to data corruption in certain error cases for example\nduring a storage server warmstart.\n\nFix by removing the check for incorrect length and replacing by\nexplicitly checking for invalid track format in transport mode.\n\nAlso remove the check for file protected since this is not a valid\nESE handling case.\n\n * CVE-2024-45028: In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: mmc_test: Fix NULL dereference on allocation failure\n\nIf the \"test-\u003ehighmem = alloc_pages()\" allocation fails then calling\n__free_pages(test-\u003ehighmem) will result in a NULL dereference. Also\nchange the error code to -ENOMEM instead of returning success.\n\n * CVE-2024-46673: In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: aacraid: Fix double-free on probe failure\n\naac_probe_one() calls hardware-specific init functions through the\naac_driver_ident::init pointer, all of which eventually call down to\naac_init_adapter().\n\nIf aac_init_adapter() fails after allocating memory for aac_dev::queues,\nit frees the memory but does not clear that member.\n\nAfter the hardware-specific init function returns an error,\naac_probe_one() goes down an error path that frees the memory pointed to\nby aac_dev::queues, resulting.in a double-free.\n\n * CVE-2024-46674: In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: st: fix probed platform device ref count on probe error path\n\nThe probe function never performs any paltform device allocation, thus\nerror path \"undo_platform_dev_alloc\" is entirely bogus. It drops the\nreference count from the platform device being probed. If error path is\ntriggered, this will lead to unbalanced device reference counts and\npremature release of device resources, thus possible use-after-free when\nreleasing remaining devm-managed resources.\n\n * CVE-2024-46677: In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix a potential NULL pointer dereference\n\nWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns a\nNULL pointer, but its callers only check for error pointers thus miss\nthe NULL pointer case.\n\nFix it by returning an error pointer with the error code carried from\nsockfd_lookup().\n\n(I found this bug during code inspection.)\n\n * CVE-2024-46685: In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: single: fix potential NULL dereference in pcs_get_function()\n\npinmux_generic_get_function() can return NULL and the pointer 'function'\nwas dereferenced without checking against NULL. Add checking of pointer\n'function' in pcs_get_function().\n\nFound by code review.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-09-17" + }, + "Updated": { + "Date": "2024-09-17" + }, + "BDUs": [ + { + "ID": "BDU:2024-06732", + "CVSS": "AV:A/AC:H/Au:S/C:P/I:P/A:P", + "CVSS3": "AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "CWE": "CWE-457", + "Href": "https://bdu.fstec.ru/vul/2024-06732", + "Impact": "Low", + "Public": "20240808" + }, + { + "ID": "BDU:2024-06745", + "CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C", + "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-416", + "Href": "https://bdu.fstec.ru/vul/2024-06745", + "Impact": "Low", + "Public": "20240809" + } + ], + "CVEs": [ + { + "ID": "CVE-2024-41011", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-682", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-41011", + "Impact": "High", + "Public": "20240718" + }, + { + "ID": "CVE-2024-44947", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "CWE": "CWE-665", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-44947", + "Impact": "Low", + "Public": "20240902" + }, + { + "ID": "CVE-2024-44987", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-44987", + "Impact": "High", + "Public": "20240904" + }, + { + "ID": "CVE-2024-44989", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-44989", + "Impact": "Low", + "Public": "20240904" + }, + { + "ID": "CVE-2024-44990", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-44990", + "Impact": "Low", + "Public": "20240904" + }, + { + "ID": "CVE-2024-44995", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-667", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-44995", + "Impact": "Low", + "Public": "20240904" + }, + { + "ID": "CVE-2024-44998", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-44998", + "Impact": "High", + "Public": "20240904" + }, + { + "ID": "CVE-2024-44999", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "CWE": "CWE-908", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-44999", + "Impact": "High", + "Public": "20240904" + }, + { + "ID": "CVE-2024-45006", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-45006", + "Impact": "Low", + "Public": "20240904" + }, + { + "ID": "CVE-2024-45016", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-45016", + "Impact": "Low", + "Public": "20240911" + }, + { + "ID": "CVE-2024-45018", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-665", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-45018", + "Impact": "Low", + "Public": "20240911" + }, + { + "ID": "CVE-2024-45021", