diff --git a/oval/c10f1/ALT-PU-2014-1407/definitions.json b/oval/c10f1/ALT-PU-2014-1407/definitions.json index a67f8d0fb1..0fa86af357 100644 --- a/oval/c10f1/ALT-PU-2014-1407/definitions.json +++ b/oval/c10f1/ALT-PU-2014-1407/definitions.json @@ -399,10 +399,11 @@ }, { "ID": "BDU:2014-00242", - "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "CWE": "CWE-264", "Href": "https://bdu.fstec.ru/vul/2014-00242", - "Impact": "Low", + "Impact": "High", "Public": "20140319" }, { diff --git a/oval/c10f1/ALT-PU-2014-1408/definitions.json b/oval/c10f1/ALT-PU-2014-1408/definitions.json index e3ce14d6cb..eef4a3959b 100644 --- a/oval/c10f1/ALT-PU-2014-1408/definitions.json +++ b/oval/c10f1/ALT-PU-2014-1408/definitions.json @@ -334,10 +334,11 @@ }, { "ID": "BDU:2014-00242", - "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "CWE": "CWE-264", "Href": "https://bdu.fstec.ru/vul/2014-00242", - "Impact": "Low", + "Impact": "High", "Public": "20140319" }, { diff --git a/oval/c10f1/ALT-PU-2014-1411/definitions.json b/oval/c10f1/ALT-PU-2014-1411/definitions.json index a00c247688..eb4161c97a 100644 --- a/oval/c10f1/ALT-PU-2014-1411/definitions.json +++ b/oval/c10f1/ALT-PU-2014-1411/definitions.json @@ -394,10 +394,11 @@ }, { "ID": "BDU:2014-00242", - "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "CWE": "CWE-264", "Href": "https://bdu.fstec.ru/vul/2014-00242", - "Impact": "Low", + "Impact": "High", "Public": "20140319" }, { diff --git a/oval/c10f1/ALT-PU-2024-16638/definitions.json b/oval/c10f1/ALT-PU-2024-16638/definitions.json new file mode 100644 index 0000000000..1456581cd6 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16638/definitions.json @@ -0,0 +1,444 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202416638", + "Version": "oval:org.altlinux.errata:def:202416638", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-16638: package `zabbix` update to version 7.0.6-alt0.c10f1.1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f1" + ], + "Products": [ + "ALT SP Workstation", + "ALT SP Server" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-16638", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-16638", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-10543", + "RefURL": "https://bdu.fstec.ru/vul/2024-10543", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-10773", + "RefURL": "https://bdu.fstec.ru/vul/2024-10773", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-10774", + "RefURL": "https://bdu.fstec.ru/vul/2024-10774", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-10775", + "RefURL": "https://bdu.fstec.ru/vul/2024-10775", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-10776", + "RefURL": "https://bdu.fstec.ru/vul/2024-10776", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-10777", + "RefURL": "https://bdu.fstec.ru/vul/2024-10777", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-10864", + "RefURL": "https://bdu.fstec.ru/vul/2024-10864", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-10866", + "RefURL": "https://bdu.fstec.ru/vul/2024-10866", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-22117", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-22117", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-36463", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-36463", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-36466", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-36466", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-36467", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-36467", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-36468", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-36468", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-42326", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-42326", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-42327", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-42327", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-42328", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-42328", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-42329", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-42329", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-42330", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-42330", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-42331", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-42331", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-42332", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-42332", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-42333", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-42333", + "Source": "CVE" + } + ], + "Description": "This update upgrades zabbix to version 7.0.6-alt0.c10f1.1. \nSecurity Fix(es):\n\n * BDU:2024-10543: Уязвимость функции addRelatedObjects универсальной системы мониторинга Zabbix, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2024-10773: Уязвимость демона snmptrapd универсальной системы мониторинга Zabbix, позволяющая нарушителю осуществить подмену пользовательского интерфейса\n\n * BDU:2024-10774: Уязвимость сервера универсальной системы мониторинга Zabbix, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2024-10775: Уязвимость функции str_base64_encode_rfc2047() сервера универсальной системы мониторинга Zabbix, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-10776: Уязвимость функции zbx_snmp_cache_handle_engineid() прокси-сервера универсальной системы мониторинга Zabbix, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-10777: Уязвимость интерфейса универсальной системы мониторинга Zabbix, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2024-10864: Уязвимость метода atob универсальной системы мониторинга Zabbix, позволяющая нарушителю оказать воздействие на целостность защищаемой информации\n\n * BDU:2024-10866: Уязвимость механизма аутентификации Single sign-on (SSO) универсальной системы мониторинга Zabbix, позволяющая нарушителю обойти существующие ограничения безопасности и повысить свои привилегии\n\n * CVE-2024-22117: When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.\n\n * CVE-2024-36463: The implementation of atob in \"Zabbix JS\" allows to create a string with arbitrary content and use it to access internal properties of objects.\n\n * CVE-2024-36466: A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.