diff --git a/oval/c10f1/ALT-PU-2024-17181/definitions.json b/oval/c10f1/ALT-PU-2024-17181/definitions.json new file mode 100644 index 0000000000..ce6f643dcf --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17181/definitions.json @@ -0,0 +1,255 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202417181", + "Version": "oval:org.altlinux.errata:def:202417181", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-17181: package `openssl1.1` update to version 1.1.1w-alt0.p10.2", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f1" + ], + "Products": [ + "ALT SP Workstation", + "ALT SP Server" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-17181", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-17181", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2023-08615", + "RefURL": "https://bdu.fstec.ru/vul/2023-08615", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-01337", + "RefURL": "https://bdu.fstec.ru/vul/2024-01337", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-04109", + "RefURL": "https://bdu.fstec.ru/vul/2024-04109", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-05176", + "RefURL": "https://bdu.fstec.ru/vul/2024-05176", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-06988", + "RefURL": "https://bdu.fstec.ru/vul/2024-06988", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-08755", + "RefURL": "https://bdu.fstec.ru/vul/2024-08755", + "Source": "BDU" + }, + { + "RefID": "CVE-2023-5678", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-0727", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-0727", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-2511", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-4741", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-4741", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-5535", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5535", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-9143", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-9143", + "Source": "CVE" + } + ], + "Description": "This update upgrades openssl1.1 to version 1.1.1w-alt0.p10.2. \nSecurity Fix(es):\n\n * BDU:2023-08615: Уязвимость функции DH_generate_key() библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-01337: Уязвимость функций PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() и PKCS12_newpass() библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-04109: Уязвимость криптографической библиотеки OpenSSL, связанная с ошибками освобождения ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-05176: Уязвимость функции SSL_free_buffers() криптографической библиотеки OpenSSL, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2024-06988: Уязвимость функции SSL_select_next_proto инструментария для протоколов TLS и SSL OpenSSL, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * BDU:2024-08755: Уязвимость функций EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), BN_GF2m_*() интерфейса Elliptic Curve API криптографической библиотеки OpenSSL, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2023-5678: Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n * CVE-2024-0727: Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n * CVE-2024-2511: Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this issue.\n\n * CVE-2024-4741: Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause\nmemory to be accessed that was previously freed in some situations\n\nImpact summary: A use after free can have a range of potential consequences such\nas the corruption of valid data, crashes or execution of arbitrary code.\nHowever, only applications that directly call the SSL_free_buffers function are\naffected by this issue. Applications that do not call this function are not\nvulnerable. Our investigations indicate that this function is rarely used by\napplications.\n\nThe SSL_free_buffers function is used to free the internal OpenSSL buffer used\nwhen processing an incoming record from the network. The call is only expected\nto succeed if the buffer is not currently in use. However, two scenarios have\nbeen identified where the buffer is freed even when still in use.\n\nThe first scenario occurs where a record header has been received from the\nnetwork and processed by OpenSSL, but the full record body has not yet arrived.\nIn this case calling SSL_free_buffers will succeed even though a record has only\nbeen partially processed and the buffer is still in use.\n\nThe second scenario occurs where a full record containing application data has\nbeen received and processed by OpenSSL but the application has only read part of\nthis data. Again a call to SSL_free_buffers will succeed even though the buffer\nis still in use.\n\nWhile these scenarios could occur accidentally during normal operation a\nmalicious attacker could attempt to engineer a stituation where this occurs.\nWe are not aware of this issue being actively exploited.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n * CVE-2024-5535: Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an\nempty supported client protocols buffer may cause a crash or memory contents to\nbe sent to the peer.\n\nImpact summary: A buffer overread can have a range of potential consequences\nsuch as unexpected application beahviour or a crash. In particular this issue\ncould result in up to 255 bytes of arbitrary private data from memory being sent\nto the peer leading to a loss of confidentiality. However, only applications\nthat directly call the SSL_select_next_proto function with a 0 length list of\nsupported client protocols are affected by this issue. This would normally never\nbe a valid scenario and is typically not under attacker control but may occur by\naccident in the case of a configuration or programming error in the calling\napplication.\n\nThe OpenSSL API function SSL_select_next_proto is typically used by TLS\napplications that support ALPN (Application Layer Protocol Negotiation) or NPN\n(Next Protocol Negotiation). NPN is older, was never standardised and\nis deprecated in favour of ALPN. We believe that ALPN is significantly more\nwidely deployed than NPN. The SSL_select_next_proto function accepts a list of\nprotocols from the server and a list of protocols from the client and returns\nthe first protocol that appears in the server list that also appears in the\nclient list. In the case of no overlap between the two lists it returns the\nfirst item in the client list. In either case it will signal whether an overlap\nbetween the two lists was found. In the case where SSL_select_next_proto is\ncalled with a zero length client list it fails to notice this condition and\nreturns the memory immediately following the client list pointer (and reports\nthat there was no overlap in the lists).\n\nThis function is typically called from a server side application callback for\nALPN or a client side application callback for NPN. In the case of ALPN the list\nof protocols supplied by the client is guaranteed by libssl to never be zero in\nlength. The list of server protocols comes from the application and should never\nnormally be expected to be of zero length. In this case if the\nSSL_select_next_proto function has been called as expected (with the list\nsupplied by the client passed in the client/client_len parameters), then the\napplication will not be vulnerable to this issue. If the application has\naccidentally been configured with a zero length server list, and has\naccidentally passed that zero length server list in the client/client_len\nparameters, and has additionally failed to correctly handle a \"no overlap\"\nresponse (which would normally result in a handshake failure in ALPN) then it\nwill be vulnerable to this problem.\n\nIn the case of NPN, the protocol permits the client to opportunistically select\na protocol when there is no overlap. OpenSSL returns the first client protocol\nin the no overlap case in support of this. The list of client protocols comes\nfrom the application and should never normally be expected to be of zero length.\nHowever if the SSL_select_next_proto function is accidentally called with a\nclient_len of 0 then an invalid memory pointer will be returned instead. If the\napplication uses this output as the opportunistic protocol then the loss of\nconfidentiality will occur.\n\nThis issue has been assessed as Low severity because applications are most\nlikely to be vulnerable if they are using NPN instead of ALPN - but NPN is not\nwidely used. It also requires an application configuration or programming error.\nFinally, this issue would not typically be under attacker control making active\nexploitation unlikely.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\nDue to the low severity of this issue we are not issuing new releases of\nOpenSSL at this time. The fix will be included in the next releases when they\nbecome available.\n\n * CVE-2024-9143: Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted\nexplicit values for the field polynomial can lead to out-of-bounds memory reads\nor writes.\n\nImpact summary: Out of bound memory writes can lead to an application crash or\neven a possibility of a remote code execution, however, in all the protocols\ninvolving Elliptic Curve Cryptography that we're aware of, either only \"named\ncurves\" are supported, or, if explicit curve parameters are supported, they\nspecify an X9.62 encoding of binary (GF(2^m)) curves that can't represent\nproblematic input values. Thus the likelihood of existence of a vulnerable\napplication is low.\n\nIn particular, the X9.62 encoding is used for ECC keys in X.509 certificates,\nso problematic inputs cannot occur in the context of processing X.509\ncertificates. Any problematic use-cases would have to be using an \"exotic\"\ncurve encoding.\n\nThe affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(),\nand various supporting BN_GF2m_*() functions.\n\nApplications working with \"exotic\" explicit binary (GF(2^m)) curve parameters,\nthat make it possible to represent invalid field polynomials with a zero\nconstant term, via the above or similar APIs, may terminate abruptly as a\nresult of reading or writing outside of array bounds. Remote code execution\ncannot easily be ruled out.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Critical", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-28" + }, + "Updated": { + "Date": "2024-12-28" + }, + "BDUs": [ + { + "ID": "BDU:2023-08615", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "CWE": "CWE-325, CWE-754", + "Href": "https://bdu.fstec.ru/vul/2023-08615", + "Impact": "Low", + "Public": "20231106" + }, + { + "ID": "BDU:2024-01337", + "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://bdu.fstec.ru/vul/2024-01337", + "Impact": "Low", + "Public": "20231123" + }, + { + "ID": "BDU:2024-04109", + "CVSS": "AV:N/AC:H/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-404", + "Href": "https://bdu.fstec.ru/vul/2024-04109", + "Impact": "Low", + "Public": "20240408" + }, + { + "ID": "BDU:2024-05176", + "CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://bdu.fstec.ru/vul/2024-05176", + "Impact": "High", + "Public": "20240510" + }, + { + "ID": "BDU:2024-06988", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "CWE": "CWE-200", + "Href": "https://bdu.fstec.ru/vul/2024-06988", + "Impact": "Critical", + "Public": "20240502" + }, + { + "ID": "BDU:2024-08755", + "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "CWE": "CWE-119, CWE-787", + "Href": "https://bdu.fstec.ru/vul/2024-08755", + "Impact": "High", + "Public": "20241016" + } + ], + "CVEs": [ + { + "ID": "CVE-2023-5678", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "CWE": "CWE-754", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", + "Impact": "Low", + "Public": "20231106" + }, + { + "ID": "CVE-2024-0727", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-0727", + "Impact": "Low", + "Public": "20240126" + }, + { + "ID": "CVE-2024-2511", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", + "Impact": "None", + "Public": "20240408" + }, + { + "ID": "CVE-2024-4741", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4741", + "Impact": "None", + "Public": "20241113" + }, + { + "ID": "CVE-2024-5535", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5535", + "Impact": "None", + "Public": "20240627" + }, + { + "ID": "CVE-2024-9143", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-9143", + "Impact": "None", + "Public": "20241016" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:5001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202417181001", + "Comment": "libcrypto1.1 is earlier than 0:1.1.1w-alt0.p10.2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417181002", + "Comment": "libssl-devel is earlier than 0:1.1.1w-alt0.p10.2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417181003", + "Comment": "libssl-devel-static is earlier than 0:1.1.1w-alt0.p10.2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417181004", + "Comment": "libssl1.1 is earlier than 0:1.1.1w-alt0.p10.2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417181005", + "Comment": "openssl is earlier than 0:1.1.1w-alt0.p10.2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417181006", + "Comment": "openssl-doc is earlier than 0:1.1.1w-alt0.p10.2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417181007", + "Comment": "openssl-engines is earlier than 0:1.1.1w-alt0.p10.2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417181008", + "Comment": "tsget is earlier than 0:1.1.1w-alt0.p10.2" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17181/objects.json b/oval/c10f1/ALT-PU-2024-17181/objects.json new file mode 100644 index 0000000000..c742a800c8 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17181/objects.json @@ -0,0 +1,76 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:5001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202417181001", + "Version": "1", + "Comment": "libcrypto1.1 is installed", + "Name": "libcrypto1.1" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417181002", + "Version": "1", + "Comment": "libssl-devel is installed", + "Name": "libssl-devel" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417181003", + "Version": "1", + "Comment": "libssl-devel-static is installed", + "Name": "libssl-devel-static" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417181004", + "Version": "1", + "Comment": "libssl1.1 is installed", + "Name": "libssl1.1" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417181005", + "Version": "1", + "Comment": "openssl is installed", + "Name": "openssl" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417181006", + "Version": "1", + "Comment": "openssl-doc is installed", + "Name": "openssl-doc" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417181007", + "Version": "1", + "Comment": "openssl-engines is installed", + "Name": "openssl-engines" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417181008", + "Version": "1", + "Comment": "tsget is installed", + "Name": "tsget" + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17181/states.json b/oval/c10f1/ALT-PU-2024-17181/states.json new file mode 100644 index 0000000000..e5b798652b --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17181/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:5001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202417181001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.1.1w-alt0.p10.2", + "Arch": {}, + "EVR": { + "Text": "0:1.1.1w-alt0.p10.2", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17181/tests.json b/oval/c10f1/ALT-PU-2024-17181/tests.json new file mode 100644 index 0000000000..561c0b53f0 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17181/tests.json @@ -0,0 +1,114 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:5001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f1' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:5001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:5001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202417181001", + "Version": "1", + "Check": "all", + "Comment": "libcrypto1.1 is earlier than 0:1.1.1w-alt0.p10.2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417181001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417181001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417181002", + "Version": "1", + "Check": "all", + "Comment": "libssl-devel is earlier than 0:1.1.1w-alt0.p10.2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417181002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417181001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417181003", + "Version": "1", + "Check": "all", + "Comment": "libssl-devel-static is earlier than 0:1.1.1w-alt0.p10.2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417181003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417181001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417181004", + "Version": "1", + "Check": "all", + "Comment": "libssl1.1 is earlier than 0:1.1.1w-alt0.p10.2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417181004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417181001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417181005", + "Version": "1", + "Check": "all", + "Comment": "openssl is earlier than 0:1.1.1w-alt0.p10.2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417181005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417181001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417181006", + "Version": "1", + "Check": "all", + "Comment": "openssl-doc is earlier than 0:1.1.1w-alt0.p10.2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417181006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417181001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417181007", + "Version": "1", + "Check": "all", + "Comment": "openssl-engines is earlier than 0:1.1.1w-alt0.p10.2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417181007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417181001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417181008", + "Version": "1", + "Check": "all", + "Comment": "tsget is earlier than 0:1.1.1w-alt0.p10.2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417181008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417181001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17672/definitions.json b/oval/c10f1/ALT-PU-2024-17672/definitions.json new file mode 100644 index 0000000000..e8f88fdd88 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17672/definitions.json @@ -0,0 +1,260 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202417672", + "Version": "oval:org.altlinux.errata:def:202417672", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-17672: package `openquantumsafe-openssh` update to version 8.9p1.202310-alt3", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f1" + ], + "Products": [ + "ALT SP Workstation", + "ALT SP Server" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-17672", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-17672", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2023-03837", + "RefURL": "https://bdu.fstec.ru/vul/2023-03837", + "Source": "BDU" + }, + { + "RefID": "BDU:2023-03950", + "RefURL": "https://bdu.fstec.ru/vul/2023-03950", + "Source": "BDU" + }, + { + "RefID": "BDU:2023-08853", + "RefURL": "https://bdu.fstec.ru/vul/2023-08853", + "Source": "BDU" + }, + { + "RefID": "BDU:2023-08955", + "RefURL": "https://bdu.fstec.ru/vul/2023-08955", + "Source": "BDU" + }, + { + "RefID": "BDU:2023-08956", + "RefURL": "https://bdu.fstec.ru/vul/2023-08956", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-04914", + "RefURL": "https://bdu.fstec.ru/vul/2024-04914", + "Source": "BDU" + }, + { + "RefID": "CVE-2021-41617", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-41617", + "Source": "CVE" + }, + { + "RefID": "CVE-2023-38408", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38408", + "Source": "CVE" + }, + { + "RefID": "CVE-2023-48795", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", + "Source": "CVE" + }, + { + "RefID": "CVE-2023-51384", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-51384", + "Source": "CVE" + }, + { + "RefID": "CVE-2023-51385", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-51385", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-6387", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-6387", + "Source": "CVE" + } + ], + "Description": "This update upgrades openquantumsafe-openssh to version 8.9p1.202310-alt3. \nSecurity Fix(es):\n\n * BDU:2023-03837: Уязвимость средства криптографической защиты OpenSSH, связанная с небезопасным управлением привилегиями, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2023-03950: Уязвимость функции PKCS#11 компонента ssh-agent средства криптографической защиты OpenSSH, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-08853: Уязвимость реализации протокола SSH, связанная с возможностью откорректировать порядковые номера пакетов в процессе согласования соединения и добиться удаления произвольного числа служебных SSH-сообщений, позволяющая нарушителю обойти проверки целостности, отключить существующие функции безопасности, получить несанкционированный доступ к защищаемой информации\n\n * BDU:2023-08955: Уязвимость cредства криптографической защиты OpenSSH, связанная с внедрением или модификацией аргумента, позволяющая нарушителю выполнить произвольные команды\n\n * BDU:2023-08956: Уязвимость агента ssh-agent cредства криптографической защиты OpenSSH, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2024-04914: Уязвимость сервера средства криптографической защиты OpenSSH, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2021-41617: sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n\n * CVE-2023-38408: The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.