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-45021", + "Impact": "Low", + "Public": "20240911" + }, + { + "ID": "CVE-2024-45025", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-787", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-45025", + "Impact": "Low", + "Public": "20240911" + }, + { + "ID": "CVE-2024-45026", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-787", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-45026", + "Impact": "High", + "Public": "20240911" + }, + { + "ID": "CVE-2024-45028", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-45028", + "Impact": "Low", + "Public": "20240911" + }, + { + "ID": "CVE-2024-46673", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-415", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46673", + "Impact": "High", + "Public": "20240913" + }, + { + "ID": "CVE-2024-46674", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46674", + "Impact": "High", + "Public": "20240913" + }, + { + "ID": "CVE-2024-46677", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46677", + "Impact": "Low", + "Public": "20240913" + }, + { + "ID": "CVE-2024-46685", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46685", + "Impact": "Low", + "Public": "20240913" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202412535001", + "Comment": "kernel-doc-std is earlier than 2:5.10.226-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202412535002", + "Comment": "kernel-headers-modules-std-def is earlier than 2:5.10.226-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202412535003", + "Comment": "kernel-headers-std-def is earlier than 2:5.10.226-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202412535004", + "Comment": "kernel-image-domU-std-def is earlier than 2:5.10.226-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202412535005", + "Comment": "kernel-image-std-def is earlier than 2:5.10.226-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202412535006", + "Comment": "kernel-image-std-def-checkinstall is earlier than 2:5.10.226-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202412535007", + "Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.10.226-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202412535008", + "Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.10.226-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202412535009", + "Comment": "kernel-modules-drm-std-def is earlier than 2:5.10.226-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202412535010", + "Comment": "kernel-modules-ide-std-def is earlier than 2:5.10.226-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202412535011", + "Comment": "kernel-modules-midgard-be-m1000-std-def is earlier than 2:5.10.226-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202412535012", + "Comment": "kernel-modules-staging-std-def is earlier than 2:5.10.226-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-12535/objects.json b/oval/p10/ALT-PU-2024-12535/objects.json new file mode 100644 index 0000000000..293df82886 --- /dev/null +++ b/oval/p10/ALT-PU-2024-12535/objects.json @@ -0,0 +1,100 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202412535001", + "Version": "1", + "Comment": "kernel-doc-std is installed", + "Name": "kernel-doc-std" + }, + { + "ID": "oval:org.altlinux.errata:obj:202412535002", + "Version": "1", + "Comment": "kernel-headers-modules-std-def is installed", + "Name": "kernel-headers-modules-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202412535003", + "Version": "1", + "Comment": "kernel-headers-std-def is installed", + "Name": "kernel-headers-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202412535004", + "Version": "1", + "Comment": "kernel-image-domU-std-def is installed", + "Name": "kernel-image-domU-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202412535005", + "Version": "1", + "Comment": "kernel-image-std-def is installed", + "Name": "kernel-image-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202412535006", + "Version": "1", + "Comment": "kernel-image-std-def-checkinstall is installed", + "Name": "kernel-image-std-def-checkinstall" + }, + { + "ID": "oval:org.altlinux.errata:obj:202412535007", + "Version": "1", + "Comment": "kernel-modules-drm-ancient-std-def is installed", + "Name": "kernel-modules-drm-ancient-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202412535008", + "Version": "1", + "Comment": "kernel-modules-drm-nouveau-std-def is installed", + "Name": "kernel-modules-drm-nouveau-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202412535009", + "Version": "1", + "Comment": "kernel-modules-drm-std-def is installed", + "Name": "kernel-modules-drm-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202412535010", + "Version": "1", + "Comment": "kernel-modules-ide-std-def is installed", + "Name": "kernel-modules-ide-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202412535011", + "Version": "1", + "Comment": "kernel-modules-midgard-be-m1000-std-def is installed", + "Name": "kernel-modules-midgard-be-m1000-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202412535012", + "Version": "1", + "Comment": "kernel-modules-staging-std-def