\n\n * CVE-2024-36467: An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.\n\n * CVE-2024-36468: The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session-\u003esecurityEngineID to local_record.engineid without proper bounds checking.\n\n * CVE-2024-42326: There was discovered a use after free bug in browser.c in the es_browser_get_variant function\n\n * CVE-2024-42327: A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.\n\n * CVE-2024-42328: When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server's response is an empty document, then wd-\u003edata in the code below will remain NULL and an attempt to read from it will result in a crash.\n\n * CVE-2024-42329: The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd-\u003eerror will be NULL and trying to read from it will result in a crash.\n\n * CVE-2024-42330: The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.\n\n * CVE-2024-42331: In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd-\u003ebrowser heap pointer is freed by garbage collection.\n\n * CVE-2024-42332: The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.\n\n * CVE-2024-42333: The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Critical", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-11" + }, + "Updated": { + "Date": "2024-12-11" + }, + "BDUs": [ + { + "ID": "BDU:2024-10543", + "CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "CWE": "CWE-89", + "Href": "https://bdu.fstec.ru/vul/2024-10543", + "Impact": "Critical", + "Public": "20241127" + }, + { + "ID": "BDU:2024-10773", + "CVSS": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "CWE": "CWE-117", + "Href": "https://bdu.fstec.ru/vul/2024-10773", + "Impact": "Low", + "Public": "20241127" + }, + { + "ID": "BDU:2024-10774", + "CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "CWE": "CWE-134", + "Href": "https://bdu.fstec.ru/vul/2024-10774", + "Impact": "Critical", + "Public": "20241127" + }, + { + "ID": "BDU:2024-10775", + "CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "CWE": "CWE-126", + "Href": "https://bdu.fstec.ru/vul/2024-10775", + "Impact": "Low", + "Public": "20240910" + }, + { + "ID": "BDU:2024-10776", + "CVSS": "AV:N/AC:H/Au:S/C:P/I:N/A:N", + "CVSS3": "AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", + "CWE": "CWE-121", + "Href": "https://bdu.fstec.ru/vul/2024-10776", + "Impact": "Low", + "Public": "20241127" + }, + { + "ID": "BDU:2024-10777", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "CWE": "CWE-285", + "Href": "https://bdu.fstec.ru/vul/2024-10777", + "Impact": "High", + "Public": "20240528" + }, + { + "ID": "BDU:2024-10864", + "CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-767", + "Href": "https://bdu.fstec.ru/vul/2024-10864", + "Impact": "Low", + "Public": "20240528" + }, + { + "ID": "BDU:2024-10866", + "CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-290", + "Href": "https://bdu.fstec.ru/vul/2024-10866", + "Impact": "High", + "Public": "20240528" + } + ], + "CVEs": [ + { + "ID": "CVE-2024-22117", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-22117", + "Impact": "None", + "Public": "20241126" + }, + { + "ID": "CVE-2024-36463", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-36463", + "Impact": "None", + "Public": "20241126" + }, + { + "ID": "CVE-2024-36466", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-36466", + "Impact": "None", + "Public": "20241128" + }, + { + "ID": "CVE-2024-36467", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-36467", + "Impact": "None", + "Public": "20241127" + }, + { + "ID": "CVE-2024-36468", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-36468", + "Impact": "None", + "Public": "20241127" + }, + { + "ID": "CVE-2024-42326", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-42326", + "Impact": "None", + "Public": "20241127" + }, + { + "ID": "CVE-2024-42327", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-42327", + "Impact": "None", + "Public": "20241127" + }, + { + "ID": "CVE-2024-42328", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-42328", + "Impact": "None", + "Public": "20241127" + }, + { + "ID": "CVE-2024-42329", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-42329", + "Impact": "None", + "Public": "20241127" + }, + { + "ID": "CVE-2024-42330", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-42330", + "Impact": "None", + "Public": "20241127" + }, + { + "ID": "CVE-2024-42331", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-42331", + "Impact": "None", + "Public": "20241127" + }, + { + "ID": "CVE-2024-42332", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-42332", + "Impact": "None", + "Public": "20241127" + }, + { + "ID": "CVE-2024-42333", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-42333", + "Impact": "None", + "Public": "20241127" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:4001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202416638001", + "Comment": "zabbix-agent is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638002", + "Comment": "zabbix-agent-sudo is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638003", + "Comment": "zabbix-agent2 is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638004", + "Comment": "zabbix-common is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638005", + "Comment": "zabbix-common-database-mysql is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638006", + "Comment": "zabbix-common-database-pgsql is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638007", + "Comment": "zabbix-common-database-sqlite3 is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638008", + "Comment": "zabbix-contrib is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638009", + "Comment": "zabbix-doc is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638010", + "Comment": "zabbix-java-gateway is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638011", + "Comment": "zabbix-phpfrontend-apache2 is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638012", + "Comment": "zabbix-phpfrontend-apache2-mod_php8.0 is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638013", + "Comment": "zabbix-phpfrontend-apache2-mod_php8.1 is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638014", + "Comment": "zabbix-phpfrontend-apache2-mod_php8.2 