\n\n * CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.\n\n * CVE-2023-51384: In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.\n\n * CVE-2023-51385: In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.\n\n * CVE-2024-6387: A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Critical", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-28" + }, + "Updated": { + "Date": "2024-12-28" + }, + "BDUs": [ + { + "ID": "BDU:2023-03837", + "CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C", + "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-269", + "Href": "https://bdu.fstec.ru/vul/2023-03837", + "Impact": "High", + "Public": "20210926" + }, + { + "ID": "BDU:2023-03950", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-94, CWE-426", + "Href": "https://bdu.fstec.ru/vul/2023-03950", + "Impact": "Critical", + "Public": "20230719" + }, + { + "ID": "BDU:2023-08853", + "CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:N", + "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "CWE": "CWE-222", + "Href": "https://bdu.fstec.ru/vul/2023-08853", + "Impact": "High", + "Public": "20231218" + }, + { + "ID": "BDU:2023-08955", + "CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "CWE": "CWE-74, CWE-78, CWE-707", + "Href": "https://bdu.fstec.ru/vul/2023-08955", + "Impact": "Low", + "Public": "20231218" + }, + { + "ID": "BDU:2023-08956", + "CVSS": "AV:L/AC:H/Au:S/C:C/I:N/A:N", + "CVSS3": "AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", + "CWE": "CWE-320", + "Href": "https://bdu.fstec.ru/vul/2023-08956", + "Impact": "Low", + "Public": "20231218" + }, + { + "ID": "BDU:2024-04914", + "CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "CWE": "CWE-362", + "Href": "https://bdu.fstec.ru/vul/2024-04914", + "Impact": "Critical", + "Public": "20240701" + } + ], + "CVEs": [ + { + "ID": "CVE-2021-41617", + "CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:P", + "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "NVD-CWE-Other", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-41617", + "Impact": "High", + "Public": "20210926" + }, + { + "ID": "CVE-2023-38408", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-428", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38408", + "Impact": "Critical", + "Public": "20230720" + }, + { + "ID": "CVE-2023-48795", + "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "CWE": "CWE-354", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", + "Impact": "Low", + "Public": "20231218" + }, + { + "ID": "CVE-2023-51384", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-51384", + "Impact": "Low", + "Public": "20231218" + }, + { + "ID": "CVE-2023-51385", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "CWE": "CWE-78", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-51385", + "Impact": "Low", + "Public": "20231218" + }, + { + "ID": "CVE-2024-6387", + "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-362", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-6387", + "Impact": "High", + "Public": "20240701" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:5001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202417672001", + "Comment": "openquantumsafe-openssh is earlier than 0:8.9p1.202310-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417672002", + "Comment": "openquantumsafe-openssh-askpass-common is earlier than 0:8.9p1.202310-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417672003", + "Comment": "openquantumsafe-openssh-clients is earlier than 0:8.9p1.202310-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417672004", + "Comment": "openquantumsafe-openssh-common is earlier than 0:8.9p1.202310-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417672005", + "Comment": "openquantumsafe-openssh-keysign is earlier than 0:8.9p1.202310-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417672006", + "Comment": "openquantumsafe-openssh-server is earlier than 0:8.9p1.202310-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417672007", + "Comment": "openquantumsafe-openssh-server-control is earlier than 0:8.9p1.202310-alt3" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17672/objects.json b/oval/c10f1/ALT-PU-2024-17672/objects.json new file mode 100644 index 0000000000..f1ba772fe5 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17672/objects.json @@ -0,0 +1,70 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:5001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202417672001", + "Version": "1", + "Comment": "openquantumsafe-openssh is installed", + "Name": "openquantumsafe-openssh" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417672002", + "Version": "1", + "Comment": "openquantumsafe-openssh-askpass-common is installed", + "Name": "openquantumsafe-openssh-askpass-common" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417672003", + "Version": "1", + "Comment": "openquantumsafe-openssh-clients is installed", + "Name": "openquantumsafe-openssh-clients" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417672004", + "Version": "1", + "Comment": "openquantumsafe-openssh-common is installed", + "Name": "openquantumsafe-openssh-common" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417672005", + "Version": "1", + "Comment": "openquantumsafe-openssh-keysign is installed", + "Name": "openquantumsafe-openssh-keysign" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417672006", + "Version": "1", + "Comment": "openquantumsafe-openssh-server is installed", + "Name": "openquantumsafe-openssh-server" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417672007", + "Version": "1", + "Comment": "openquantumsafe-openssh-server-control is installed", + "Name": "openquantumsafe-openssh-server-control" + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17672/states.json b/oval/c10f1/ALT-PU-2024-17672/states.json new file mode 100644 index 0000000000..5ee6a98017 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17672/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:5001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202417672001", + "Version": "1", + "Comment": "package EVR is earlier than 0:8.9p1.202310-alt3", + "Arch": {}, + "EVR": { + "Text": "0:8.9p1.202310-alt3", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17672/tests.json b/oval/c10f1/ALT-PU-2024-17672/tests.json new file mode 100644 index 0000000000..03cd222686 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17672/tests.json @@ -0,0 +1,102 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:5001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f1' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:5001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:5001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202417672001", + "Version": "1", + "Check": "all", + "Comment": "openquantumsafe-openssh is earlier than 0:8.9p1.202310-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417672001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417672001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417672002", + "Version": "1", + "Check": "all", + "Comment": "openquantumsafe-openssh-askpass-common is earlier than 0:8.9p1.202310-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417672002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417672001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417672003", + "Version": "1", + "Check": "all", + "Comment": "openquantumsafe-openssh-clients is earlier than 0:8.9p1.202310-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417672003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417672001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417672004", + "Version": "1", + "Check": "all", + "Comment": "openquantumsafe-openssh-common is earlier than 0:8.9p1.202310-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417672004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417672001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417672005", + "Version": "1", + "Check": "all", + "Comment": "openquantumsafe-openssh-keysign is earlier than 0:8.9p1.202310-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417672005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417672001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417672006", + "Version": "1", + "Check": "all", + "Comment": "openquantumsafe-openssh-server is earlier than 0:8.9p1.202310-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417672006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417672001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417672007", + "Version": "1", + "Check": "all", + "Comment": "openquantumsafe-openssh-server-control is earlier than 0:8.9p1.202310-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417672007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417672001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17674/definitions.json b/oval/c10f1/ALT-PU-2024-17674/definitions.json new file mode 100644 index 0000000000..334749eeca --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17674/definitions.json @@ -0,0 +1,91 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202417674", + "Version": "oval:org.altlinux.errata:def:202417674", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-17674: package `liboqs` update to version 0.12.0-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f1" + ], + "Products": [ + "ALT SP Workstation", + "ALT SP Server" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-17674", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-17674", + "Source": "ALTPU" + }, + { + "RefID": "CVE-2024-54137", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-54137", + "Source": "CVE" + } + ], + "Description": "This update upgrades liboqs to version 0.12.0-alt1. \nSecurity Fix(es):\n\n * CVE-2024-54137: liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-28" + }, + "Updated": { + "Date": "2024-12-28" + }, + "BDUs": null, + "CVEs": [ + { + "ID": "CVE-2024-54137", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-54137", + "Impact": "None", + "Public": "20241206" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:5001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202417674001", + "Comment": "liboqs is earlier than 0:0.12.0-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417674002", + "Comment": "liboqs-devel is earlier than 0:0.12.0-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417674003", + "Comment": "liboqs-tests is earlier than 0:0.12.0-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17674/objects.json b/oval/c10f1/ALT-PU-2024-17674/objects.json new file mode 100644 index 0000000000..2162641536 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17674/objects.json @@ -0,0 +1,46 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:5001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202417674001", + "Version": "1", + "Comment": "liboqs is installed", + "Name": "liboqs" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417674002", + "Version": "1", + "Comment": "liboqs-devel is installed", + "Name": "liboqs-devel" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417674003", + "Version": "1", + "Comment": "liboqs-tests is installed", + "Name": "liboqs-tests" + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17674/states.json b/oval/c10f1/ALT-PU-2024-17674/states.json new file mode 100644 index 0000000000..f7799224fb --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17674/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:5001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202417674001", + "Version": "1", + "Comment": "package EVR is earlier than 0:0.12.0-alt1", + "Arch": {}, + "EVR": { + "Text": "0:0.12.0-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17674/tests.json b/oval/c10f1/ALT-PU-2024-17674/tests.json new file mode 100644 index 0000000000..36e0354499 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17674/tests.json @@ -0,0 +1,54 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:5001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f1' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:5001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:5001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202417674001", + "Version": "1", + "Check": "all", + "Comment": "liboqs is earlier than 0:0.12.0-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417674001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417674001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417674002", + "Version": "1", + "Check": "all", + "Comment": "liboqs-devel is earlier than 0:0.12.0-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417674002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417674001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417674003", + "Version": "1", + "Check": "all", + "Comment": "liboqs-tests is earlier than 0:0.12.0-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417674003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417674001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17682/definitions.json b/oval/c10f1/ALT-PU-2024-17682/definitions.json new file mode 100644 index 0000000000..c22bd48f7e --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17682/definitions.json @@ -0,0 +1,117 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202417682", + "Version": "oval:org.altlinux.errata:def:202417682", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-17682: package `cjson` update to version 1.7.18-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f1" + ], + "Products": [ + "ALT SP Workstation", + "ALT SP Server" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-17682", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-17682", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-01768", + "RefURL": "https://bdu.fstec.ru/vul/2024-01768", + "Source": "BDU" + }, + { + "RefID": "CVE-2023-50471", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-50471", + "Source": "CVE" + }, + { + "RefID": "CVE-2023-50472", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-50472", + "Source": "CVE" + } + ], + "Description": "This update upgrades cjson to version 1.7.18-alt1. \nSecurity Fix(es):\n\n * BDU:2024-01768: Уязвимость функции cJSON_InsertItemInArray библиотеки для обработки JSON файлов на языке С JSON-C, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-50471: cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.