is installed", + "Name": "kernel-modules-staging-std-def" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-12535/states.json b/oval/p10/ALT-PU-2024-12535/states.json new file mode 100644 index 0000000000..5a89d2829b --- /dev/null +++ b/oval/p10/ALT-PU-2024-12535/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202412535001", + "Version": "1", + "Comment": "package EVR is earlier than 2:5.10.226-alt1", + "Arch": {}, + "EVR": { + "Text": "2:5.10.226-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-12535/tests.json b/oval/p10/ALT-PU-2024-12535/tests.json new file mode 100644 index 0000000000..640c6e4bb8 --- /dev/null +++ b/oval/p10/ALT-PU-2024-12535/tests.json @@ -0,0 +1,162 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202412535001", + "Version": "1", + "Check": "all", + "Comment": "kernel-doc-std is earlier than 2:5.10.226-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412535001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412535001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202412535002", + "Version": "1", + "Check": "all", + "Comment": "kernel-headers-modules-std-def is earlier than 2:5.10.226-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412535002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412535001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202412535003", + "Version": "1", + "Check": "all", + "Comment": "kernel-headers-std-def is earlier than 2:5.10.226-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412535003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412535001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202412535004", + "Version": "1", + "Check": "all", + "Comment": "kernel-image-domU-std-def is earlier than 2:5.10.226-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412535004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412535001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202412535005", + "Version": "1", + "Check": "all", + "Comment": "kernel-image-std-def is earlier than 2:5.10.226-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412535005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412535001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202412535006", + "Version": "1", + "Check": "all", + "Comment": "kernel-image-std-def-checkinstall is earlier than 2:5.10.226-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412535006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412535001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202412535007", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.10.226-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412535007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412535001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202412535008", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.10.226-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412535008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412535001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202412535009", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-drm-std-def is earlier than 2:5.10.226-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412535009" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412535001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202412535010", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-ide-std-def is earlier than 2:5.10.226-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412535010" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412535001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202412535011", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-midgard-be-m1000-std-def is earlier than 2:5.10.226-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412535011" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412535001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202412535012", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-staging-std-def is earlier than 2:5.10.226-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412535012" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412535001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-12622/definitions.json b/oval/p10/ALT-PU-2024-12622/definitions.json new file mode 100644 index 0000000000..0ddb917fdd --- /dev/null +++ b/oval/p10/ALT-PU-2024-12622/definitions.json @@ -0,0 +1,196 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202412622", + "Version": "oval:org.altlinux.errata:def:202412622", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-12622: package `golang` update to version 1.22.7-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-12622", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-12622", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-07020", + "RefURL": "https://bdu.fstec.ru/vul/2024-07020", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-07025", + "RefURL": "https://bdu.fstec.ru/vul/2024-07025", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-07026", + "RefURL": "https://bdu.fstec.ru/vul/2024-07026", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-34155", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-34156", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-34158", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", + "Source": "CVE" + } + ], + "Description": "This