is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638015", + "Comment": "zabbix-phpfrontend-engine is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638016", + "Comment": "zabbix-phpfrontend-nginx is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638017", + "Comment": "zabbix-phpfrontend-nginx-php8.0-fpm-fcgi is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638018", + "Comment": "zabbix-phpfrontend-nginx-php8.1-fpm-fcgi is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638019", + "Comment": "zabbix-phpfrontend-nginx-php8.2-fpm-fcgi is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638020", + "Comment": "zabbix-phpfrontend-php8.0 is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638021", + "Comment": "zabbix-phpfrontend-php8.1 is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638022", + "Comment": "zabbix-phpfrontend-php8.2 is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638023", + "Comment": "zabbix-proxy is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638024", + "Comment": "zabbix-proxy-common is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638025", + "Comment": "zabbix-proxy-pgsql is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638026", + "Comment": "zabbix-server-common is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638027", + "Comment": "zabbix-server-mysql is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638028", + "Comment": "zabbix-server-pgsql is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638029", + "Comment": "zabbix-source is earlier than 1:7.0.6-alt0.c10f1.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416638030", + "Comment": "zabbix-web-service is earlier than 1:7.0.6-alt0.c10f1.1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16638/objects.json b/oval/c10f1/ALT-PU-2024-16638/objects.json new file mode 100644 index 0000000000..3b1544ad60 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16638/objects.json @@ -0,0 +1,208 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:4001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202416638001", + "Version": "1", + "Comment": "zabbix-agent is installed", + "Name": "zabbix-agent" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638002", + "Version": "1", + "Comment": "zabbix-agent-sudo is installed", + "Name": "zabbix-agent-sudo" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638003", + "Version": "1", + "Comment": "zabbix-agent2 is installed", + "Name": "zabbix-agent2" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638004", + "Version": "1", + "Comment": "zabbix-common is installed", + "Name": "zabbix-common" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638005", + "Version": "1", + "Comment": "zabbix-common-database-mysql is installed", + "Name": "zabbix-common-database-mysql" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638006", + "Version": "1", + "Comment": "zabbix-common-database-pgsql is installed", + "Name": "zabbix-common-database-pgsql" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638007", + "Version": "1", + "Comment": "zabbix-common-database-sqlite3 is installed", + "Name": "zabbix-common-database-sqlite3" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638008", + "Version": "1", + "Comment": "zabbix-contrib is installed", + "Name": "zabbix-contrib" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638009", + "Version": "1", + "Comment": "zabbix-doc is installed", + "Name": "zabbix-doc" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638010", + "Version": "1", + "Comment": "zabbix-java-gateway is installed", + "Name": "zabbix-java-gateway" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638011", + "Version": "1", + "Comment": "zabbix-phpfrontend-apache2 is installed", + "Name": "zabbix-phpfrontend-apache2" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638012", + "Version": "1", + "Comment": "zabbix-phpfrontend-apache2-mod_php8.0 is installed", + "Name": "zabbix-phpfrontend-apache2-mod_php8.0" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638013", + "Version": "1", + "Comment": "zabbix-phpfrontend-apache2-mod_php8.1 is installed", + "Name": "zabbix-phpfrontend-apache2-mod_php8.1" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638014", + "Version": "1", + "Comment": "zabbix-phpfrontend-apache2-mod_php8.2 is installed", + "Name": "zabbix-phpfrontend-apache2-mod_php8.2" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638015", + "Version": "1", + "Comment": "zabbix-phpfrontend-engine is installed", + "Name": "zabbix-phpfrontend-engine" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638016", + "Version": "1", + "Comment": "zabbix-phpfrontend-nginx is installed", + "Name": "zabbix-phpfrontend-nginx" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638017", + "Version": "1", + "Comment": "zabbix-phpfrontend-nginx-php8.0-fpm-fcgi is installed", + "Name": "zabbix-phpfrontend-nginx-php8.0-fpm-fcgi" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638018", + "Version": "1", + "Comment": "zabbix-phpfrontend-nginx-php8.1-fpm-fcgi is installed", + "Name": "zabbix-phpfrontend-nginx-php8.1-fpm-fcgi" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638019", + "Version": "1", + "Comment": "zabbix-phpfrontend-nginx-php8.2-fpm-fcgi is installed", + "Name": "zabbix-phpfrontend-nginx-php8.2-fpm-fcgi" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638020", + "Version": "1", + "Comment": "zabbix-phpfrontend-php8.0 is installed", + "Name": "zabbix-phpfrontend-php8.0" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638021", + "Version": "1", + "Comment": "zabbix-phpfrontend-php8.1 is installed", + "Name": "zabbix-phpfrontend-php8.1" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638022", + "Version": "1", + "Comment": "zabbix-phpfrontend-php8.2 is installed", + "Name": "zabbix-phpfrontend-php8.2" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638023", + "Version": "1", + "Comment": "zabbix-proxy is installed", + "Name": "zabbix-proxy" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638024", + "Version": "1", + "Comment": "zabbix-proxy-common is installed", + "Name": "zabbix-proxy-common" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638025", + "Version": "1", + "Comment": "zabbix-proxy-pgsql is installed", + "Name": "zabbix-proxy-pgsql" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638026", + "Version": "1", + "Comment": "zabbix-server-common