\n\n * CVE-2023-50472: cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-28" + }, + "Updated": { + "Date": "2024-12-28" + }, + "BDUs": [ + { + "ID": "BDU:2024-01768", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://bdu.fstec.ru/vul/2024-01768", + "Impact": "High", + "Public": "20231204" + } + ], + "CVEs": [ + { + "ID": "CVE-2023-50471", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-50471", + "Impact": "High", + "Public": "20231214" + }, + { + "ID": "CVE-2023-50472", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-50472", + "Impact": "High", + "Public": "20231214" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:5001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202417682001", + "Comment": "libcjson is earlier than 0:1.7.18-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417682002", + "Comment": "libcjson-devel is earlier than 0:1.7.18-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17682/objects.json b/oval/c10f1/ALT-PU-2024-17682/objects.json new file mode 100644 index 0000000000..926f2be199 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17682/objects.json @@ -0,0 +1,40 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:5001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202417682001", + "Version": "1", + "Comment": "libcjson is installed", + "Name": "libcjson" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417682002", + "Version": "1", + "Comment": "libcjson-devel is installed", + "Name": "libcjson-devel" + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17682/states.json b/oval/c10f1/ALT-PU-2024-17682/states.json new file mode 100644 index 0000000000..f67d601049 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17682/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:5001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202417682001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.7.18-alt1", + "Arch": {}, + "EVR": { + "Text": "0:1.7.18-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17682/tests.json b/oval/c10f1/ALT-PU-2024-17682/tests.json new file mode 100644 index 0000000000..503dd47983 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17682/tests.json @@ -0,0 +1,42 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:5001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f1' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:5001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:5001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202417682001", + "Version": "1", + "Check": "all", + "Comment": "libcjson is earlier than 0:1.7.18-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417682001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417682001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417682002", + "Version": "1", + "Check": "all", + "Comment": "libcjson-devel is earlier than 0:1.7.18-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417682002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417682001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17791/definitions.json b/oval/c10f1/ALT-PU-2024-17791/definitions.json new file mode 100644 index 0000000000..27d18873a2 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17791/definitions.json @@ -0,0 +1,157 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202417791", + "Version": "oval:org.altlinux.errata:def:202417791", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-17791: package `vault` update to version 1.13.12-alt6", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f1" + ], + "Products": [ + "ALT SP Workstation", + "ALT SP Server" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-17791", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-17791", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-06667", + "RefURL": "https://bdu.fstec.ru/vul/2024-06667", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-09085", + "RefURL": "https://bdu.fstec.ru/vul/2024-09085", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-09147", + "RefURL": "https://bdu.fstec.ru/vul/2024-09147", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-6468", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-6468", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-8185", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8185", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-9180", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-9180", + "Source": "CVE" + } + ], + "Description": "This update upgrades vault to version 1.13.12-alt6. \nSecurity Fix(es):\n\n * BDU:2024-06667: Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, связанная с неправильной проверкой или обработкой исключительных условий, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-09085: Уязвимость алгоритма распределения данных Raft Consensus Algorithm хранилища Integrated storage (Raft) платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-09147: Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, связанная с неправильным назначением привилегий, позволяющая нарушителю повысить свои привилегии\n\n * CVE-2024-6468: Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service.\n\nWhile this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur.\n\nFixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12.\n\n * CVE-2024-8185: Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself.\n\nThis vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.\n\n * CVE-2024-9180: A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.\n\n * #52418: Необходимо закрыть CVE-2024-8185, CVE-2024-9180, CVE-2024-6468", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-28" + }, + "Updated": { + "Date": "2024-12-28" + }, + "BDUs": [ + { + "ID": "BDU:2024-06667", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-703", + "Href": "https://bdu.fstec.ru/vul/2024-06667", + "Impact": "High", + "Public": "20240711" + }, + { + "ID": "BDU:2024-09085", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-636", + "Href": "https://bdu.fstec.ru/vul/2024-09085", + "Impact": "High", + "Public": "20241031" + }, + { + "ID": "BDU:2024-09147", + "CVSS": "AV:N/AC:L/Au:M/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-266", + "Href": "https://bdu.fstec.ru/vul/2024-09147", + "Impact": "High", + "Public": "20241010" + } + ], + "CVEs": [ + { + "ID": "CVE-2024-6468", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-6468", + "Impact": "None", + "Public": "20240711" + }, + { + "ID": "CVE-2024-8185", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8185", + "Impact": "None", + "Public": "20241031" + }, + { + "ID": "CVE-2024-9180", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "CWE": "NVD-CWE-Other", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-9180", + "Impact": "High", + "Public": "20241010" + } + ], + "Bugzilla": [ + { + "ID": "52418", + "Href": "https://bugzilla.altlinux.org/52418", + "Data": "Необходимо закрыть CVE-2024-8185, CVE-2024-9180, CVE-2024-6468" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:5001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202417791001", + "Comment": "vault is earlier than 0:1.13.12-alt6" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17791/objects.json b/oval/c10f1/ALT-PU-2024-17791/objects.json new file mode 100644 index 0000000000..29bb2e2a28 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17791/objects.json @@ -0,0 +1,34 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:5001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202417791001", + "Version": "1", + "Comment": "vault is installed", + "Name": "vault" + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17791/states.json b/oval/c10f1/ALT-PU-2024-17791/states.json new file mode 100644 index 0000000000..79956e9a4c --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17791/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:5001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202417791001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.13.12-alt6", + "Arch": {}, + "EVR": { + "Text": "0:1.13.12-alt6", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-17791/tests.json b/oval/c10f1/ALT-PU-2024-17791/tests.json new file mode 100644 index 0000000000..9530d1fe44 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-17791/tests.json @@ -0,0 +1,30 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:5001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f1' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:5001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:5001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202417791001", + "Version": "1", + "Check": "all", + "Comment": "vault is earlier than 0:1.13.12-alt6", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417791001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417791001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-17177/definitions.json b/oval/c9f2/ALT-PU-2024-17177/definitions.json new file mode 100644 index 0000000000..4d03c4f614 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-17177/definitions.json @@ -0,0 +1,157 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202417177", + "Version": "oval:org.altlinux.errata:def:202417177", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-17177: package `vault` update to version 1.13.12-alt6", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c9f2" + ], + "Products": [ + "ALT SPWorkstation", + "ALT SPServer" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-17177", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-17177", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-06667", + "RefURL": "https://bdu.fstec.ru/vul/2024-06667", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-09085", + "RefURL": "https://bdu.fstec.ru/vul/2024-09085", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-09147", + "RefURL": "https://bdu.fstec.ru/vul/2024-09147", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-6468", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-6468", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-8185", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8185", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-9180", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-9180", + "Source": "CVE" + } + ], + "Description": "This update upgrades vault to version 1.13.12-alt6. \nSecurity Fix(es):\n\n * BDU:2024-06667: Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, связанная с неправильной проверкой или обработкой исключительных условий, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-09085: Уязвимость алгоритма распределения данных Raft Consensus Algorithm хранилища Integrated storage (Raft) платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-09147: Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, связанная с неправильным назначением привилегий, позволяющая нарушителю повысить свои привилегии\n\n * CVE-2024-6468: Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service.\n\nWhile this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur.\n\nFixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12.\n\n * CVE-2024-8185: Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself.\n\nThis vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.\n\n * CVE-2024-9180: A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.\n\n * #52418: Необходимо закрыть CVE-2024-8185, CVE-2024-9180, CVE-2024-6468", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-28" + }, + "Updated": { + "Date": "2024-12-28" + }, + "BDUs": [ + { + "ID": "BDU:2024-06667", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-703", + "Href": "https://bdu.fstec.ru/vul/2024-06667", + "Impact": "High", + "Public": "20240711" + }, + { + "ID": "BDU:2024-09085", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-636", + "Href": "https://bdu.fstec.ru/vul/2024-09085", + "Impact": "High", + "Public": "20241031" + }, + { + "ID": "BDU:2024-09147", + "CVSS": "AV:N/AC:L/Au:M/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-266", + "Href": "https://bdu.fstec.ru/vul/2024-09147", + "Impact": "High", + "Public": "20241010" + } + ], + "CVEs": [ + { + "ID": "CVE-2024-6468", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-6468", + "Impact": "None", + "Public": "20240711" + }, + { + "ID": "CVE-2024-8185", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8185", + "Impact": "None", + "Public": "20241031" + }, + { + "ID": "CVE-2024-9180", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "CWE": "NVD-CWE-Other", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-9180", + "Impact": "High", + "Public": "20241010" + } + ], + "Bugzilla": [ + { + "ID": "52418", + "Href": "https://bugzilla.altlinux.org/52418", + "Data": "Необходимо закрыть CVE-2024-8185, CVE-2024-9180, CVE-2024-6468" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:8.4", + "cpe:/o:alt:spserver:8.4" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:4001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202417177001", + "Comment": "vault is earlier than 0:1.13.12-alt6" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-17177/objects.json b/oval/c9f2/ALT-PU-2024-17177/objects.json new file mode 100644 index 0000000000..d200c3f7bc --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-17177/objects.json @@ -0,0 +1,34 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:4001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202417177001", + "Version": "1", + "Comment": "vault is installed", + "Name": "vault" + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-17177/states.json b/oval/c9f2/ALT-PU-2024-17177/states.json new file mode 100644 index 0000000000..6564fde10b --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-17177/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:4001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202417177001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.13.12-alt6", + "Arch": {}, + "EVR": { + "Text": "0:1.13.12-alt6", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-17177/tests.json b/oval/c9f2/ALT-PU-2024-17177/tests.json new file mode 100644 index 0000000000..40dcb91ed0 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-17177/tests.json @@ -0,0 +1,30 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:4001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c9f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:4001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:4001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202417177001", + "Version": "1", + "Check": "all", + "Comment": "vault is earlier than 0:1.13.12-alt6", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417177001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417177001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-17781/definitions.json b/oval/c9f2/ALT-PU-2024-17781/definitions.json new file mode 100644 index 0000000000..b9f2506ec1 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-17781/definitions.json @@ -0,0 +1,116 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202417781", + "Version": "oval:org.altlinux.errata:def:202417781", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-17781: package `SDL2` update to version 2.0.22-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c9f2" + ], + "Products": [ + "ALT SPWorkstation", + "ALT SPServer" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-17781", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-17781", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-01494", + "RefURL": "https://bdu.fstec.ru/vul/2024-01494", + "Source": "BDU" + }, + { + "RefID": "CVE-2021-33657", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-33657", + "Source": "CVE" + } + ], + "Description": "This update upgrades SDL2 to version 2.0.22-alt1. \nSecurity Fix(es):\n\n * BDU:2024-01494: Уязвимость компонента src/video/SDL_pixels.c библиотеки Simple DirectMedia Layer, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2021-33657: There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.\n\n * #41301: Отсутствуют статические компоненты", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-28" + }, + "Updated": { + "Date": "2024-12-28" + }, + "BDUs": [ + { + "ID": "BDU:2024-01494", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "CWE": "CWE-787", + "Href": "https://bdu.fstec.ru/vul/2024-01494", + "Impact": "High", + "Public": "20211130" + } + ], + "CVEs": [ + { + "ID": "CVE-2021-33657", + "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "CWE": "CWE-787", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-33657", + "Impact": "High", + "Public": "20220401" + } + ], + "Bugzilla": [ + { + "ID": "41301", + "Href": "https://bugzilla.altlinux.org/41301", + "Data": "Отсутствуют статические компоненты" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:8.4", + "cpe:/o:alt:spserver:8.4" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:4001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202417781001", + "Comment": "libSDL2 is earlier than 0:2.0.22-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417781002", + "Comment": "libSDL2-devel is earlier than 0:2.0.22-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417781003", + "Comment": "libSDL2-devel-static is earlier than 0:2.0.22-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-17781/objects.json b/oval/c9f2/ALT-PU-2024-17781/objects.json new file mode 100644 index 0000000000..500f41e395 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-17781/objects.json @@ -0,0 +1,46 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:4001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202417781001", + "Version": "1", + "Comment": "libSDL2 is installed", + "Name": "libSDL2" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417781002", + "Version": "1", + "Comment": "libSDL2-devel is installed", + "Name": "libSDL2-devel" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417781003", + "Version": "1", + "Comment": "libSDL2-devel-static is installed", + "Name": "libSDL2-devel-static" + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-17781/states.json b/oval/c9f2/ALT-PU-2024-17781/states.json new file mode 100644 index 0000000000..4297fa43c8 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-17781/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:4001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202417781001", + "Version": "1", + "Comment": "package EVR is earlier than 0:2.0.22-alt1", + "Arch": {}, + "EVR": { + "Text": "0:2.0.22-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-17781/tests.json b/oval/c9f2/ALT-PU-2024-17781/tests.json new file mode 100644 index 0000000000..940c455844 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-17781/tests.json @@ -0,0 +1,54 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:4001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c9f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:4001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:4001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202417781001", + "Version": "1", + "Check": "all", + "Comment": "libSDL2 is earlier than 0:2.0.22-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417781001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417781001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417781002", + "Version": "1", + "Check": "all", + "Comment": "libSDL2-devel is earlier than 0:2.0.22-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417781002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417781001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417781003", + "Version": "1", + "Check": "all", + "Comment": "libSDL2-devel-static is earlier than 0:2.0.22-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417781003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417781001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-16941/definitions.json b/oval/p10/ALT-PU-2024-16941/definitions.json new file mode 100644 index 0000000000..63e03a32d5 --- /dev/null +++ b/oval/p10/ALT-PU-2024-16941/definitions.json @@ -0,0 +1,117 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202416941", + "Version": "oval:org.altlinux.errata:def:202416941", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-16941: package `cloud-init` update to version 24.2-alt2", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit", + "ALT Container" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-16941", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-16941", + "Source": "ALTPU" + }, + { + "RefID": "CVE-2023-1786", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-1786", + "Source": "CVE" + } + ], + "Description": "This update upgrades cloud-init to version 24.2-alt2. \nSecurity Fix(es):\n\n * CVE-2023-1786: Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.