update upgrades golang to version 1.22.7-alt1. \nSecurity Fix(es):\n\n * BDU:2024-07020: Уязвимость функции Parse языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-07025: Уязвимость функции Decoder.Decode языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-07026: Уязвимость функции Parse языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2024-34155: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.\n\n * CVE-2024-34156: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.\n\n * CVE-2024-34158: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-09-17" + }, + "Updated": { + "Date": "2024-09-17" + }, + "BDUs": [ + { + "ID": "BDU:2024-07020", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-404, CWE-674", + "Href": "https://bdu.fstec.ru/vul/2024-07020", + "Impact": "High", + "Public": "20240829" + }, + { + "ID": "BDU:2024-07025", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-674", + "Href": "https://bdu.fstec.ru/vul/2024-07025", + "Impact": "High", + "Public": "20240905" + }, + { + "ID": "BDU:2024-07026", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-674", + "Href": "https://bdu.fstec.ru/vul/2024-07026", + "Impact": "High", + "Public": "20240829" + } + ], + "CVEs": [ + { + "ID": "CVE-2024-34155", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", + "Impact": "None", + "Public": "20240906" + }, + { + "ID": "CVE-2024-34156", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", + "Impact": "None", + "Public": "20240906" + }, + { + "ID": "CVE-2024-34158", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", + "Impact": "None", + "Public": "20240906" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202412622001", + "Comment": "golang is earlier than 0:1.22.7-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202412622002", + "Comment": "golang-docs is earlier than 0:1.22.7-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202412622003", + "Comment": "golang-gdb is earlier than 0:1.22.7-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202412622004", + "Comment": "golang-misc is earlier than 0:1.22.7-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202412622005", + "Comment": "golang-shared is earlier than 0:1.22.7-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202412622006", + "Comment": "golang-src is earlier than 0:1.22.7-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202412622007", + "Comment": "golang-tests is earlier than 0:1.22.7-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-12622/objects.json b/oval/p10/ALT-PU-2024-12622/objects.json new file mode 100644 index 0000000000..fbd03ff334 --- /dev/null +++ b/oval/p10/ALT-PU-2024-12622/objects.json @@ -0,0 +1,70 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202412622001", + "Version": "1", + "Comment": "golang is installed", + "Name": "golang" + }, + { + "ID": "oval:org.altlinux.errata:obj:202412622002", + "Version": "1", + "Comment": "golang-docs is installed", + "Name": "golang-docs" + }, + { + "ID": "oval:org.altlinux.errata:obj:202412622003", + "Version": "1", + "Comment": "golang-gdb is installed", + "Name": "golang-gdb" + }, + { + "ID": "oval:org.altlinux.errata:obj:202412622004", + "Version": "1", + "Comment": "golang-misc is installed", + "Name": "golang-misc" + }, + { + "ID": "oval:org.altlinux.errata:obj:202412622005", + "Version": "1", + "Comment": "golang-shared is installed", + "Name": "golang-shared" + }, + { + "ID": "oval:org.altlinux.errata:obj:202412622006", + "Version": "1", + "Comment": "golang-src is installed", + "Name": "golang-src" + }, + { + "ID": "oval:org.altlinux.errata:obj:202412622007", + "Version": "1", + "Comment": "golang-tests is installed", + "Name": "golang-tests" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-12622/states.json b/oval/p10/ALT-PU-2024-12622/states.json new file mode 100644 index 0000000000..818161e646 --- /dev/null +++ b/oval/p10/ALT-PU-2024-12622/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202412622001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.22.7-alt1", + "Arch": {}, + "EVR": { + "Text": "0:1.22.7-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-12622/tests.json b/oval/p10/ALT-PU-2024-12622/tests.json new file mode 100644 index 0000000000..069b83a011 --- /dev/null +++ b/oval/p10/ALT-PU-2024-12622/tests.json @@ -0,0 +1,102 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202412622001", + "Version": "1", + "Check": "all", + "Comment": "golang is earlier than 0:1.22.7-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412622001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412622001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202412622002", + "Version": "1", + "Check": "all", + "Comment": "golang-docs is earlier