is installed", + "Name": "zabbix-server-common" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638027", + "Version": "1", + "Comment": "zabbix-server-mysql is installed", + "Name": "zabbix-server-mysql" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638028", + "Version": "1", + "Comment": "zabbix-server-pgsql is installed", + "Name": "zabbix-server-pgsql" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638029", + "Version": "1", + "Comment": "zabbix-source is installed", + "Name": "zabbix-source" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416638030", + "Version": "1", + "Comment": "zabbix-web-service is installed", + "Name": "zabbix-web-service" + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16638/states.json b/oval/c10f1/ALT-PU-2024-16638/states.json new file mode 100644 index 0000000000..a0ed5f3de3 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16638/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:4001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202416638001", + "Version": "1", + "Comment": "package EVR is earlier than 1:7.0.6-alt0.c10f1.1", + "Arch": {}, + "EVR": { + "Text": "1:7.0.6-alt0.c10f1.1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16638/tests.json b/oval/c10f1/ALT-PU-2024-16638/tests.json new file mode 100644 index 0000000000..5b4793fceb --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16638/tests.json @@ -0,0 +1,378 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:4001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f1' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:4001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:4001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202416638001", + "Version": "1", + "Check": "all", + "Comment": "zabbix-agent is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638002", + "Version": "1", + "Check": "all", + "Comment": "zabbix-agent-sudo is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638003", + "Version": "1", + "Check": "all", + "Comment": "zabbix-agent2 is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638004", + "Version": "1", + "Check": "all", + "Comment": "zabbix-common is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638005", + "Version": "1", + "Check": "all", + "Comment": "zabbix-common-database-mysql is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638006", + "Version": "1", + "Check": "all", + "Comment": "zabbix-common-database-pgsql is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638007", + "Version": "1", + "Check": "all", + "Comment": "zabbix-common-database-sqlite3 is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638008", + "Version": "1", + "Check": "all", + "Comment": "zabbix-contrib is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638009", + "Version": "1", + "Check": "all", + "Comment": "zabbix-doc is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638009" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638010", + "Version": "1", + "Check": "all", + "Comment": "zabbix-java-gateway is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638010" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638011", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-apache2 is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638011" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638012", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-apache2-mod_php8.0 is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638012" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638013", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-apache2-mod_php8.1 is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638013" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638014", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-apache2-mod_php8.2 is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638014" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638015", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-engine is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638015" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638016", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-nginx is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638016" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638017", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-nginx-php8.0-fpm-fcgi is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638017" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638018", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-nginx-php8.1-fpm-fcgi is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638018" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638019", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-nginx-php8.2-fpm-fcgi is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638019" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638020", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-php8.0 is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638020" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638021", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-php8.1 is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638021" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638022", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-php8.2 is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638022" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638023", + "Version": "1", + "Check": "all", + "Comment": "zabbix-proxy is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638023" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638024", + "Version": "1", + "Check": "all", + "Comment": "zabbix-proxy-common is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638024" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638025", + "Version": "1", + "Check": "all", + "Comment": "zabbix-proxy-pgsql is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638025" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638026", + "Version": "1", + "Check": "all", + "Comment": "zabbix-server-common is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638026" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638027", + "Version": "1", + "Check": "all", + "Comment": "zabbix-server-mysql is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638027" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638028", + "Version": "1", + "Check": "all", + "Comment": "zabbix-server-pgsql is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638028" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638029", + "Version": "1", + "Check": "all", + "Comment": "zabbix-source is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638029" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416638030", + "Version": "1", + "Check": "all", + "Comment": "zabbix-web-service is earlier than 1:7.0.6-alt0.c10f1.