\n\n * #52029: Bug in downstream altlinux", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-28" + }, + "Updated": { + "Date": "2024-12-28" + }, + "BDUs": null, + "CVEs": [ + { + "ID": "CVE-2023-1786", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "CWE": "CWE-532", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-1786", + "Impact": "Low", + "Public": "20230426" + } + ], + "Bugzilla": [ + { + "ID": "52029", + "Href": "https://bugzilla.altlinux.org/52029", + "Data": "Bug in downstream altlinux" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:container:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202416941001", + "Comment": "cloud-init is earlier than 0:24.2-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416941002", + "Comment": "cloud-init-config-etcnet is earlier than 0:24.2-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416941003", + "Comment": "cloud-init-config-netplan is earlier than 0:24.2-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416941004", + "Comment": "cloud-init-config-network-manager is earlier than 0:24.2-alt2" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-16941/objects.json b/oval/p10/ALT-PU-2024-16941/objects.json new file mode 100644 index 0000000000..131517abaa --- /dev/null +++ b/oval/p10/ALT-PU-2024-16941/objects.json @@ -0,0 +1,52 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202416941001", + "Version": "1", + "Comment": "cloud-init is installed", + "Name": "cloud-init" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416941002", + "Version": "1", + "Comment": "cloud-init-config-etcnet is installed", + "Name": "cloud-init-config-etcnet" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416941003", + "Version": "1", + "Comment": "cloud-init-config-netplan is installed", + "Name": "cloud-init-config-netplan" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416941004", + "Version": "1", + "Comment": "cloud-init-config-network-manager is installed", + "Name": "cloud-init-config-network-manager" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-16941/states.json b/oval/p10/ALT-PU-2024-16941/states.json new file mode 100644 index 0000000000..5b34cd830c --- /dev/null +++ b/oval/p10/ALT-PU-2024-16941/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202416941001", + "Version": "1", + "Comment": "package EVR is earlier than 0:24.2-alt2", + "Arch": {}, + "EVR": { + "Text": "0:24.2-alt2", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-16941/tests.json b/oval/p10/ALT-PU-2024-16941/tests.json new file mode 100644 index 0000000000..8495a8045d --- /dev/null +++ b/oval/p10/ALT-PU-2024-16941/tests.json @@ -0,0 +1,66 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202416941001", + "Version": "1", + "Check": "all", + "Comment": "cloud-init is earlier than 0:24.2-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416941001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416941001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416941002", + "Version": "1", + "Check": "all", + "Comment": "cloud-init-config-etcnet is earlier than 0:24.2-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416941002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416941001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416941003", + "Version": "1", + "Check": "all", + "Comment": "cloud-init-config-netplan is earlier than 0:24.2-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416941003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416941001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416941004", + "Version": "1", + "Check": "all", + "Comment": "cloud-init-config-network-manager is earlier than 0:24.2-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416941004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416941001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-17099/definitions.json b/oval/p10/ALT-PU-2024-17099/definitions.json new file mode 100644 index 0000000000..441d8509fd --- /dev/null +++ b/oval/p10/ALT-PU-2024-17099/definitions.json @@ -0,0 +1,756 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202417099", + "Version": "oval:org.altlinux.errata:def:202417099", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-17099: package `kernel-image-std-def` update to version 5.10.231-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit", + "ALT Container" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-17099", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-17099", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-11659", + "RefURL": "https://bdu.fstec.ru/vul/2024-11659", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-11660", + "RefURL": "https://bdu.fstec.ru/vul/2024-11660", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-50115", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50115", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50116", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50116", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50117", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50117", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50142", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50142", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50148", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50148", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50150", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50150", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50151", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50151", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50167", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50167", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50168", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50168", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50171", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50171", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50194", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50194", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50205", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50205", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50208", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50208", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50209", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50209", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50229", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50229", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50230", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50230", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50233", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50233", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50234", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50234", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50236", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50236", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50237", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50237", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50251", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50251", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50262", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50262", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50264", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50264", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50265", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50265", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50267", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50267", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50268", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50268", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50269", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50269", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50273", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50273", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50278", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50278", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50279", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50279", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50282", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50282", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50287", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50287", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50296", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50296", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50299", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50299", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50301", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50301", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50302", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50302", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-53042", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-53042", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-53052", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-53052", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-53057", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-53057", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-53059", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-53059", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-53060", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-53060", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-53061", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-53061", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-53063", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-53063", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-53066", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-53066", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-53097", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-53097", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-53101", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-53101", + "Source": "CVE" + } + ], + "Description": "This update upgrades kernel-image-std-def to version 5.10.231-alt1. \nSecurity Fix(es):\n\n * BDU:2024-11659: Уязвимость функции qdisc_tree_reduce_backlog() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-11660: Уязвимость модуля net/vmw_vsock/virtio_transport_common.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2024-50115: In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn't using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM's much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it's only the nSVM flow\nthat is broken.\n\n * CVE-2024-50116: In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug due to missing clearing of buffer delay flag\n\nSyzbot reported that after nilfs2 reads a corrupted file system image\nand degrades to read-only, the BUG_ON check for the buffer delay flag\nin submit_bh_wbc() may fail, causing a kernel bug.\n\nThis is because the buffer delay flag is not cleared when clearing the\nbuffer state flags to discard a page/folio or a buffer head. So, fix\nthis.\n\nThis became necessary when the use of nilfs2's own page clear routine\nwas expanded. This state inconsistency does not occur if the buffer\nis written normally by log writing.\n\n * CVE-2024-50117: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Guard against bad data for ATIF ACPI method\n\nIf a BIOS provides bad data in response to an ATIF method call\nthis causes a NULL pointer dereference in the caller.\n\n```\n? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1))\n? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434)\n? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2))\n? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminator 1) arch/x86/mm/fault.c:1232 (discriminator 1))\n? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642)\n? exc_page_fault (arch/x86/mm/fault.c:1542)\n? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623)\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminator 2)) amdgpu\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminator 1)) amdgpu\n```\n\nIt has been encountered on at least one system, so guard for it.\n\n(cherry picked from commit c9b7c809b89f24e9372a4e7f02d64c950b07fdee)\n\n * CVE-2024-50142: In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA's prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn't put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that's how\nprefixlen is going to be used later on.\n\n * CVE-2024-50148: In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: bnep: fix wild-memory-access in proto_unregister\n\nThere's issue as follows:\n KASAN: maybe wild-memory-access in range [0xdead...108-0xdead...10f]\n CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W\n RIP: 0010:proto_unregister+0xee/0x400\n Call Trace:\n \u003cTASK\u003e\n __do_sys_delete_module+0x318/0x580\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nAs bnep_init() ignore bnep_sock_init()'s return value, and bnep_sock_init()\nwill cleanup all resource. Then when remove bnep module will call\nbnep_sock_cleanup() to cleanup sock's resource.\nTo solve above issue just return bnep_sock_init()'s return value in\nbnep_exit().\n\n * CVE-2024-50150: In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmode should keep reference to parent\n\nThe altmode device release refers to its parent device, but without keeping\na reference to it.\n\nWhen registering the altmode, get a reference to the parent and put it in\nthe release function.\n\nBefore this fix, when using CONFIG_DEBUG_KOBJECT_RELEASE, we see issues\nlike this:\n\n[ 43.572860] kobject: 'port0.0' (ffff8880057ba008): kobject_release, parent 0000000000000000 (delayed 3000)\n[ 43.573532] kobject: 'port0.1' (ffff8880057bd008): kobject_release, parent 0000000000000000 (delayed 1000)\n[ 43.574407] kobject: 'port0' (ffff8880057b9008): kobject_release, parent 0000000000000000 (delayed 3000)\n[ 43.575059] kobject: 'port1.0' (ffff8880057ca008): kobject_release, parent 0000000000000000 (delayed 4000)\n[ 43.575908] kobject: 'port1.1' (ffff8880057c9008): kobject_release, parent 0000000000000000 (delayed 4000)\n[ 43.576908] kobject: 'typec' (ffff8880062dbc00): kobject_release, parent 0000000000000000 (delayed 4000)\n[ 43.577769] kobject: 'port1' (ffff8880057bf008): kobject_release, parent 0000000000000000 (delayed 3000)\n[ 46.612867] ==================================================================\n[ 46.613402] BUG: KASAN: slab-use-after-free in typec_altmode_release+0x38/0x129\n[ 46.614003] Read of size 8 at addr ffff8880057b9118 by task kworker/2:1/48\n[ 46.614538]\n[ 46.614668] CPU: 2 UID: 0 PID: 48 Comm: kworker/2:1 Not tainted 6.12.0-rc1-00138-gedbae730ad31 #535\n[ 46.615391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 46.616042] Workqueue: events kobject_delayed_cleanup\n[ 46.616446] Call Trace:\n[ 46.616648] \u003cTASK\u003e\n[ 46.616820] dump_stack_lvl+0x5b/0x7c\n[ 46.617112] ? typec_altmode_release+0x38/0x129\n[ 46.617470] print_report+0x14c/0x49e\n[ 46.617769] ? rcu_read_unlock_sched+0x56/0x69\n[ 46.618117] ? __virt_addr_valid+0x19a/0x1ab\n[ 46.618456] ? kmem_cache_debug_flags+0xc/0x1d\n[ 46.618807] ? typec_altmode_release+0x38/0x129\n[ 46.619161] kasan_report+0x8d/0xb4\n[ 46.619447] ? typec_altmode_release+0x38/0x129\n[ 46.619809] ? process_scheduled_works+0x3cb/0x85f\n[ 46.620185] typec_altmode_release+0x38/0x129\n[ 46.620537] ? process_scheduled_works+0x3cb/0x85f\n[ 46.620907] device_release+0xaf/0xf2\n[ 46.621206] kobject_delayed_cleanup+0x13b/0x17a\n[ 46.621584] process_scheduled_works+0x4f6/0x85f\n[ 46.621955] ? __pfx_process_scheduled_works+0x10/0x10\n[ 46.622353] ? hlock_class+0x31/0x9a\n[ 46.622647] ? lock_acquired+0x361/0x3c3\n[ 46.622956] ? move_linked_works+0x46/0x7d\n[ 46.623277] worker_thread+0x1ce/0x291\n[ 46.623582] ? __kthread_parkme+0xc8/0xdf\n[ 46.623900] ? __pfx_worker_thread+0x10/0x10\n[ 46.624236] kthread+0x17e/0x190\n[ 46.624501] ? kthread+0xfb/0x190\n[ 46.624756] ? __pfx_kthread+0x10/0x10\n[ 46.625015] ret_from_fork+0x20/0x40\n[ 46.625268] ? __pfx_kthread+0x10/0x10\n[ 46.625532] ret_from_fork_asm+0x1a/0x30\n[ 46.625805] \u003c/TASK\u003e\n[ 46.625953]\n[ 46.626056] Allocated by task 678:\n[ 46.626287] kasan_save_stack+0x24/0x44\n[ 46.626555] kasan_save_track+0x14/0x2d\n[ 46.626811] __kasan_kmalloc+0x3f/0x4d\n[ 46.627049] __kmalloc_noprof+0x1bf/0x1f0\n[ 46.627362] typec_register_port+0x23/0x491\n[ 46.627698] cros_typec_probe+0x634/0xbb6\n[ 46.628026] platform_probe+0x47/0x8c\n[ 46.628311] really_probe+0x20a/0x47d\n[ 46.628605] device_driver_attach+0x39/0x72\n[ 46.628940] bind_store+0x87/0xd7\n[ 46.629213] kernfs_fop_write_iter+0x1aa/0x218\n[ 46.629574] vfs_write+0x1d6/0x29b\n[ 46.629856] ksys_write+0xcd/0x13b\n[ 46.630128] do_syscall_64+0xd4/0x139\n[ 46.630420] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 46.630820]\n[ 46.630946] Freed by task 48:\n[ 46.631182] kasan_save_stack+0x24/0x44\n[ 46.631493] kasan_save_track+0x14/0x2d\n[ 46.631799] kasan_save_free_info+0x3f/0x4d\n[ 46.632144] __kasan_slab_free+0x37/0x45\n[ 46.632474]\n---truncated---\n\n * CVE-2024-50151: In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix OOBs when building SMB2_IOCTL request\n\nWhen using encryption, either enforced by the server or when using\n'seal' mount option, the client will squash all compound request buffers\ndown for encryption into a single iov in smb2_set_next_command().\n\nSMB2_ioctl_init() allocates a small buffer (448 bytes) to hold the\nSMB2_IOCTL request in the first iov, and if the user passes an input\nbuffer that is greater than 328 bytes, smb2_set_next_command() will\nend up writing off the end of @rqst-\u003eiov[0].iov_base as shown below:\n\n mount.cifs //srv/share /mnt -o ...,seal\n ln -s $(perl -e \"print('a')for 1..1024\") /mnt/link\n\n BUG: KASAN: slab-out-of-bounds in\n smb2_set_next_command.cold+0x1d6/0x24c [cifs]\n Write of size 4116 at addr ffff8881148fcab8 by task ln/859\n\n CPU: 1 UID: 0 PID: 859 Comm: ln Not tainted 6.12.0-rc3 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\n 1.16.3-2.fc40 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? smb2_set_next_command.cold+0x1d6/0x24c [cifs]\n print_report+0x156/0x4d9\n ? smb2_set_next_command.cold+0x1d6/0x24c [cifs]\n ? __virt_addr_valid+0x145/0x310\n ? __phys_addr+0x46/0x90\n ? smb2_set_next_command.cold+0x1d6/0x24c [cifs]\n kasan_report+0xda/0x110\n ? smb2_set_next_command.cold+0x1d6/0x24c [cifs]\n kasan_check_range+0x10f/0x1f0\n __asan_memcpy+0x3c/0x60\n smb2_set_next_command.cold+0x1d6/0x24c [cifs]\n smb2_compound_op+0x238c/0x3840 [cifs]\n ? kasan_save_track+0x14/0x30\n ? kasan_save_free_info+0x3b/0x70\n ? vfs_symlink+0x1a1/0x2c0\n ? do_symlinkat+0x108/0x1c0\n ? __pfx_smb2_compound_op+0x10/0x10 [cifs]\n ? kmem_cache_free+0x118/0x3e0\n ? cifs_get_writable_path+0xeb/0x1a0 [cifs]\n smb2_get_reparse_inode+0x423/0x540 [cifs]\n ? __pfx_smb2_get_reparse_inode+0x10/0x10 [cifs]\n ? rcu_is_watching+0x20/0x50\n ? __kmalloc_noprof+0x37c/0x480\n ? smb2_create_reparse_symlink+0x257/0x490 [cifs]\n ? smb2_create_reparse_symlink+0x38f/0x490 [cifs]\n smb2_create_reparse_symlink+0x38f/0x490 [cifs]\n ? __pfx_smb2_create_reparse_symlink+0x10/0x10 [cifs]\n ? find_held_lock+0x8a/0xa0\n ? hlock_class+0x32/0xb0\n ? __build_path_from_dentry_optional_prefix+0x19d/0x2e0 [cifs]\n cifs_symlink+0x24f/0x960 [cifs]\n ? __pfx_make_vfsuid+0x10/0x10\n ? __pfx_cifs_symlink+0x10/0x10 [cifs]\n ? make_vfsgid+0x6b/0xc0\n ? generic_permission+0x96/0x2d0\n vfs_symlink+0x1a1/0x2c0\n do_symlinkat+0x108/0x1c0\n ? __pfx_do_symlinkat+0x10/0x10\n ? strncpy_from_user+0xaa/0x160\n __x64_sys_symlinkat+0xb9/0xf0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f08d75c13bb\n\n * CVE-2024-50167: In the Linux kernel, the following vulnerability has been resolved:\n\nbe2net: fix potential memory leak in be_xmit()\n\nThe be_xmit() returns NETDEV_TX_OK without freeing skb\nin case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it.