than 0:1.22.7-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412622002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412622001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202412622003", + "Version": "1", + "Check": "all", + "Comment": "golang-gdb is earlier than 0:1.22.7-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412622003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412622001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202412622004", + "Version": "1", + "Check": "all", + "Comment": "golang-misc is earlier than 0:1.22.7-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412622004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412622001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202412622005", + "Version": "1", + "Check": "all", + "Comment": "golang-shared is earlier than 0:1.22.7-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412622005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412622001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202412622006", + "Version": "1", + "Check": "all", + "Comment": "golang-src is earlier than 0:1.22.7-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412622006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412622001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202412622007", + "Version": "1", + "Check": "all", + "Comment": "golang-tests is earlier than 0:1.22.7-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202412622007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202412622001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p9/ALT-PU-2024-11974/definitions.json b/oval/p9/ALT-PU-2024-11974/definitions.json new file mode 100644 index 0000000000..793ff5a902 --- /dev/null +++ b/oval/p9/ALT-PU-2024-11974/definitions.json @@ -0,0 +1,206 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202411974", + "Version": "oval:org.altlinux.errata:def:202411974", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-11974: package `openssl1.1` update to version 1.1.1w-alt0.p9.1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p9" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-11974", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-11974", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2023-04957", + "RefURL": "https://bdu.fstec.ru/vul/2023-04957", + "Source": "BDU" + }, + { + "RefID": "BDU:2023-04960", + "RefURL": "https://bdu.fstec.ru/vul/2023-04960", + "Source": "BDU" + }, + { + "RefID": "BDU:2023-05872", + "RefURL": "https://bdu.fstec.ru/vul/2023-05872", + "Source": "BDU" + }, + { + "RefID": "CVE-2023-3446", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-3446", + "Source": "CVE" + }, + { + "RefID": "CVE-2023-3817", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-3817", + "Source": "CVE" + }, + { + "RefID": "CVE-2023-4807", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-4807", + "Source": "CVE" + } + ], + "Description": "This update upgrades openssl1.1 to version 1.1.1w-alt0.p9.1. \nSecurity Fix(es):\n\n * BDU:2023-04957: Уязвимость функций DH_check(), DH_check_ex() или EVP_PKEY_param_check() библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-04960: Уязвимость функций DH_check(), DH_check_ex(), EVP_PKEY_param_check() библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05872: Уязвимость криптографической библиотеки OpenSSL, связанная с неправильной проверкой ввода, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании»\n\n * CVE-2023-3446: Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n * CVE-2023-3817: Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n * CVE-2023-4807: Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications on the\nWindows 64 platform when running on newer X86_64 processors supporting the\nAVX512-IFMA instructions.\n\nImpact summary: If in an application that uses the OpenSSL library an attacker\ncan influence whether the POLY1305 MAC algorithm is used, the application\nstate might be corrupted with various application dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL does\nnot save the contents of non-volatile XMM registers on Windows 64 platform\nwhen calculating the MAC of data larger than 64 bytes. Before returning to\nthe caller all the XMM registers are set to zero rather than restoring their\nprevious content. The vulnerable code is used only on newer x86_64 processors\nsupporting the AVX512-IFMA instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However given the contents of the registers are just zeroized so\nthe attacker cannot put arbitrary values inside, the most likely consequence,\nif any, would be an incorrect result of some application dependent\ncalculations or a crash leading to a denial of service.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3 and a malicious client can influence whether this AEAD\ncipher is used by the server. This implies that server applications using\nOpenSSL can be potentially impacted. However we are currently not aware of\nany concrete application that would be affected by this issue therefore we\nconsider this a Low severity security issue.