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416638030" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416638001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16690/definitions.json b/oval/c10f1/ALT-PU-2024-16690/definitions.json new file mode 100644 index 0000000000..b66790118b --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16690/definitions.json @@ -0,0 +1,115 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202416690", + "Version": "oval:org.altlinux.errata:def:202416690", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-16690: package `xalan-j2` update to version 2.7.3-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f1" + ], + "Products": [ + "ALT SP Workstation", + "ALT SP Server" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-16690", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-16690", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2022-04788", + "RefURL": "https://bdu.fstec.ru/vul/2022-04788", + "Source": "BDU" + }, + { + "RefID": "CVE-2022-34169", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", + "Source": "CVE" + } + ], + "Description": "This update upgrades xalan-j2 to version 2.7.3-alt1. \nSecurity Fix(es):\n\n * BDU:2022-04788: Уязвимость библиотеки Apache Xalan Java XSLT, связанная с ошибкой приведения целочисленного значения, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2022-34169: The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.\n\n * #52280: Для закрытия CVE-2022-34169 необходимо обновить пакет", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-11" + }, + "Updated": { + "Date": "2024-12-11" + }, + "BDUs": [ + { + "ID": "BDU:2022-04788", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:C/A:N", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "CWE": "CWE-192", + "Href": "https://bdu.fstec.ru/vul/2022-04788", + "Impact": "High", + "Public": "20220713" + } + ], + "CVEs": [ + { + "ID": "CVE-2022-34169", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "CWE": "CWE-681", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", + "Impact": "High", + "Public": "20220719" + } + ], + "Bugzilla": [ + { + "ID": "52280", + "Href": "https://bugzilla.altlinux.org/52280", + "Data": "Для закрытия CVE-2022-34169 необходимо обновить пакет" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:4001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202416690001", + "Comment": "xalan-j2 is earlier than 0:2.7.3-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416690002", + "Comment": "xalan-j2-manual is earlier than 0:2.7.3-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416690003", + "Comment": "xalan-j2-xsltc is earlier than 0:2.7.3-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16690/objects.json b/oval/c10f1/ALT-PU-2024-16690/objects.json new file mode 100644 index 0000000000..ac4fc0f9b6 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16690/objects.json @@ -0,0 +1,46 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:4001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202416690001", + "Version": "1", + "Comment": "xalan-j2 is installed", + "Name": "xalan-j2" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416690002", + "Version": "1", + "Comment": "xalan-j2-manual is installed", + "Name": "xalan-j2-manual" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416690003", + "Version": "1", + "Comment": "xalan-j2-xsltc is installed", + "Name": "xalan-j2-xsltc" + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16690/states.json b/oval/c10f1/ALT-PU-2024-16690/states.json new file mode 100644 index 0000000000..a3055e9ba0 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16690/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:4001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202416690001", + "Version": "1", + "Comment": "package EVR is earlier than 0:2.7.3-alt1", + "Arch": {}, + "EVR": { + "Text": "0:2.7.3-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16690/tests.json b/oval/c10f1/ALT-PU-2024-16690/tests.json new file mode 100644 index 0000000000..48ce4265fe --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16690/tests.json @@ -0,0 +1,54 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:4001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f1' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:4001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:4001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202416690001", + "Version": "1", + "Check": "all", + "Comment": "xalan-j2 is earlier than 0:2.7.3-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416690001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416690001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416690002", + "Version": "1", + "Check": "all", + "Comment": "xalan-j2-manual is earlier than 0:2.7.3-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416690002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416690001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416690003", + "Version": "1", + "Check": "all", + "Comment": "xalan-j2-xsltc is earlier than 0:2.7.3-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416690003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416690001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16692/definitions.json b/oval/c10f1/ALT-PU-2024-16692/definitions.json new file mode 100644 index 0000000000..237ee9d52f --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16692/definitions.json @@ -0,0 +1,103 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202416692", + "Version": "oval:org.altlinux.errata:def:202416692", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-16692: package `bcel` update to version 