\n\n * CVE-2024-50168: In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sun3_82586: fix potential memory leak in sun3_82586_send_packet()\n\nThe sun3_82586_send_packet() returns NETDEV_TX_OK without freeing skb\nin case of skb-\u003elen being too long, add dev_kfree_skb() to fix it.\n\n * CVE-2024-50171: In the Linux kernel, the following vulnerability has been resolved:\n\nnet: systemport: fix potential memory leak in bcm_sysport_xmit()\n\nThe bcm_sysport_xmit() returns NETDEV_TX_OK without freeing skb\nin case of dma_map_single() fails, add dev_kfree_skb() to fix it.\n\n * CVE-2024-50194: In the Linux kernel, the following vulnerability has been resolved:\n\narm64: probes: Fix uprobes for big-endian kernels\n\nThe arm64 uprobes code is broken for big-endian kernels as it doesn't\nconvert the in-memory instruction encoding (which is always\nlittle-endian) into the kernel's native endianness before analyzing and\nsimulating instructions. This may result in a few distinct problems:\n\n* The kernel may may erroneously reject probing an instruction which can\n safely be probed.\n\n* The kernel may erroneously erroneously permit stepping an\n instruction out-of-line when that instruction cannot be stepped\n out-of-line safely.\n\n* The kernel may erroneously simulate instruction incorrectly dur to\n interpretting the byte-swapped encoding.\n\nThe endianness mismatch isn't caught by the compiler or sparse because:\n\n* The arch_uprobe::{insn,ixol} fields are encoded as arrays of u8, so\n the compiler and sparse have no idea these contain a little-endian\n 32-bit value. The core uprobes code populates these with a memcpy()\n which similarly does not handle endianness.\n\n* While the uprobe_opcode_t type is an alias for __le32, both\n arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() cast from u8[]\n to the similarly-named probe_opcode_t, which is an alias for u32.\n Hence there is no endianness conversion warning.\n\nFix this by changing the arch_uprobe::{insn,ixol} fields to __le32 and\nadding the appropriate __le32_to_cpu() conversions prior to consuming\nthe instruction encoding. The core uprobes copies these fields as opaque\nranges of bytes, and so is unaffected by this change.\n\nAt the same time, remove MAX_UINSN_BYTES and consistently use\nAARCH64_INSN_SIZE for clarity.\n\nTested with the following:\n\n| #include \u003cstdio.h\u003e\n| #include \u003cstdbool.h\u003e\n|\n| #define noinline __attribute__((noinline))\n|\n| static noinline void *adrp_self(void)\n| {\n| void *addr;\n|\n| asm volatile(\n| \" adrp %x0, adrp_self\\n\"\n| \" add %x0, %x0, :lo12:adrp_self\\n\"\n| : \"=r\" (addr));\n| }\n|\n|\n| int main(int argc, char *argv)\n| {\n| void *ptr = adrp_self();\n| bool equal = (ptr == adrp_self);\n|\n| printf(\"adrp_self =\u003e %p\\n\"\n| \"adrp_self() =\u003e %p\\n\"\n| \"%s\\n\",\n| adrp_self, ptr, equal ? \"EQUAL\" : \"NOT EQUAL\");\n|\n| return 0;\n| }\n\n.... where the adrp_self() function was compiled to:\n\n| 00000000004007e0 \u003cadrp_self\u003e:\n| 4007e0: 90000000 adrp x0, 400000 \u003c__ehdr_start\u003e\n| 4007e4: 911f8000 add x0, x0, #0x7e0\n| 4007e8: d65f03c0 ret\n\nBefore this patch, the ADRP is not recognized, and is assumed to be\nsteppable, resulting in corruption of the result:\n\n| # ./adrp-self\n| adrp_self =\u003e 0x4007e0\n| adrp_self() =\u003e 0x4007e0\n| EQUAL\n| # echo 'p /root/adrp-self:0x007e0' \u003e /sys/kernel/tracing/uprobe_events\n| # echo 1 \u003e /sys/kernel/tracing/events/uprobes/enable\n| # ./adrp-self\n| adrp_self =\u003e 0x4007e0\n| adrp_self() =\u003e 0xffffffffff7e0\n| NOT EQUAL\n\nAfter this patch, the ADRP is correctly recognized and simulated:\n\n| # ./adrp-self\n| adrp_self =\u003e 0x4007e0\n| adrp_self() =\u003e 0x4007e0\n| EQUAL\n| #\n| # echo 'p /root/adrp-self:0x007e0' \u003e /sys/kernel/tracing/uprobe_events\n| # echo 1 \u003e /sys/kernel/tracing/events/uprobes/enable\n| # ./adrp-self\n| adrp_self =\u003e 0x4007e0\n| adrp_self() =\u003e 0x4007e0\n| EQUAL\n\n * CVE-2024-50205: In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()\n\nThe step variable is initialized to zero. It is changed in the loop,\nbut if it's not changed it will remain zero. Add a variable check\nbefore the division.\n\nThe observed behavior was introduced by commit 826b5de90c0b\n(\"ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size\"),\nand it is difficult to show that any of the interval parameters will\nsatisfy the snd_interval_test() condition with data from the\namdtp_rate_table[] table.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n * CVE-2024-50208: In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages\n\nAvoid memory corruption while setting up Level-2 PBL pages for the non MR\nresources when num_pages \u003e 256K.\n\nThere will be a single PDE page address (contiguous pages in the case of \u003e\nPAGE_SIZE), but, current logic assumes multiple pages, leading to invalid\nmemory access after 256K PBL entries in the PDE.\n\n * CVE-2024-50209: In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Add a check for memory allocation\n\n__alloc_pbl() can return error when memory allocation fails.\nDriver is not checking the status on one of the instances.\n\n * CVE-2024-50229: In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential deadlock with newly created symlinks\n\nSyzbot reported that page_symlink(), called by nilfs_symlink(), triggers\nmemory reclamation involving the filesystem layer, which can result in\ncircular lock dependencies among the reader/writer semaphore\nnilfs-\u003ens_segctor_sem, s_writers percpu_rwsem (intwrite) and the\nfs_reclaim pseudo lock.\n\nThis is because after commit 21fc61c73c39 (\"don't put symlink bodies in\npagecache into highmem\"), the gfp flags of the page cache for symbolic\nlinks are overwritten to GFP_KERNEL via inode_nohighmem().\n\nThis is not a problem for symlinks read from the backing device, because\nthe __GFP_FS flag is dropped after inode_nohighmem() is called. However,\nwhen a new symlink is created with nilfs_symlink(), the gfp flags remain\noverwritten to GFP_KERNEL. Then, memory allocation called from\npage_symlink() etc. triggers memory reclamation including the FS layer,\nwhich may call nilfs_evict_inode() or nilfs_dirty_inode(). And these can\ncause a deadlock if they are called while nilfs-\u003ens_segctor_sem is held:\n\nFix this issue by dropping the __GFP_FS flag from the page cache GFP flags\nof newly created symlinks in the same way that nilfs_new_inode() and\n__nilfs_read_inode() do, as a workaround until we adopt nofs allocation\nscope consistently or improve the locking constraints.\n\n * CVE-2024-50230: In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug due to missing clearing of checked flag\n\nSyzbot reported that in directory operations after nilfs2 detects\nfilesystem corruption and degrades to read-only,\n__block_write_begin_int(), which is called to prepare block writes, may\nfail the BUG_ON check for accesses exceeding the folio/page size,\ntriggering a kernel bug.\n\nThis was found to be because the \"checked\" flag of a page/folio was not\ncleared when it was discarded by nilfs2's own routine, which causes the\nsanity check of directory entries to be skipped when the directory\npage/folio is reloaded. So, fix that.\n\nThis was necessary when the use of nilfs2's own page discard routine was\napplied to more than just metadata files.\n\n * CVE-2024-50233: In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()\n\nIn the ad9832_write_frequency() function, clk_get_rate() might return 0.\nThis can lead to a division by zero when calling ad9832_calc_freqreg().\nThe check if (fout \u003e (clk_get_rate(st-\u003emclk) / 2)) does not protect\nagainst the case when fout is 0. The ad9832_write_frequency() function\nis called from ad9832_write(), and fout is derived from a text buffer,\nwhich can contain any value.\n\n * CVE-2024-50234: In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlegacy: Clear stale interrupts before resuming device\n\niwl4965 fails upon resume from hibernation on my laptop. The reason\nseems to be a stale interrupt which isn't being cleared out before\ninterrupts are enabled. We end up with a race beween the resume\ntrying to bring things back up, and the restart work (queued form\nthe interrupt handler) trying to bring things down. Eventually\nthe whole thing blows up.\n\nFix the problem by clearing out any stale interrupts before\ninterrupts get enabled during resume.\n\nHere's a debug log of the indicent:\n[ 12.042589] ieee80211 phy0: il_isr ISR inta 0x00000080, enabled 0xaa00008b, fh 0x00000000\n[ 12.042625] ieee80211 phy0: il4965_irq_tasklet inta 0x00000080, enabled 0x00000000, fh 0x00000000\n[ 12.042651] iwl4965 0000:10:00.0: RF_KILL bit toggled to enable radio.\n[ 12.042653] iwl4965 0000:10:00.0: On demand firmware reload\n[ 12.042690] ieee80211 phy0: il4965_irq_tasklet End inta 0x00000000, enabled 0xaa00008b, fh 0x00000000, flags 0x00000282\n[ 12.052207] ieee80211 phy0: il4965_mac_start enter\n[ 12.052212] ieee80211 phy0: il_prep_station Add STA to driver ID 31: ff:ff:ff:ff:ff:ff\n[ 12.052244] ieee80211 phy0: il4965_set_hw_ready hardware ready\n[ 12.052324] ieee80211 phy0: il_apm_init Init card's basic functions\n[ 12.052348] ieee80211 phy0: il_apm_init L1 Enabled; Disabling L0S\n[ 12.055727] ieee80211 phy0: il4965_load_bsm Begin load bsm\n[ 12.056140] ieee80211 phy0: il4965_verify_bsm Begin verify bsm\n[ 12.058642] ieee80211 phy0: il4965_verify_bsm BSM bootstrap uCode image OK\n[ 12.058721] ieee80211 phy0: il4965_load_bsm BSM write complete, poll 1 iterations\n[ 12.058734] ieee80211 phy0: __il4965_up iwl4965 is coming up\n[ 12.058737] ieee80211 phy0: il4965_mac_start Start UP work done.\n[ 12.058757] ieee80211 phy0: __il4965_down iwl4965 is going down\n[ 12.058761] ieee80211 phy0: il_scan_cancel_timeout Scan cancel timeout\n[ 12.058762] ieee80211 phy0: il_do_scan_abort Not performing scan to abort\n[ 12.058765] ieee80211 phy0: il_clear_ucode_stations Clearing ucode stations in driver\n[ 12.058767] ieee80211 phy0: il_clear_ucode_stations No active stations found to be cleared\n[ 12.058819] ieee80211 phy0: _il_apm_stop Stop card, put in low power state\n[ 12.058827] ieee80211 phy0: _il_apm_stop_master stop master\n[ 12.058864] ieee80211 phy0: il4965_clear_free_frames 0 frames on pre-allocated heap on clear.\n[ 12.058869] ieee80211 phy0: Hardware restart was requested\n[ 16.132299] iwl4965 0000:10:00.0: START_ALIVE timeout after 4000ms.\n[ 16.132303] ------------[ cut here ]------------\n[ 16.132304] Hardware became unavailable upon resume. This could be a software issue prior to suspend or a hardware issue.\n[ 16.132338] WARNING: CPU: 0 PID: 181 at net/mac80211/util.c:1826 ieee80211_reconfig+0x8f/0x14b0 [mac80211]\n[ 16.132390] Modules linked in: ctr ccm sch_fq_codel xt_tcpudp xt_multiport xt_state iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv4 ip_tables x_tables binfmt_misc joydev mousedev btusb btrtl btintel btbcm bluetooth ecdh_generic ecc iTCO_wdt i2c_dev iwl4965 iwlegacy coretemp snd_hda_codec_analog pcspkr psmouse mac80211 snd_hda_codec_generic libarc4 sdhci_pci cqhci sha256_generic sdhci libsha256 firewire_ohci snd_hda_intel snd_intel_dspcfg mmc_core snd_hda_codec snd_hwdep firewire_core led_class iosf_mbi snd_hda_core uhci_hcd lpc_ich crc_itu_t cfg80211 ehci_pci ehci_hcd snd_pcm usbcore mfd_core rfkill snd_timer snd usb_common soundcore video parport_pc parport intel_agp wmi intel_gtt backlight e1000e agpgart evdev\n[ 16.132456] CPU: 0 UID: 0 PID: 181 Comm: kworker/u8:6 Not tainted 6.11.0-cl+ #143\n[ 16.132460] Hardware name: Hewlett-Packard HP Compaq 6910p/30BE, BIOS 68MCU Ver. F.19 07/06/2010\n[ 16.132463] Workqueue: async async_run_entry_fn\n[ 16.132469] RIP: 0010:ieee80211_reconfig+0x8f/0x14b0 [mac80211]\n[ 16.132501] Code: da 02 00 0\n---truncated---\n\n * CVE-2024-50236: In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: Fix memory leak in management tx\n\nIn the current logic, memory is allocated for storing the MSDU context\nduring management packet TX but this memory is not being freed during\nmanagement TX completion. Similar leaks are seen in the management TX\ncleanup logic.\n\nKmemleak reports this problem as below,\n\nunreferenced object 0xffffff80b64ed250 (size 16):\n comm \"kworker/u16:7\", pid 148, jiffies 4294687130 (age 714.199s)\n hex dump (first 16 bytes):\n 00 2b d8 d8 80 ff ff ff c4 74 e9 fd 07 00 00 00 .+.......t......\n backtrace:\n [\u003cffffffe6e7b245dc\u003e] __kmem_cache_alloc_node+0x1e4/0x2d8\n [\u003cffffffe6e7adde88\u003e] kmalloc_trace+0x48/0x110\n [\u003cffffffe6bbd765fc\u003e] ath10k_wmi_tlv_op_gen_mgmt_tx_send+0xd4/0x1d8 [ath10k_core]\n [\u003cffffffe6bbd3eed4\u003e] ath10k_mgmt_over_wmi_tx_work+0x134/0x298 [ath10k_core]\n [\u003cffffffe6e78d5974\u003e] process_scheduled_works+0x1ac/0x400\n [\u003cffffffe6e78d60b8\u003e] worker_thread+0x208/0x328\n [\u003cffffffe6e78dc890\u003e] kthread+0x100/0x1c0\n [\u003cffffffe6e78166c0\u003e] ret_from_fork+0x10/0x20\n\nFree the memory during completion and cleanup to fix the leak.\n\nProtect the mgmt_pending_tx idr_remove() operation in\nath10k_wmi_tlv_op_cleanup_mgmt_tx_send() using ar-\u003edata_lock similar to\nother instances.\n\nTested-on: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1\n\n * CVE-2024-50237: In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: do not pass a stopped vif to the driver in .get_txpower\n\nAvoid potentially crashing in the driver because of uninitialized private data\n\n * CVE-2024-50251: In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\n\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\n\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed.\n\n * CVE-2024-50262: In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix out-of-bounds write in trie_get_next_key()\n\ntrie_get_next_key() allocates a node stack with size trie-\u003emax_prefixlen,\nwhile it writes (trie-\u003emax_prefixlen + 1) nodes to the stack when it has\nfull paths from the root to leaves. For example, consider a trie with\nmax_prefixlen is 8, and the nodes with key 0x00/0, 0x00/1, 0x00/2, ...\n0x00/8 inserted. Subsequent calls to trie_get_next_key with _key with\n.prefixlen = 8 make 9 nodes be written on the node stack with size 8.\n\n * CVE-2024-50264: In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: Initialization of the dangling pointer occurring in vsk-\u003etrans\n\nDuring loopback communication, a dangling pointer can be created in\nvsk-\u003etrans, potentially leading to a Use-After-Free condition. This\nissue is resolved by initializing vsk-\u003etrans to NULL.\n\n * CVE-2024-50265: In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()\n\nSyzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove():\n\n[ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12\n[ 57.320420] (a.out,1161,7):ocfs2_xa_cleanup_value_truncate:1999 ERROR: Partial truncate while removing xattr overlay.upper. Leaking 1 clusters and removing the entry\n[ 57.321727] BUG: kernel NULL pointer dereference, address: 0000000000000004\n[...]\n[ 57.325727] RIP: 0010:ocfs2_xa_block_wipe_namevalue+0x2a/0xc0\n[...]\n[ 57.331328] Call Trace:\n[ 57.331477] \u003cTASK\u003e\n[...]\n[ 57.333511] ? do_user_addr_fault+0x3e5/0x740\n[ 57.333778] ? exc_page_fault+0x70/0x170\n[ 57.334016] ? asm_exc_page_fault+0x2b/0x30\n[ 57.334263] ? __pfx_ocfs2_xa_block_wipe_namevalue+0x10/0x10\n[ 57.334596] ? ocfs2_xa_block_wipe_namevalue+0x2a/0xc0\n[ 57.334913] ocfs2_xa_remove_entry+0x23/0xc0\n[ 57.335164] ocfs2_xa_set+0x704/0xcf0\n[ 57.335381] ? _raw_spin_unlock+0x1a/0x40\n[ 57.335620] ? ocfs2_inode_cache_unlock+0x16/0x20\n[ 57.335915] ? trace_preempt_on+0x1e/0x70\n[ 57.336153] ? start_this_handle+0x16c/0x500\n[ 57.336410] ? preempt_count_sub+0x50/0x80\n[ 57.336656] ? _raw_read_unlock+0x20/0x40\n[ 57.336906] ? start_this_handle+0x16c/0x500\n[ 57.337162] ocfs2_xattr_block_set+0xa6/0x1e0\n[ 57.337424] __ocfs2_xattr_set_handle+0x1fd/0x5d0\n[ 57.337706] ? ocfs2_start_trans+0x13d/0x290\n[ 57.337971] ocfs2_xattr_set+0xb13/0xfb0\n[ 57.338207] ? dput+0x46/0x1c0\n[ 57.338393] ocfs2_xattr_trusted_set+0x28/0x30\n[ 57.338665] ? ocfs2_xattr_trusted_set+0x28/0x30\n[ 57.338948] __vfs_removexattr+0x92/0xc0\n[ 57.339182] __vfs_removexattr_locked+0xd5/0x190\n[ 57.339456] ? preempt_count_sub+0x50/0x80\n[ 57.339705] vfs_removexattr+0x5f/0x100\n[...]\n\nReproducer uses faultinject facility to fail ocfs2_xa_remove() -\u003e\nocfs2_xa_value_truncate() with -ENOMEM.\n\nIn this case the comment mentions that we can return 0 if\nocfs2_xa_cleanup_value_truncate() is going to wipe the entry\nanyway. But the following 'rc' check is wrong and execution flow do\n'ocfs2_xa_remove_entry(loc);' twice:\n* 1st: in ocfs2_xa_cleanup_value_truncate();\n* 2nd: returning back to ocfs2_xa_remove() instead of going to 'out'.\n\nFix this by skipping the 2nd removal of the same entry and making\nsyzkaller repro happy.\n\n * CVE-2024-50267: In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: io_edgeport: fix use after free in debug printk\n\nThe \"dev_dbg(\u0026urb-\u003edev-\u003edev, ...\" which happens after usb_free_urb(urb)\nis a use after free of the \"urb\" pointer. Store the \"dev\" pointer at the\nstart of the function to avoid this issue.\n\n * CVE-2024-50268: In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()\n\nThe \"*cmd\" variable can be controlled by the user via debugfs. That means\n\"new_cam\" can be as high as 255 while the size of the uc-\u003eupdated[] array\nis UCSI_MAX_ALTMODES (30).\n\nThe call tree is:\nucsi_cmd() // val comes from simple_attr_write_xsigned()\n-\u003e ucsi_send_command()\n -\u003e ucsi_send_command_common()\n -\u003e ucsi_run_command() // calls ucsi-\u003eops-\u003esync_control()\n -\u003e ucsi_ccg_sync_control()\n\n * CVE-2024-50269: In the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: sunxi: Fix accessing an released usb phy\n\nCommit 6ed05c68cbca (\"usb: musb: sunxi: Explicitly release USB PHY on\nexit\") will cause that usb phy @glue-\u003exceiv is accessed after released.\n\n1) register platform driver @sunxi_musb_driver\n// get the usb phy @glue-\u003exceiv\nsunxi_musb_probe() -\u003e devm_usb_get_phy().\n\n2) register and unregister platform driver @musb_driver\nmusb_probe() -\u003e sunxi_musb_init()\nuse the phy here\n//the phy is released here\nmusb_remove() -\u003e sunxi_musb_exit() -\u003e devm_usb_put_phy()\n\n3) register @musb_driver again\nmusb_probe() -\u003e sunxi_musb_init()\nuse the phy here but the phy has been released at 2).\n...\n\nFixed by reverting the commit, namely, removing devm_usb_put_phy()\nfrom sunxi_musb_exit().\n\n * CVE-2024-50273: In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reinitialize delayed ref list after deleting it from the list\n\nAt insert_delayed_ref() if we need to update the action of an existing\nref to BTRFS_DROP_DELAYED_REF, we delete the ref from its ref head's\nref_add_list using list_del(), which leaves the ref's add_list member\nnot reinitialized, as list_del() sets the next and prev members of the\nlist to LIST_POISON1 and LIST_POISON2, respectively.