\n\nAs a workaround the AVX512-IFMA instructions support can be disabled at\nruntime by setting the environment variable OPENSSL_ia32cap:\n\n OPENSSL_ia32cap=:~0x200000\n\nThe FIPS provider is not affected by this issue.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-09-17" + }, + "Updated": { + "Date": "2024-09-17" + }, + "BDUs": [ + { + "ID": "BDU:2023-04957", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "CWE": "CWE-1333", + "Href": "https://bdu.fstec.ru/vul/2023-04957", + "Impact": "Low", + "Public": "20230719" + }, + { + "ID": "BDU:2023-04960", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "CWE": "CWE-834", + "Href": "https://bdu.fstec.ru/vul/2023-04960", + "Impact": "Low", + "Public": "20230731" + }, + { + "ID": "BDU:2023-05872", + "CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C", + "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2023-05872", + "Impact": "High", + "Public": "20230908" + } + ], + "CVEs": [ + { + "ID": "CVE-2023-3446", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "CWE": "CWE-1333", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-3446", + "Impact": "Low", + "Public": "20230719" + }, + { + "ID": "CVE-2023-3817", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "CWE": "CWE-834", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-3817", + "Impact": "Low", + "Public": "20230731" + }, + { + "ID": "CVE-2023-4807", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-4807", + "Impact": "High", + "Public": "20230908" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:9", + "cpe:/o:alt:workstation:9", + "cpe:/o:alt:server:9", + "cpe:/o:alt:server-v:9", + "cpe:/o:alt:education:9", + "cpe:/o:alt:slinux:9", + "cpe:/o:alt:starterkit:p9", + "cpe:/o:alt:kworkstation:9.1", + "cpe:/o:alt:workstation:9.1", + "cpe:/o:alt:server:9.1", + "cpe:/o:alt:server-v:9.1", + "cpe:/o:alt:education:9.1", + "cpe:/o:alt:slinux:9.1", + "cpe:/o:alt:starterkit:9.1", + "cpe:/o:alt:kworkstation:9.2", + "cpe:/o:alt:workstation:9.2", + "cpe:/o:alt:server:9.2", + "cpe:/o:alt:server-v:9.2", + "cpe:/o:alt:education:9.2", + "cpe:/o:alt:slinux:9.2", + "cpe:/o:alt:starterkit:9.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:1001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202411974001", + "Comment": "libcrypto1.1 is earlier than 0:1.1.1w-alt0.p9.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411974002", + "Comment": "libssl-devel is earlier than 0:1.1.1w-alt0.p9.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411974003", + "Comment": "libssl-devel-static is earlier than 0:1.1.1w-alt0.p9.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411974004", + "Comment": "libssl1.1 is earlier than 0:1.1.1w-alt0.p9.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411974005", + "Comment": "openssl is earlier than 0:1.1.1w-alt0.p9.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411974006", + "Comment": "openssl-doc is earlier than 0:1.1.1w-alt0.p9.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411974007", + "Comment": "openssl-engines is earlier than 0:1.1.1w-alt0.p9.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411974008", + "Comment": "tsget is earlier than 0:1.1.1w-alt0.p9.1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p9/ALT-PU-2024-11974/objects.json b/oval/p9/ALT-PU-2024-11974/objects.json new file mode 100644 index 0000000000..42a875b84c --- /dev/null +++ b/oval/p9/ALT-PU-2024-11974/objects.json @@ -0,0 +1,76 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:1001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202411974001", + "Version": "1", + "Comment": "libcrypto1.1 is installed", + "Name": "libcrypto1.1" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411974002", + "Version": "1", + "Comment": "libssl-devel is installed", + "Name": "libssl-devel" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411974003", + "Version": "1", + "Comment": "libssl-devel-static is installed", + "Name": "libssl-devel-static" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411974004", + "Version": "1", + "Comment": "libssl1.1 is installed", + "Name": "libssl1.1" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411974005", + "Version": "1", + "Comment": "openssl is installed", + "Name": "openssl" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411974006", + "Version": "1", + "Comment": "openssl-doc is installed", + "Name": "openssl-doc" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411974007", + "Version": "1", + "Comment": "openssl-engines is installed", + "Name": "openssl-engines" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411974008", + "Version": "1", + "Comment": "tsget is installed", + "Name": "tsget" + } + ] +} \ No newline at end of file diff --git a/oval/p9/ALT-PU-2024-11974/states.json b/oval/p9/ALT-PU-2024-11974/states.json new file mode 100644 index 0000000000..7112a7265f --- /dev/null +++ b/oval/p9/ALT-PU-2024-11974/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:1001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202411974001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.1.1w-alt0.p9.1", + "Arch": {}, + "EVR": { + "Text": "0:1.1.1w-alt0.p9.1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p9/ALT-PU-2024-11974/tests.json b/oval/p9/ALT-PU-2024-11974/tests.json new file mode 100644 index 0000000000..bfdb8ebeea --- /dev/null +++ b/oval/p9/ALT-PU-2024-11974/tests.json @@ -0,0 +1,114 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:1001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p9' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:1001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:1001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202411974001", + "Version": "1", + "Check": "all", + "Comment": "libcrypto1.1 is earlier than 0:1.1.1w-alt0.p9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411974001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411974001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411974002", + "Version": "1", + "Check": "all", + "Comment": "libssl-devel is earlier than 0:1.1.1w-alt0.p9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411974002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411974001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411974003", + "Version": "1", + "Check": "all", + "Comment": "libssl-devel-static is earlier than 0:1.1.1w-alt0.p9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411974003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411974001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411974004", + "Version": "1", + "Check": "all", + "Comment": "libssl1.1 is earlier than 0:1.1.1w-alt0.p9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411974004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411974001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411974005", + "Version": "1", + "Check": "all", + "Comment": "openssl is earlier than 0:1.1.1w-alt0.p9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411974005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411974001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411974006", + "Version": "1", + "Check": "all", + "Comment": "openssl-doc is earlier than 0:1.1.1w-alt0.p9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411974006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411974001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411974007", + "Version": "1", + "Check": "all", + "Comment": "openssl-engines is earlier than 0:1.1.1w-alt0.p9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411974007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411974001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411974008", + "Version": "1", + "Check": "all", + "Comment": "tsget is earlier than 0:1.1.1w-alt0.p9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411974008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411974001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p9/ALT-PU-2024-11976/definitions.json b/oval/p9/ALT-PU-2024-11976/definitions.json new file mode 100644 index 0000000000..b4ee124950 --- /dev/null +++ b/oval/p9/ALT-PU-2024-11976/definitions.json @@ -0,0 +1,129 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202411976", + "Version": "oval:org.altlinux.errata:def:202411976", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-11976: package `ntp` update to version 4.2.8p15-alt3", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p9" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-11976", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-11976", + "Source": "ALTPU" + } + ], + "Description": "This update upgrades ntp to version 4.2.8p15-alt3. \nSecurity Fix(es):\n\n * #39775: Собрать с поддержкой PPS", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-09-17" + }, + "Updated": { + "Date": "2024-09-17" + }, + "BDUs": null, + "Bugzilla": [ + { + "ID": "39775", + "Href": "https://bugzilla.altlinux.org/39775", + "Data": "Собрать с поддержкой PPS" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:9", + "cpe:/o:alt:workstation:9", + "cpe:/o:alt:server:9", + "cpe:/o:alt:server-v:9", + "cpe:/o:alt:education:9", + "cpe:/o:alt:slinux:9", + "cpe:/o:alt:starterkit:p9", + "cpe:/o:alt:kworkstation:9.1", + "cpe:/o:alt:workstation:9.1", + "cpe:/o:alt:server:9.1", + "cpe:/o:alt:server-v:9.1", + "cpe:/o:alt:education:9.1", + "cpe:/o:alt:slinux:9.1", + "cpe:/o:alt:starterkit:9.1", + "cpe:/o:alt:kworkstation:9.2", + "cpe:/o:alt:workstation:9.2", + "cpe:/o:alt:server:9.2", + "cpe:/o:alt:server-v:9.2", + "cpe:/o:alt:education:9.2", + "cpe:/o:alt:slinux:9.2", + "cpe:/o:alt:starterkit:9.