6.8.2-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f1" + ], + "Products": [ + "ALT SP Workstation", + "ALT SP Server" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-16692", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-16692", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-02279", + "RefURL": "https://bdu.fstec.ru/vul/2024-02279", + "Source": "BDU" + }, + { + "RefID": "CVE-2022-42920", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920", + "Source": "CVE" + } + ], + "Description": "This update upgrades bcel to version 6.8.2-alt1. \nSecurity Fix(es):\n\n * BDU:2024-02279: Уязвимость библиотеки для обработки байт-кода Java Apache Commons BCEL, связанная с записью за границами буфера, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2022-42920: Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Critical", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-11" + }, + "Updated": { + "Date": "2024-12-11" + }, + "BDUs": [ + { + "ID": "BDU:2024-02279", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-787", + "Href": "https://bdu.fstec.ru/vul/2024-02279", + "Impact": "Critical", + "Public": "20221107" + } + ], + "CVEs": [ + { + "ID": "CVE-2022-42920", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920", + "Impact": "Critical", + "Public": "20221107" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:4001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202416692001", + "Comment": "bcel is earlier than 1:6.8.2-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416692002", + "Comment": "bcel-javadoc is earlier than 1:6.8.2-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16692/objects.json b/oval/c10f1/ALT-PU-2024-16692/objects.json new file mode 100644 index 0000000000..e83100b46b --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16692/objects.json @@ -0,0 +1,40 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:4001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202416692001", + "Version": "1", + "Comment": "bcel is installed", + "Name": "bcel" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416692002", + "Version": "1", + "Comment": "bcel-javadoc is installed", + "Name": "bcel-javadoc" + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16692/states.json b/oval/c10f1/ALT-PU-2024-16692/states.json new file mode 100644 index 0000000000..67fb4f74b5 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16692/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:4001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202416692001", + "Version": "1", + "Comment": "package EVR is earlier than 1:6.8.2-alt1", + "Arch": {}, + "EVR": { + "Text": "1:6.8.2-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16692/tests.json b/oval/c10f1/ALT-PU-2024-16692/tests.json new file mode 100644 index 0000000000..b9bf866145 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16692/tests.json @@ -0,0 +1,42 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:4001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f1' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:4001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:4001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202416692001", + "Version": "1", + "Check": "all", + "Comment": "bcel is earlier than 1:6.8.2-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416692001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416692001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416692002", + "Version": "1", + "Check": "all", + "Comment": "bcel-javadoc is earlier than 1:6.8.2-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416692002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416692001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16693/definitions.json b/oval/c10f1/ALT-PU-2024-16693/definitions.json new file mode 100644 index 0000000000..615105124e --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16693/definitions.json @@ -0,0 +1,183 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202416693", + "Version": "oval:org.altlinux.errata:def:202416693", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-16693: package `java-11-openjdk` update to version 11.0.25.0.9-alt0.c10.1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f1" + ], + "Products": [ + "ALT SP Workstation", + "ALT SP Server" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-16693", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-16693", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-08450", + "RefURL": "https://bdu.fstec.ru/vul/2024-08450", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-08451", + "RefURL": "https://bdu.fstec.ru/vul/2024-08451", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-21208", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21208", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-21210", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21210", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-21217", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21217", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-21235", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21235", + "Source": "CVE" + } + ], + "Description": "This update upgrades java-11-openjdk to version 11.0.25.0.9-alt0.c10.1. \nSecurity Fix(es):\n\n * BDU:2024-08450: Уязвимость компонента Serialization виртуальных машин Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK и программной платформы Oracle Java SE, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-08451: Уязвимость компонента Hotspot виртуальных машин Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK и программной платформы Oracle Java SE, позволяющая нарушителю получить несанкционированный доступ на чтение, изменение или удаление данных\n\n * CVE-2024-21208: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\n\n * CVE-2024-21210: Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).