\n\nIf later we end up calling drop_delayed_ref() against the ref, which can\nhappen during merging or when destroying delayed refs due to a transaction\nabort, we can trigger a crash since at drop_delayed_ref() we call\nlist_empty() against the ref's add_list, which returns false since\nthe list was not reinitialized after the list_del() and as a consequence\nwe call list_del() again at drop_delayed_ref(). This results in an\ninvalid list access since the next and prev members are set to poison\npointers, resulting in a splat if CONFIG_LIST_HARDENED and\nCONFIG_DEBUG_LIST are set or invalid poison pointer dereferences\notherwise.\n\nSo fix this by deleting from the list with list_del_init() instead.\n\n * CVE-2024-50278: In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix potential out-of-bounds access on the first resume\n\nOut-of-bounds access occurs if the fast device is expanded unexpectedly\nbefore the first-time resume of the cache table. This happens because\nexpanding the fast device requires reloading the cache table for\ncache_create to allocate new in-core data structures that fit the new\nsize, and the check in cache_preresume is not performed during the\nfirst resume, leading to the issue.\n\nReproduce steps:\n\n1. prepare component devices:\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\n\n2. load a cache table of 512 cache blocks, and deliberately expand the\n fast device before resuming the cache, making the in-core data\n structures inadequate.\n\ndmsetup create cache --notable\ndmsetup reload cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\ndmsetup reload cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup resume cdata\ndmsetup resume cache\n\n3. suspend the cache to write out the in-core dirty bitset and hint\n array, leading to out-of-bounds access to the dirty bitset at offset\n 0x40:\n\ndmsetup suspend cache\n\nKASAN reports:\n\n BUG: KASAN: vmalloc-out-of-bounds in is_dirty_callback+0x2b/0x80\n Read of size 8 at addr ffffc90000085040 by task dmsetup/90\n\n (...snip...)\n The buggy address belongs to the virtual mapping at\n [ffffc90000085000, ffffc90000087000) created by:\n cache_ctr+0x176a/0x35f0\n\n (...snip...)\n Memory state around the buggy address:\n ffffc90000084f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc90000084f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n \u003effffc90000085000: 00 00 00 00 00 00 00 00 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n ffffc90000085080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc90000085100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n\nFix by checking the size change on the first resume.\n\n * CVE-2024-50279: In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix out-of-bounds access to the dirty bitset when resizing\n\ndm-cache checks the dirty bits of the cache blocks to be dropped when\nshrinking the fast device, but an index bug in bitset iteration causes\nout-of-bounds access.\n\nReproduce steps:\n\n1. create a cache device of 1024 cache blocks (128 bytes dirty bitset)\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\n2. shrink the fast device to 512 cache blocks, triggering out-of-bounds\n access to the dirty bitset (offset 0x80)\n\ndmsetup suspend cache\ndmsetup reload cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup resume cdata\ndmsetup resume cache\n\nKASAN reports:\n\n BUG: KASAN: vmalloc-out-of-bounds in cache_preresume+0x269/0x7b0\n Read of size 8 at addr ffffc900000f3080 by task dmsetup/131\n\n (...snip...)\n The buggy address belongs to the virtual mapping at\n [ffffc900000f3000, ffffc900000f5000) created by:\n cache_ctr+0x176a/0x35f0\n\n (...snip...)\n Memory state around the buggy address:\n ffffc900000f2f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003effffc900000f3080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n ffffc900000f3100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n\nFix by making the index post-incremented.\n\n * CVE-2024-50282: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()\n\nAvoid a possible buffer overflow if size is larger than 4K.\n\n(cherry picked from commit f5d873f5825b40d886d03bd2aede91d4cf002434)\n\n * CVE-2024-50287: In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-tpg: prevent the risk of a division by zero\n\nAs reported by Coverity, the logic at tpg_precalculate_line()\nblindly rescales the buffer even when scaled_witdh is equal to\nzero. If this ever happens, this will cause a division by zero.\n\nInstead, add a WARN_ON_ONCE() to trigger such cases and return\nwithout doing any precalculation.\n\n * CVE-2024-50296: In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when uninstalling driver\n\nWhen the driver is uninstalled and the VF is disabled concurrently, a\nkernel crash occurs. The reason is that the two actions call function\npci_disable_sriov(). The num_VFs is checked to determine whether to\nrelease the corresponding resources. During the second calling, num_VFs\nis not 0 and the resource release function is called. However, the\ncorresponding resource has been released during the first invoking.\nTherefore, the problem occurs:\n\n[15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n...\n[15278.131557][T50670] Call trace:\n[15278.134686][T50670] klist_put+0x28/0x12c\n[15278.138682][T50670] klist_del+0x14/0x20\n[15278.142592][T50670] device_del+0xbc/0x3c0\n[15278.146676][T50670] pci_remove_bus_device+0x84/0x120\n[15278.151714][T50670] pci_stop_and_remove_bus_device+0x6c/0x80\n[15278.157447][T50670] pci_iov_remove_virtfn+0xb4/0x12c\n[15278.162485][T50670] sriov_disable+0x50/0x11c\n[15278.166829][T50670] pci_disable_sriov+0x24/0x30\n[15278.171433][T50670] hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3]\n[15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge]\n[15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230\n[15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30\n[15278.193848][T50670] invoke_syscall+0x50/0x11c\n[15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164\n[15278.203837][T50670] do_el0_svc+0x34/0xcc\n[15278.207834][T50670] el0_svc+0x20/0x30\n\nFor details, see the following figure.\n\n rmmod hclge disable VFs\n----------------------------------------------------\nhclge_exit() sriov_numvfs_store()\n ... device_lock()\n pci_disable_sriov() hns3_pci_sriov_configure()\n pci_disable_sriov()\n sriov_disable()\n sriov_disable() if !num_VFs :\n if !num_VFs : return;\n return; sriov_del_vfs()\n sriov_del_vfs() ...\n ... klist_put()\n klist_put() ...\n ... num_VFs = 0;\n num_VFs = 0; device_unlock();\n\nIn this patch, when driver is removing, we get the device_lock()\nto protect num_VFs, just like sriov_numvfs_store().\n\n * CVE-2024-50299: In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: properly validate chunk size in sctp_sf_ootb()\n\nA size validation fix similar to that in Commit 50619dbf8db7 (\"sctp: add\nsize validation when walking chunks\") is also required in sctp_sf_ootb()\nto address a crash reported by syzbot:\n\n BUG: KMSAN: uninit-value in sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712\n sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712\n sctp_do_sm+0x181/0x93d0 net/sctp/sm_sideeffect.c:1166\n sctp_endpoint_bh_rcv+0xc38/0xf90 net/sctp/endpointola.c:407\n sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88\n sctp_rcv+0x3831/0x3b20 net/sctp/input.c:243\n sctp4_rcv+0x42/0x50 net/sctp/protocol.c:1159\n ip_protocol_deliver_rcu+0xb51/0x13d0 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233\n\n * CVE-2024-50301: In the Linux kernel, the following vulnerability has been resolved:\n\nsecurity/keys: fix slab-out-of-bounds in key_task_permission\n\nKASAN reports an out of bounds read:\nBUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36\nBUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline]\nBUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410\nsecurity/keys/permission.c:54\nRead of size 4 at addr ffff88813c3ab618 by task stress-ng/4362\n\nCPU: 2 PID: 4362 Comm: stress-ng Not tainted 5.10.0-14930-gafbffd6c3ede #15\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0x107/0x167 lib/dump_stack.c:123\n print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n __kuid_val include/linux/uidgid.h:36 [inline]\n uid_eq include/linux/uidgid.h:63 [inline]\n key_task_permission+0x394/0x410 security/keys/permission.c:54\n search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793\n\nThis issue was also reported by syzbot.\n\nIt can be reproduced by following these steps(more details [1]):\n1. Obtain more than 32 inputs that have similar hashes, which ends with the\n pattern '0xxxxxxxe6'.\n2. Reboot and add the keys obtained in step 1.\n\nThe reproducer demonstrates how this issue happened:\n1. In the search_nested_keyrings function, when it iterates through the\n slots in a node(below tag ascend_to_node), if the slot pointer is meta\n and node-\u003eback_pointer != NULL(it means a root), it will proceed to\n descend_to_node. However, there is an exception. If node is the root,\n and one of the slots points to a shortcut, it will be treated as a\n keyring.\n2. Whether the ptr is keyring decided by keyring_ptr_is_keyring function.\n However, KEYRING_PTR_SUBTYPE is 0x2UL, the same as\n ASSOC_ARRAY_PTR_SUBTYPE_MASK.\n3. When 32 keys with the similar hashes are added to the tree, the ROOT\n has keys with hashes that are not similar (e.g. slot 0) and it splits\n NODE A without using a shortcut. When NODE A is filled with keys that\n all hashes are xxe6, the keys are similar, NODE A will split with a\n shortcut. Finally, it forms the tree as shown below, where slot 6 points\n to a shortcut.\n\n NODE A\n +------\u003e+---+\n ROOT | | 0 | xxe6\n +---+ | +---+\n xxxx | 0 | shortcut : : xxe6\n +---+ | +---+\n xxe6 : : | | | xxe6\n +---+ | +---+\n | 6 |---+ : : xxe6\n +---+ +---+\n xxe6 : : | f | xxe6\n +---+ +---+\n xxe6 | f |\n +---+\n\n4. As mentioned above, If a slot(slot 6) of the root points to a shortcut,\n it may be mistakenly transferred to a key*, leading to a read\n out-of-bounds read.\n\nTo fix this issue, one should jump to descend_to_node if the ptr is a\nshortcut, regardless of whether the node is root or not.\n\n[1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/\n\n[jarkko: tweaked the commit message a bit to have an appropriate closes\n tag.]\n\n * CVE-2024-50302: In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let's\nzero-initialize it during allocation to make sure that it can't be ever used\nto leak kernel memory via specially-crafted report.\n\n * CVE-2024-53042: In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()\n\nThere are code paths from which the function is called without holding\nthe RCU read lock, resulting in a suspicious RCU usage warning [1].\n\nFix by using l3mdev_master_upper_ifindex_by_index() which will acquire\nthe RCU read lock before calling\nl3mdev_master_upper_ifindex_by_index_rcu().\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gac8f72681cf2 #141 Not tainted\n-----------------------------\nnet/core/dev.c:876 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/361:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 3 UID: 0 PID: 361 Comm: ip Not tainted 6.12.0-rc3-custom-gac8f72681cf2 #141\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n dev_get_by_index_rcu+0x1d3/0x210\n l3mdev_master_upper_ifindex_by_index_rcu+0x2b/0xf0\n ip_tunnel_bind_dev+0x72f/0xa00\n ip_tunnel_newlink+0x368/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n * CVE-2024-53052: In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rw: fix missing NOWAIT check for O_DIRECT start write\n\nWhen io_uring starts a write, it'll call kiocb_start_write() to bump the\nsuper block rwsem, preventing any freezes from happening while that\nwrite is in-flight. The freeze side will grab that rwsem for writing,\nexcluding any new writers from happening and waiting for existing writes\nto finish. But io_uring unconditionally uses kiocb_start_write(), which\nwill block if someone is currently attempting to freeze the mount point.\nThis causes a deadlock where freeze is waiting for previous writes to\ncomplete, but the previous writes cannot complete, as the task that is\nsupposed to complete them is blocked waiting on starting a new write.\nThis results in the following stuck trace showing that dependency with\nthe write blocked starting a new write:\n\ntask:fio state:D stack:0 pid:886 tgid:886 ppid:876\nCall trace:\n __switch_to+0x1d8/0x348\n __schedule+0x8e8/0x2248\n schedule+0x110/0x3f0\n percpu_rwsem_wait+0x1e8/0x3f8\n __percpu_down_read+0xe8/0x500\n io_write+0xbb8/0xff8\n io_issue_sqe+0x10c/0x1020\n io_submit_sqes+0x614/0x2110\n __arm64_sys_io_uring_enter+0x524/0x1038\n invoke_syscall+0x74/0x268\n el0_svc_common.constprop.0+0x160/0x238\n do_el0_svc+0x44/0x60\n el0_svc+0x44/0xb0\n el0t_64_sync_handler+0x118/0x128\n el0t_64_sync+0x168/0x170\nINFO: task fsfreeze:7364 blocked for more than 15 seconds.\n Not tainted 6.12.0-rc5-00063-g76aaf945701c #7963\n\nwith the attempting freezer stuck trying to grab the rwsem:\n\ntask:fsfreeze state:D stack:0 pid:7364 tgid:7364 ppid:995\nCall trace:\n __switch_to+0x1d8/0x348\n __schedule+0x8e8/0x2248\n schedule+0x110/0x3f0\n percpu_down_write+0x2b0/0x680\n freeze_super+0x248/0x8a8\n do_vfs_ioctl+0x149c/0x1b18\n __arm64_sys_ioctl+0xd0/0x1a0\n invoke_syscall+0x74/0x268\n el0_svc_common.constprop.0+0x160/0x238\n do_el0_svc+0x44/0x60\n el0_svc+0x44/0xb0\n el0t_64_sync_handler+0x118/0x128\n el0t_64_sync+0x168/0x170\n\nFix this by having the io_uring side honor IOCB_NOWAIT, and only attempt a\nblocking grab of the super block rwsem if it isn't set. For normal issue\nwhere IOCB_NOWAIT would always be set, this returns -EAGAIN which will\nhave io_uring core issue a blocking attempt of the write. That will in\nturn also get completions run, ensuring forward progress.\n\nSince freezing requires CAP_SYS_ADMIN in the first place, this isn't\nsomething that can be triggered by a regular user.\n\n * CVE-2024-53057: In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT\n\nIn qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed\nto be either root or ingress. This assumption is bogus since it's valid\nto create egress qdiscs with major handle ffff:\nBudimir Markovic found that for qdiscs like DRR that maintain an active\nclass list, it will cause a UAF with a dangling class pointer.\n\nIn 066a3b5b2346, the concern was to avoid iterating over the ingress\nqdisc since its parent is itself. The proper fix is to stop when parent\nTC_H_ROOT is reached because the only way to retrieve ingress is when a\nhierarchy which does not contain a ffff: major handle call into\nqdisc_lookup with TC_H_MAJ(TC_H_ROOT).\n\nIn the scenario where major ffff: is an egress qdisc in any of the tree\nlevels, the updates will also propagate to TC_H_ROOT, which then the\niteration must stop.\n\n\n net/sched/sch_api.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)\n\n * CVE-2024-53059: In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()\n\n1. The size of the response packet is not validated.\n2. The response buffer is not freed.\n\nResolve these issues by switching to iwl_mvm_send_cmd_status(),\nwhich handles both size validation and frees the buffer.\n\n * CVE-2024-53060: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: prevent NULL pointer dereference if ATIF is not supported\n\nacpi_evaluate_object() may return AE_NOT_FOUND (failure), which\nwould result in dereferencing buffer.pointer (obj) while being NULL.\n\nAlthough this case may be unrealistic for the current code, it is\nstill better to protect against possible bugs.\n\nBail out also when status is AE_NOT_FOUND.\n\nThis fixes 1 FORWARD_NULL issue reported by Coverity\nReport: CID 1600951: Null pointer dereferences (FORWARD_NULL)\n\n(cherry picked from commit 91c9e221fe2553edf2db71627d8453f083de87a1)\n\n * CVE-2024-53061: In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: s5p-jpeg: prevent buffer overflows\n\nThe current logic allows word to be less than 2. If this happens,\nthere will be buffer overflows, as reported by smatch. Add extra\nchecks to prevent it.\n\nWhile here, remove an unused word = 0 assignment.\n\n * CVE-2024-53063: In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: prevent the risk of out of memory access\n\nThe dvbdev contains a static variable used to store dvb minors.\n\nThe behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set\nor not. When not set, dvb_register_device() won't check for\nboundaries, as it will rely that a previous call to\ndvb_register_adapter() would already be enforcing it.\n\nOn a similar way, dvb_device_open() uses the assumption\nthat the register functions already did the needed checks.\n\nThis can be fragile if some device ends using different\ncalls. This also generate warnings on static check analysers\nlike Coverity.\n\nSo, add explicit guards to prevent potential risk of OOM issues.\n\n * CVE-2024-53066: In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Fix KMSAN warning in decode_getfattr_attrs()\n\nFix the following KMSAN warning:\n\nCPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B\nTainted: [B]=BAD_PAGE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009)\n=====================================================\n=====================================================\nBUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90\n decode_getfattr_attrs+0x2d6d/0x2f90\n decode_getfattr_generic+0x806/0xb00\n nfs4_xdr_dec_getattr+0x1de/0x240\n rpcauth_unwrap_resp_decode+0xab/0x100\n rpcauth_unwrap_resp+0x95/0xc0\n call_decode+0x4ff/0xb50\n __rpc_execute+0x57b/0x19d0\n rpc_execute+0x368/0x5e0\n rpc_run_task+0xcfe/0xee0\n nfs4_proc_getattr+0x5b5/0x990\n __nfs_revalidate_inode+0x477/0xd00\n nfs_access_get_cached+0x1021/0x1cc0\n nfs_do_access+0x9f/0xae0\n nfs_permission+0x1e4/0x8c0\n inode_permission+0x356/0x6c0\n link_path_walk+0x958/0x1330\n path_lookupat+0xce/0x6b0\n filename_lookup+0x23e/0x770\n vfs_statx+0xe7/0x970\n vfs_fstatat+0x1f2/0x2c0\n __se_sys_newfstatat+0x67/0x880\n __x64_sys_newfstatat+0xbd/0x120\n x64_sys_call+0x1826/0x3cf0\n do_syscall_64+0xd0/0x1b0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe KMSAN warning is triggered in decode_getfattr_attrs(), when calling\ndecode_attr_mdsthreshold(). It appears that fattr-\u003emdsthreshold is not\ninitialized.\n\nFix the issue by initializing fattr-\u003emdsthreshold to NULL in\nnfs_fattr_init().\n\n * CVE-2024-53097: In the Linux kernel, the following vulnerability has been resolved:\n\nmm: krealloc: Fix MTE false alarm in __do_krealloc\n\nThis patch addresses an issue introduced by commit 1a83a716ec233 (\"mm:\nkrealloc: consider spare memory for __GFP_ZERO\") which causes MTE\n(Memory Tagging Extension) to falsely report a slab-out-of-bounds error.\n\nThe problem occurs when zeroing out spare memory in __do_krealloc. The\noriginal code only considered software-based KASAN and did not account\nfor MTE. It does not reset the KASAN tag before calling memset, leading\nto a mismatch between the pointer tag and the memory tag, resulting\nin a false positive.