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:1001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202411976001", + "Comment": "ntp is earlier than 0:4.2.8p15-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411976002", + "Comment": "ntp-aux is earlier than 0:4.2.8p15-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411976003", + "Comment": "ntp-doc is earlier than 0:4.2.8p15-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411976004", + "Comment": "ntp-utils is earlier than 0:4.2.8p15-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411976005", + "Comment": "ntpd is earlier than 0:4.2.8p15-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411976006", + "Comment": "ntpdate is earlier than 0:4.2.8p15-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411976007", + "Comment": "ntpq is earlier than 0:4.2.8p15-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411976008", + "Comment": "perl-NTP-Util is earlier than 0:4.2.8p15-alt3" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p9/ALT-PU-2024-11976/objects.json b/oval/p9/ALT-PU-2024-11976/objects.json new file mode 100644 index 0000000000..ddfbc3e0bb --- /dev/null +++ b/oval/p9/ALT-PU-2024-11976/objects.json @@ -0,0 +1,76 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:1001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202411976001", + "Version": "1", + "Comment": "ntp is installed", + "Name": "ntp" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411976002", + "Version": "1", + "Comment": "ntp-aux is installed", + "Name": "ntp-aux" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411976003", + "Version": "1", + "Comment": "ntp-doc is installed", + "Name": "ntp-doc" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411976004", + "Version": "1", + "Comment": "ntp-utils is installed", + "Name": "ntp-utils" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411976005", + "Version": "1", + "Comment": "ntpd is installed", + "Name": "ntpd" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411976006", + "Version": "1", + "Comment": "ntpdate is installed", + "Name": "ntpdate" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411976007", + "Version": "1", + "Comment": "ntpq is installed", + "Name": "ntpq" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411976008", + "Version": "1", + "Comment": "perl-NTP-Util is installed", + "Name": "perl-NTP-Util" + } + ] +} \ No newline at end of file diff --git a/oval/p9/ALT-PU-2024-11976/states.json b/oval/p9/ALT-PU-2024-11976/states.json new file mode 100644 index 0000000000..aae59bcf6d --- /dev/null +++ b/oval/p9/ALT-PU-2024-11976/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:1001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202411976001", + "Version": "1", + "Comment": "package EVR is earlier than 0:4.2.8p15-alt3", + "Arch": {}, + "EVR": { + "Text": "0:4.2.8p15-alt3", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p9/ALT-PU-2024-11976/tests.json b/oval/p9/ALT-PU-2024-11976/tests.json new file mode 100644 index 0000000000..d6af336405 --- /dev/null +++ b/oval/p9/ALT-PU-2024-11976/tests.json @@ -0,0 +1,114 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:1001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p9' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:1001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:1001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202411976001", + "Version": "1", + "Check": "all", + "Comment": "ntp is earlier than 0:4.2.8p15-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411976001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411976001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411976002", + "Version": "1", + "Check": "all", + "Comment": "ntp-aux is earlier than 0:4.2.8p15-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411976002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411976001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411976003", + "Version": "1", + "Check": "all", + "Comment": "ntp-doc is earlier than 0:4.2.8p15-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411976003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411976001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411976004", + "Version": "1", + "Check": "all", + "Comment": "ntp-utils is earlier than 0:4.2.8p15-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411976004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411976001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411976005", + "Version": "1", + "Check": "all", + "Comment": "ntpd is earlier than 0:4.2.8p15-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411976005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411976001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411976006", + "Version": "1", + "Check": "all", + "Comment": "ntpdate is earlier than 0:4.2.8p15-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411976006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411976001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411976007", + "Version": "1", + "Check": "all", + "Comment": "ntpq is earlier than 0:4.2.8p15-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411976007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411976001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411976008", + "Version": "1", + "Check": "all", + "Comment": "perl-NTP-Util is earlier than 0:4.2.8p15-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411976008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411976001" + } + } + ] +} \ No newline at end of file