\n\n * CVE-2024-21217: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\n\n * CVE-2024-21235: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-11" + }, + "Updated": { + "Date": "2024-12-11" + }, + "BDUs": [ + { + "ID": "BDU:2024-08450", + "CVSS": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "CWE": "CWE-404", + "Href": "https://bdu.fstec.ru/vul/2024-08450", + "Impact": "Low", + "Public": "20231207" + }, + { + "ID": "BDU:2024-08451", + "CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "CWE": "CWE-404", + "Href": "https://bdu.fstec.ru/vul/2024-08451", + "Impact": "Low", + "Public": "20231207" + } + ], + "CVEs": [ + { + "ID": "CVE-2024-21208", + "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21208", + "Impact": "Low", + "Public": "20241015" + }, + { + "ID": "CVE-2024-21210", + "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21210", + "Impact": "Low", + "Public": "20241015" + }, + { + "ID": "CVE-2024-21217", + "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21217", + "Impact": "Low", + "Public": "20241015" + }, + { + "ID": "CVE-2024-21235", + "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21235", + "Impact": "Low", + "Public": "20241015" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:4001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202416693001", + "Comment": "java-11-openjdk is earlier than 0:11.0.25.0.9-alt0.c10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416693002", + "Comment": "java-11-openjdk-demo is earlier than 0:11.0.25.0.9-alt0.c10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416693003", + "Comment": "java-11-openjdk-devel is earlier than 0:11.0.25.0.9-alt0.c10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416693004", + "Comment": "java-11-openjdk-headless is earlier than 0:11.0.25.0.9-alt0.c10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416693005", + "Comment": "java-11-openjdk-javadoc is earlier than 0:11.0.25.0.9-alt0.c10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416693006", + "Comment": "java-11-openjdk-javadoc-zip is earlier than 0:11.0.25.0.9-alt0.c10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416693007", + "Comment": "java-11-openjdk-jmods is earlier than 0:11.0.25.0.9-alt0.c10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416693008", + "Comment": "java-11-openjdk-src is earlier than 0:11.0.25.0.9-alt0.c10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416693009", + "Comment": "java-11-openjdk-static-libs is earlier than 0:11.0.25.0.9-alt0.c10.1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16693/objects.json b/oval/c10f1/ALT-PU-2024-16693/objects.json new file mode 100644 index 0000000000..c12bedfe56 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16693/objects.json @@ -0,0 +1,82 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:4001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202416693001", + "Version": "1", + "Comment": "java-11-openjdk is installed", + "Name": "java-11-openjdk" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416693002", + "Version": "1", + "Comment": "java-11-openjdk-demo is installed", + "Name": "java-11-openjdk-demo" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416693003", + "Version": "1", + "Comment": "java-11-openjdk-devel is installed", + "Name": "java-11-openjdk-devel" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416693004", + "Version": "1", + "Comment": "java-11-openjdk-headless is installed", + "Name": "java-11-openjdk-headless" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416693005", + "Version": "1", + "Comment": "java-11-openjdk-javadoc is installed", + "Name": "java-11-openjdk-javadoc" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416693006", + "Version": "1", + "Comment": "java-11-openjdk-javadoc-zip is installed", + "Name": "java-11-openjdk-javadoc-zip" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416693007", + "Version": "1", + "Comment": "java-11-openjdk-jmods is installed", + "Name": "java-11-openjdk-jmods" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416693008", + "Version": "1", + "Comment": "java-11-openjdk-src is installed", + "Name": "java-11-openjdk-src" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416693009", + "Version": "1", + "Comment": "java-11-openjdk-static-libs is installed", + "Name": "java-11-openjdk-static-libs" + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16693/states.json b/oval/c10f1/ALT-PU-2024-16693/states.json new file mode 100644 index 0000000000..028cd3c1d3 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16693/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:4001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202416693001", + "Version": "1", + "Comment": "package EVR is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Arch": {}, + "EVR": { + "Text": "0:11.0.25.0.9-alt0.c10.1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16693/tests.json b/oval/c10f1/ALT-PU-2024-16693/tests.json new file mode 100644 index 0000000000..9887051020 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16693/tests.json @@ -0,0 +1,126 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:4001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f1' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:4001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:4001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202416693001", + "Version": "1", + "Check": "all", + "Comment": "java-11-openjdk is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416693001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416693001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416693002", + "Version": "1", + "Check": "all", + "Comment": "java-11-openjdk-demo is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416693002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416693001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416693003", + "Version": "1", + "Check": "all", + "Comment": "java-11-openjdk-devel is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416693003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416693001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416693004", + "Version": "1", + "Check": "all", + "Comment": "java-11-openjdk-headless is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416693004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416693001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416693005", + "Version": "1", + "Check": "all", + "Comment": "java-11-openjdk-javadoc is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416693005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416693001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416693006", + "Version": "1", + "Check": "all", + "Comment": "java-11-openjdk-javadoc-zip