\n\nExample of the error:\n==================================================================\nswapper/0: BUG: KASAN: slab-out-of-bounds in __memset+0x84/0x188\nswapper/0: Write at addr f4ffff8005f0fdf0 by task swapper/0/1\nswapper/0: Pointer tag: [f4], memory tag: [fe]\nswapper/0:\nswapper/0: CPU: 4 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.\nswapper/0: Hardware name: MT6991(ENG) (DT)\nswapper/0: Call trace:\nswapper/0: dump_backtrace+0xfc/0x17c\nswapper/0: show_stack+0x18/0x28\nswapper/0: dump_stack_lvl+0x40/0xa0\nswapper/0: print_report+0x1b8/0x71c\nswapper/0: kasan_report+0xec/0x14c\nswapper/0: __do_kernel_fault+0x60/0x29c\nswapper/0: do_bad_area+0x30/0xdc\nswapper/0: do_tag_check_fault+0x20/0x34\nswapper/0: do_mem_abort+0x58/0x104\nswapper/0: el1_abort+0x3c/0x5c\nswapper/0: el1h_64_sync_handler+0x80/0xcc\nswapper/0: el1h_64_sync+0x68/0x6c\nswapper/0: __memset+0x84/0x188\nswapper/0: btf_populate_kfunc_set+0x280/0x3d8\nswapper/0: __register_btf_kfunc_id_set+0x43c/0x468\nswapper/0: register_btf_kfunc_id_set+0x48/0x60\nswapper/0: register_nf_nat_bpf+0x1c/0x40\nswapper/0: nf_nat_init+0xc0/0x128\nswapper/0: do_one_initcall+0x184/0x464\nswapper/0: do_initcall_level+0xdc/0x1b0\nswapper/0: do_initcalls+0x70/0xc0\nswapper/0: do_basic_setup+0x1c/0x28\nswapper/0: kernel_init_freeable+0x144/0x1b8\nswapper/0: kernel_init+0x20/0x1a8\nswapper/0: ret_from_fork+0x10/0x20\n==================================================================\n\n * CVE-2024-53101: In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Fix uninitialized value issue in from_kuid and from_kgid\n\nocfs2_setattr() uses attr-\u003eia_mode, attr-\u003eia_uid and attr-\u003eia_gid in\na trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren't set.\n\nInitialize all fields of newattrs to avoid uninitialized variables, by\nchecking if ATTR_MODE, ATTR_UID, ATTR_GID are initialized, otherwise 0.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-28" + }, + "Updated": { + "Date": "2024-12-28" + }, + "BDUs": [ + { + "ID": "BDU:2024-11659", + "CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C", + "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://bdu.fstec.ru/vul/2024-11659", + "Impact": "High", + "Public": "20241024" + }, + { + "ID": "BDU:2024-11660", + "CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C", + "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://bdu.fstec.ru/vul/2024-11660", + "Impact": "High", + "Public": "20241021" + } + ], + "CVEs": [ + { + "ID": "CVE-2024-50115", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50115", + "Impact": "High", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50116", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50116", + "Impact": "Low", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50117", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50117", + "Impact": "Low", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50142", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50142", + "Impact": "Low", + "Public": "20241107" + }, + { + "ID": "CVE-2024-50148", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50148", + "Impact": "Low", + "Public": "20241107" + }, + { + "ID": "CVE-2024-50150", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50150", + "Impact": "High", + "Public": "20241107" + }, + { + "ID": "CVE-2024-50151", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-787", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50151", + "Impact": "High", + "Public": "20241107" + }, + { + "ID": "CVE-2024-50167", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-401", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50167", + "Impact": "Low", + "Public": "20241107" + }, + { + "ID": "CVE-2024-50168", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-401", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50168", + "Impact": "Low", + "Public": "20241107" + }, + { + "ID": "CVE-2024-50171", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-401", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50171", + "Impact": "Low", + "Public": "20241107" + }, + { + "ID": "CVE-2024-50194", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50194", + "Impact": "Low", + "Public": "20241108" + }, + { + "ID": "CVE-2024-50205", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-369", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50205", + "Impact": "Low", + "Public": "20241108" + }, + { + "ID": "CVE-2024-50208", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50208", + "Impact": "Low", + "Public": "20241108" + }, + { + "ID": "CVE-2024-50209", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50209", + "Impact": "High", + "Public": "20241108" + }, + { + "ID": "CVE-2024-50229", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-667", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50229", + "Impact": "Low", + "Public": "20241109" + }, + { + "ID": "CVE-2024-50230", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-787", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50230", + "Impact": "High", + "Public": "20241109" + }, + { + "ID": "CVE-2024-50233", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-369", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50233", + "Impact": "Low", + "Public": "20241109" + }, + { + "ID": "CVE-2024-50234", + "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-367", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50234", + "Impact": "High", + "Public": "20241109" + }, + { + "ID": "CVE-2024-50236", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-401", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50236", + "Impact": "Low", + "Public": "20241109" + }, + { + "ID": "CVE-2024-50237", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-908", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50237", + "Impact": "Low", + "Public": "20241109" + }, + { + "ID": "CVE-2024-50251", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50251", + "Impact": "Low", + "Public": "20241109" + }, + { + "ID": "CVE-2024-50262", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-787", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50262", + "Impact": "High", + "Public": "20241109" + }, + { + "ID": "CVE-2024-50264", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50264", + "Impact": "High", + "Public": "20241119" + }, + { + "ID": "CVE-2024-50265", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50265", + "Impact": "Low", + "Public": "20241119" + }, + { + "ID": "CVE-2024-50267", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50267", + "Impact": "High", + "Public": "20241119" + }, + { + "ID": "CVE-2024-50268", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50268", + "Impact": "High", + "Public": "20241119" + }, + { + "ID": "CVE-2024-50269", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50269", + "Impact": "High", + "Public": "20241119" + }, + { + "ID": "CVE-2024-50273", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-908", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50273", + "Impact": "Low", + "Public": "20241119" + }, + { + "ID": "CVE-2024-50278", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50278", + "Impact": "High", + "Public": "20241119" + }, + { + "ID": "CVE-2024-50279", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50279", + "Impact": "High", + "Public": "20241119" + }, + { + "ID": "CVE-2024-50282", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-120", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50282", + "Impact": "High", + "Public": "20241119" + }, + { + "ID": "CVE-2024-50287", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-369", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50287", + "Impact": "Low", + "Public": "20241119" + }, + { + "ID": "CVE-2024-50296", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50296", + "Impact": "Low", + "Public": "20241119" + }, + { + "ID": "CVE-2024-50299", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-908", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50299", + "Impact": "Low", + "Public": "20241119" + }, + { + "ID": "CVE-2024-50301", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50301", + "Impact": "High", + "Public": "20241119" + }, + { + "ID": "CVE-2024-50302", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-908", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50302", + "Impact": "Low", + "Public": "20241119" + }, + { + "ID": "CVE-2024-53042", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-53042", + "Impact": "Low", + "Public": "20241119" + }, + { + "ID": "CVE-2024-53052", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-667", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-53052", + "Impact": "Low", + "Public": "20241119" + }, + { + "ID": "CVE-2024-53057", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-53057", + "Impact": "High", + "Public": "20241119" + }, + { + "ID": "CVE-2024-53059", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-53059", + "Impact": "High", + "Public": "20241119" + }, + { + "ID": "CVE-2024-53060", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-53060", + "Impact": "Low", + "Public": "20241119" + }, + { + "ID": "CVE-2024-53061", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-191", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-53061", + "Impact": "High", + "Public": "20241119" + }, + { + "ID": "CVE-2024-53063", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-755", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-53063", + "Impact": "Low", + "Public": "20241119" + }, + { + "ID": "CVE-2024-53066", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-908", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-53066", + "Impact": "Low", + "Public": "20241119" + }, + { + "ID": "CVE-2024-53097", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-53097", + "Impact": "Low", + "Public": "20241125" + }, + { + "ID": "CVE-2024-53101", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-908", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-53101", + "Impact": "Low", + "Public": "20241125" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:container:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202417099001", + "Comment": "kernel-doc-std is earlier than 2:5.10.231-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417099002", + "Comment": "kernel-headers-modules-std-def is earlier than 2:5.10.231-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417099003", + "Comment": "kernel-headers-std-def is earlier than 2:5.10.231-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417099004", + "Comment": "kernel-image-domU-std-def is earlier than 2:5.10.231-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417099005", + "Comment": "kernel-image-std-def is earlier than 2:5.10.231-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417099006", + "Comment": "kernel-image-std-def-checkinstall is earlier than 2:5.10.231-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417099007", + "Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.10.231-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417099008", + "Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.10.231-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417099009", + "Comment": "kernel-modules-drm-std-def is earlier than 2:5.10.231-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417099010", + "Comment": "kernel-modules-ide-std-def is earlier than 2:5.10.231-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417099011", + "Comment": "kernel-modules-midgard-be-m1000-std-def is earlier than 2:5.10.231-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417099012", + "Comment": "kernel-modules-staging-std-def is earlier than 2:5.10.231-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-17099/objects.json b/oval/p10/ALT-PU-2024-17099/objects.json new file mode 100644 index 0000000000..552fa65d67 --- /dev/null +++ b/oval/p10/ALT-PU-2024-17099/objects.json @@ -0,0 +1,100 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202417099001", + "Version": "1", + "Comment": "kernel-doc-std is installed", + "Name": "kernel-doc-std" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417099002", + "Version": "1", + "Comment": "kernel-headers-modules-std-def is installed", + "Name": "kernel-headers-modules-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417099003", + "Version": "1", + "Comment": "kernel-headers-std-def is installed", + "Name": "kernel-headers-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417099004", + "Version": "1", + "Comment": "kernel-image-domU-std-def is installed", + "Name": "kernel-image-domU-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417099005", + "Version": "1", + "Comment": "kernel-image-std-def is installed", + "Name": "kernel-image-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417099006", + "Version": "1", + "Comment": "kernel-image-std-def-checkinstall is installed", + "Name": "kernel-image-std-def-checkinstall" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417099007", + "Version": "1", + "Comment": "kernel-modules-drm-ancient-std-def is installed", + "Name": "kernel-modules-drm-ancient-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417099008", + "Version": "1", + "Comment": "kernel-modules-drm-nouveau-std-def is installed", + "Name": "kernel-modules-drm-nouveau-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417099009", + "Version": "1", + "Comment": "kernel-modules-drm-std-def is installed", + "Name": "kernel-modules-drm-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417099010", + "Version": "1", + "Comment": "kernel-modules-ide-std-def is installed", + "Name": "kernel-modules-ide-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417099011", + "Version": "1", + "Comment": "kernel-modules-midgard-be-m1000-std-def is installed", + "Name": "kernel-modules-midgard-be-m1000-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417099012", + "Version": "1", + "Comment": "kernel-modules-staging-std-def is installed", + "Name": "kernel-modules-staging-std-def" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-17099/states.json b/oval/p10/ALT-PU-2024-17099/states.json new file mode 100644 index 0000000000..922c83da76 --- /dev/null +++ b/oval/p10/ALT-PU-2024-17099/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202417099001", + "Version": "1", + "Comment": "package EVR is earlier than 2:5.10.231-alt1", + "Arch": {}, + "EVR": { + "Text": "2:5.10.231-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-17099/tests.json b/oval/p10/ALT-PU-2024-17099/tests.json new file mode 100644 index 0000000000..e783515172 --- /dev/null +++ b/oval/p10/ALT-PU-2024-17099/tests.json @@ -0,0 +1,162 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202417099001", + "Version": "1", + "Check": "all", + "Comment": "kernel-doc-std is earlier than 2:5.10.231-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417099001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417099001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417099002", + "Version": "1", + "Check": "all", + "Comment": "kernel-headers-modules-std-def is earlier than 2:5.10.231-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417099002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417099001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417099003", + "Version": "1", + "Check": "all", + "Comment": "kernel-headers-std-def is earlier than 2:5.10.231-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417099003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417099001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417099004", + "Version": "1", + "Check": "all", + "Comment": "kernel-image-domU-std-def is earlier than 2:5.10.231-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417099004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417099001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417099005", + "Version": "1", + "Check": "all", + "Comment": "kernel-image-std-def is earlier than 2:5.10.231-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417099005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417099001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417099006", + "Version": "1", + "Check": "all", + "Comment": "kernel-image-std-def-checkinstall is earlier than 2:5.10.231-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417099006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417099001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417099007", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.10.231-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417099007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417099001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417099008", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.10.231-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417099008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417099001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417099009", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-drm-std-def is earlier than 2:5.10.231-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417099009" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417099001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417099010", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-ide-std-def is earlier than 2:5.10.231-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417099010" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417099001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417099011", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-midgard-be-m1000-std-def is earlier than 2:5.10.231-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417099011" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417099001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417099012", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-staging-std-def is earlier than 2:5.10.231-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417099012" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417099001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-17456/definitions.json b/oval/p10/ALT-PU-2024-17456/definitions.json new file mode 100644 index 0000000000..9379ed0549 --- /dev/null +++ b/oval/p10/ALT-PU-2024-17456/definitions.json @@ -0,0 +1,234 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202417456", + "Version": "oval:org.altlinux.errata:def:202417456", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-17456: package `vim` update to version 9.1.0917-alt2", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit", + "ALT Container" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-17456", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-17456", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-06299", + "RefURL": "https://bdu.fstec.ru/vul/2024-06299", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-06478", + "RefURL": "https://bdu.fstec.ru/vul/2024-06478", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-07097", + "RefURL": "https://bdu.fstec.ru/vul/2024-07097", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-41957", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-41957", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-41965", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-41965", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-43374", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-43374", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-45306", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-45306", + "Source": "CVE" + } + ], + "Description": "This update upgrades vim to version 9.1.0917-alt2. \nSecurity Fix(es):\n\n * BDU:2024-06299: Уязвимость компонента File Name Handler текстового редактора vim, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-06478: Уязвимость функции tagstack_clear_entry() файла src/alloc.c текстового редактора vim, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-07097: Уязвимость функции alist_add() текстового редактора vim, позволяющая нарушителю выполнить произвольные автокоманды\n\n * CVE-2024-41957: Vim is an open source command line text editor. Vim \u003c v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags,\nbut it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647\n\n * CVE-2024-41965: Vim is an open source command line text editor. double-free in dialog_changed() in Vim \u003c v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648.\n\n * CVE-2024-43374: The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.\n\n * CVE-2024-45306: Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of\na line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at\nthe specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.\n\n * #51821: Для закрытия CVE-2024-43374 необходимо обновить пакет\n\n * #52413: Конфликт: файл /usr/share/vim/ftplugin/mediawiki.vim из устанавливаемого пакета vim-plugin-mediawiki-syntax-0.0-alt5.noarch конфликтует с файлом из пакета vim-common-4:9.1.0917-alt1.noarch", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-28" + }, + "Updated": { + "Date": "2024-12-28" + }, + "BDUs": [ + { + "ID": "BDU:2024-06299", + "CVSS": "AV:L/AC:H/Au:S/C:P/I:P/A:P", + "CVSS3": "AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "CWE": "CWE-415, CWE-416", + "Href": "https://bdu.fstec.ru/vul/2024-06299", + "Impact": "Low", + "Public": "20240801" + }, + { + "ID": "BDU:2024-06478", + "CVSS": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "CVSS3": "AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "CWE": "CWE-415, CWE-416", + "Href": "https://bdu.fstec.ru/vul/2024-06478", + "Impact": "Low", + "Public": "20240801" + }, + { + "ID": "BDU:2024-07097", + "CVSS": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "CVSS3": "AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "CWE": "CWE-416", + "Href": "https://bdu.fstec.ru/vul/2024-07097", + "Impact": "Low", + "Public": "20240815" + } + ], + "CVEs": [ + { + "ID": "CVE-2024-41957", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "CWE": "CWE-415", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-41957", + "Impact": "Low", + "Public": "20240801" + }, + { + "ID": "CVE-2024-41965", + "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "CWE": "CWE-415", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-41965", + "Impact": "Low", + "Public": "20240801" + }, + { + "ID": "CVE-2024-43374", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-43374", + "Impact": "None", + "Public": "20240816" + }, + { + "ID": "CVE-2024-45306", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "CWE": "CWE-787", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-45306", + "Impact": "Low", + "Public": "20240902" + } + ], + "Bugzilla": [ + { + "ID": "51821", + "Href": "https://bugzilla.altlinux.org/51821", + "Data": "Для закрытия CVE-2024-43374 необходимо обновить пакет" + }, + { + "ID": "52413", + "Href": "https://bugzilla.altlinux.org/52413", + "Data": "Конфликт: файл /usr/share/vim/ftplugin/mediawiki.vim из устанавливаемого пакета vim-plugin-mediawiki-syntax-0.0-alt5.noarch конфликтует с файлом из пакета vim-common-4:9.1.0917-alt1.noarch" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:container:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202417456001", + "Comment": "rpm-build-vim is earlier than 4:9.1.0917-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417456002", + "Comment": "vim-X11 is earlier than 4:9.1.0917-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417456003", + "Comment": "vim-X11-gnome2 is earlier than 4:9.1.0917-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417456004", + "Comment": "vim-X11-gtk2 is earlier than 4:9.1.0917-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417456005", + "Comment": "vim-X11-gtk3 is earlier than 4:9.1.0917-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417456006", + "Comment": "vim-common is earlier than 4:9.1.0917-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417456007", + "Comment": "vim-console is earlier than 4:9.1.0917-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417456008", + "Comment": "vim-enhanced is earlier than 4:9.1.0917-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417456009", + "Comment": "vim-minimal is earlier than 4:9.1.0917-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417456010", + "Comment": "vim-spell-source is earlier than 4:9.1.0917-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417456011", + "Comment": "vimtutor is earlier than 4:9.1.0917-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417456012", + "Comment": "xxd is earlier than 4:9.1.0917-alt2" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-17456/objects.json b/oval/p10/ALT-PU-2024-17456/objects.json new file mode 100644 index 0000000000..2e64665546 --- /dev/null +++ b/oval/p10/ALT-PU-2024-17456/objects.json @@ -0,0 +1,100 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202417456001", + "Version": "1", + "Comment": "rpm-build-vim is installed", + "Name": "rpm-build-vim" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417456002", + "Version": "1", + "Comment": "vim-X11 is installed", + "Name": "vim-X11" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417456003", + "Version": "1", + "Comment": "vim-X11-gnome2 is installed", + "Name": "vim-X11-gnome2" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417456004", + "Version": "1", + "Comment": "vim-X11-gtk2 is installed", + "Name": "vim-X11-gtk2" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417456005", + "Version": "1", + "Comment": "vim-X11-gtk3 is installed", + "Name": "vim-X11-gtk3" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417456006", + "Version": "1", + "Comment": "vim-common is installed", + "Name": "vim-common" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417456007", + "Version": "1", + "Comment": "vim-console is installed", + "Name": "vim-console" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417456008", + "Version": "1", + "Comment": "vim-enhanced is installed", + "Name": "vim-enhanced" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417456009", + "Version": "1", + "Comment": "vim-minimal is installed", + "Name": "vim-minimal" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417456010", + "Version": "1", + "Comment": "vim-spell-source is installed", + "Name": "vim-spell-source" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417456011", + "Version": "1", + "Comment": "vimtutor is installed", + "Name": "vimtutor" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417456012", + "Version": "1", + "Comment": "xxd is installed", + "Name": "xxd" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-17456/states.json b/oval/p10/ALT-PU-2024-17456/states.json new file mode 100644 index 0000000000..8d6492636a --- /dev/null +++ b/oval/p10/ALT-PU-2024-17456/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202417456001", + "Version": "1", + "Comment": "package EVR is earlier than 4:9.1.0917-alt2", + "Arch": {}, + "EVR": { + "Text": "4:9.1.0917-alt2", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-17456/tests.json b/oval/p10/ALT-PU-2024-17456/tests.json new file mode 100644 index 0000000000..e03bded45a --- /dev/null +++ b/oval/p10/ALT-PU-2024-17456/tests.json @@ -0,0 +1,162 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202417456001", + "Version": "1", + "Check": "all", + "Comment": "rpm-build-vim is earlier than 4:9.1.0917-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417456001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417456001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417456002", + "Version": "1", + "Check": "all", + "Comment": "vim-X11 is earlier than 4:9.1.0917-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417456002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417456001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417456003", + "Version": "1", + "Check": "all", + "Comment": "vim-X11-gnome2 is earlier than 4:9.1.0917-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417456003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417456001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417456004", + "Version": "1", + "Check": "all", + "Comment": "vim-X11-gtk2 is earlier than 4:9.1.0917-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417456004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417456001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417456005", + "Version": "1", + "Check": "all", + "Comment": "vim-X11-gtk3 is earlier than 4:9.1.0917-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417456005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417456001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417456006", + "Version": "1", + "Check": "all", + "Comment": "vim-common is earlier than 4:9.1.0917-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417456006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417456001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417456007", + "Version": "1", + "Check": "all", + "Comment": "vim-console is earlier than 4:9.1.0917-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417456007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417456001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417456008", + "Version": "1", + "Check": "all", + "Comment": "vim-enhanced is earlier than 4:9.1.0917-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417456008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417456001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417456009", + "Version": "1", + "Check": "all", + "Comment": "vim-minimal is earlier than 4:9.1.0917-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417456009" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417456001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417456010", + "Version": "1", + "Check": "all", + "Comment": "vim-spell-source is earlier than 4:9.1.0917-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417456010" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417456001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417456011", + "Version": "1", + "Check": "all", + "Comment": "vimtutor is earlier than 4:9.1.0917-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417456011" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417456001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417456012", + "Version": "1", + "Check": "all", + "Comment": "xxd is earlier than 4:9.1.0917-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417456012" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417456001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-17523/definitions.json b/oval/p10/ALT-PU-2024-17523/definitions.json new file mode 100644 index 0000000000..8f27ed67e4 --- /dev/null +++ b/oval/p10/ALT-PU-2024-17523/definitions.json @@ -0,0 +1,119 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202417523", + "Version": "oval:org.altlinux.errata:def:202417523", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-17523: package `curl` update to version 8.11.1-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit", + "ALT Container" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-17523", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-17523", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-11106", + "RefURL": "https://bdu.fstec.ru/vul/2024-11106", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-11053", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "Source": "CVE" + } + ], + "Description": "This update upgrades curl to version 8.11.1-alt1. \nSecurity Fix(es):\n\n * BDU:2024-11106: Уязвимость обработчика netrc-файлов утилиты командной строки cURL, позволяющая нарушителю получить доступ к учётным данным\n\n * CVE-2024-11053: When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Critical", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-28" + }, + "Updated": { + "Date": "2024-12-28" + }, + "BDUs": [ + { + "ID": "BDU:2024-11106", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:N", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "CWE": "CWE-200", + "Href": "https://bdu.fstec.ru/vul/2024-11106", + "Impact": "Critical", + "Public": "20241108" + } + ], + "CVEs": [ + { + "ID": "CVE-2024-11053", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "Impact": "None", + "Public": "20241211" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:container:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202417523001", + "Comment": "curl is earlier than 0:8.11.1-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417523002", + "Comment": "libcurl is earlier than 0:8.11.1-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417523003", + "Comment": "libcurl-devel is earlier than 0:8.11.1-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-17523/objects.json b/oval/p10/ALT-PU-2024-17523/objects.json new file mode 100644 index 0000000000..85e2895304 --- /dev/null +++ b/oval/p10/ALT-PU-2024-17523/objects.json @@ -0,0 +1,46 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202417523001", + "Version": "1", + "Comment": "curl is installed", + "Name": "curl" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417523002", + "Version": "1", + "Comment": "libcurl is installed", + "Name": "libcurl" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417523003", + "Version": "1", + "Comment": "libcurl-devel is installed", + "Name": "libcurl-devel" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-17523/states.json b/oval/p10/ALT-PU-2024-17523/states.json new file mode 100644 index 0000000000..d537d8aca0 --- /dev/null +++ b/oval/p10/ALT-PU-2024-17523/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202417523001", + "Version": "1", + "Comment": "package EVR is earlier than 0:8.11.1-alt1", + "Arch": {}, + "EVR": { + "Text": "0:8.11.1-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-17523/tests.json b/oval/p10/ALT-PU-2024-17523/tests.json new file mode 100644 index 0000000000..6d41539be3 --- /dev/null +++ b/oval/p10/ALT-PU-2024-17523/tests.json @@ -0,0 +1,54 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202417523001", + "Version": "1", + "Check": "all", + "Comment": "curl is earlier than 0:8.11.1-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417523001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417523001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417523002", + "Version": "1", + "Check": "all", + "Comment": "libcurl is earlier than 0:8.11.1-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417523002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417523001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417523003", + "Version": "1", + "Check": "all", + "Comment": "libcurl-devel is earlier than 0:8.11.1-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417523003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417523001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p11/ALT-PU-2024-17767/definitions.json b/oval/p11/ALT-PU-2024-17767/definitions.json new file mode 100644 index 0000000000..78159f5031 --- /dev/null +++ b/oval/p11/ALT-PU-2024-17767/definitions.json @@ -0,0 +1,79 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202417767", + "Version": "oval:org.altlinux.errata:def:202417767", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-17767: package `accel-ppp` update to version 1.13.0-alt2", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p11" + ], + "Products": [ + "ALT Container" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-17767", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-17767", + "Source": "ALTPU" + } + ], + "Description": "This update upgrades accel-ppp to version 1.13.0-alt2. \nSecurity Fix(es):\n\n * #52532: Зависает при запуске accel-pppd", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-28" + }, + "Updated": { + "Date": "2024-12-28" + }, + "BDUs": null, + "Bugzilla": [ + { + "ID": "52532", + "Href": "https://bugzilla.altlinux.org/52532", + "Data": "Зависает при запуске accel-pppd" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:container:11" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:3001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202417767001", + "Comment": "accel-ppp is earlier than 0:1.13.0-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202417767002", + "Comment": "kernel-source-accel-ppp is earlier than 0:1.13.0-alt2" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p11/ALT-PU-2024-17767/objects.json b/oval/p11/ALT-PU-2024-17767/objects.json new file mode 100644 index 0000000000..0b284fad6d --- /dev/null +++ b/oval/p11/ALT-PU-2024-17767/objects.json @@ -0,0 +1,40 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:3001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202417767001", + "Version": "1", + "Comment": "accel-ppp is installed", + "Name": "accel-ppp" + }, + { + "ID": "oval:org.altlinux.errata:obj:202417767002", + "Version": "1", + "Comment": "kernel-source-accel-ppp is installed", + "Name": "kernel-source-accel-ppp" + } + ] +} \ No newline at end of file diff --git a/oval/p11/ALT-PU-2024-17767/states.json b/oval/p11/ALT-PU-2024-17767/states.json new file mode 100644 index 0000000000..44a44832a9 --- /dev/null +++ b/oval/p11/ALT-PU-2024-17767/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:3001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202417767001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.13.0-alt2", + "Arch": {}, + "EVR": { + "Text": "0:1.13.0-alt2", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p11/ALT-PU-2024-17767/tests.json b/oval/p11/ALT-PU-2024-17767/tests.json new file mode 100644 index 0000000000..5b05a88cda --- /dev/null +++ b/oval/p11/ALT-PU-2024-17767/tests.json @@ -0,0 +1,42 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:3001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p11' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:3001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:3001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202417767001", + "Version": "1", + "Check": "all", + "Comment": "accel-ppp is earlier than 0:1.13.0-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417767001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417767001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202417767002", + "Version": "1", + "Check": "all", + "Comment": "kernel-source-accel-ppp is earlier than 0:1.13.0-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202417767002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202417767001" + } + } + ] +} \ No newline at end of file