is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416693006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416693001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416693007", + "Version": "1", + "Check": "all", + "Comment": "java-11-openjdk-jmods is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416693007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416693001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416693008", + "Version": "1", + "Check": "all", + "Comment": "java-11-openjdk-src is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416693008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416693001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416693009", + "Version": "1", + "Check": "all", + "Comment": "java-11-openjdk-static-libs is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416693009" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416693001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16760/definitions.json b/oval/c10f1/ALT-PU-2024-16760/definitions.json new file mode 100644 index 0000000000..aaa8fe71e9 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16760/definitions.json @@ -0,0 +1,179 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202416760", + "Version": "oval:org.altlinux.errata:def:202416760", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-16760: package `java-17-openjdk` update to version 17.0.13.0.11-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f1" + ], + "Products": [ + "ALT SP Workstation", + "ALT SP Server" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-16760", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-16760", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-08450", + "RefURL": "https://bdu.fstec.ru/vul/2024-08450", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-08451", + "RefURL": "https://bdu.fstec.ru/vul/2024-08451", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-21208", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21208", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-21210", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21210", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-21217", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21217", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-21235", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21235", + "Source": "CVE" + } + ], + "Description": "This update upgrades java-17-openjdk to version 17.0.13.0.11-alt1. \nSecurity Fix(es):\n\n * BDU:2024-08450: Уязвимость компонента Serialization виртуальных машин Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK и программной платформы Oracle Java SE, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-08451: Уязвимость компонента Hotspot виртуальных машин Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK и программной платформы Oracle Java SE, позволяющая нарушителю получить несанкционированный доступ на чтение, изменение или удаление данных\n\n * CVE-2024-21208: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\n\n * CVE-2024-21210: Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).\n\n * CVE-2024-21217: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\n\n * CVE-2024-21235: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-11" + }, + "Updated": { + "Date": "2024-12-11" + }, + "BDUs": [ + { + "ID": "BDU:2024-08450", + "CVSS": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "CWE": "CWE-404", + "Href": "https://bdu.fstec.ru/vul/2024-08450", + "Impact": "Low", + "Public": "20231207" + }, + { + "ID": "BDU:2024-08451", + "CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "CWE": "CWE-404", + "Href": "https://bdu.fstec.ru/vul/2024-08451", + "Impact": "Low", + "Public": "20231207" + } + ], + "CVEs": [ + { + "ID": "CVE-2024-21208", + "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21208", + "Impact": "Low", + "Public": "20241015" + }, + { + "ID": "CVE-2024-21210", + "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21210", + "Impact": "Low", + "Public": "20241015" + }, + { + "ID": "CVE-2024-21217", + "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21217", + "Impact": "Low", + "Public": "20241015" + }, + { + "ID": "CVE-2024-21235", + "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21235", + "Impact": "Low", + "Public": "20241015" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:4001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202416760001", + "Comment": "java-17-openjdk is earlier than 0:17.0.13.0.11-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416760002", + "Comment": "java-17-openjdk-demo is earlier than 0:17.0.13.0.11-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416760003", + "Comment": "java-17-openjdk-devel is earlier than 0:17.0.13.0.11-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416760004", + "Comment": "java-17-openjdk-headless is earlier than 0:17.0.13.0.11-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416760005", + "Comment": "java-17-openjdk-javadoc is earlier than 0:17.0.13.0.11-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416760006", + "Comment": "java-17-openjdk-javadoc-zip is earlier than 0:17.0.13.0.11-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416760007", + "Comment": "java-17-openjdk-jmods is earlier than 0:17.0.13.0.11-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416760008", + "Comment": "java-17-openjdk-src is earlier than 0:17.0.13.0.11-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16760/objects.json b/oval/c10f1/ALT-PU-2024-16760/objects.json new file mode 100644 index 0000000000..04c64e6aec --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16760/objects.json @@ -0,0 +1,76 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:4001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202416760001", + "Version": "1", + "Comment": "java-17-openjdk is installed", + "Name": "java-17-openjdk" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416760002", + "Version": "1", + "Comment": "java-17-openjdk-demo is installed", + "Name": "java-17-openjdk-demo" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416760003", + "Version": "1", + "Comment": "java-17-openjdk-devel is installed", + "Name": "java-17-openjdk-devel" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416760004", + "Version": "1", + "Comment": "java-17-openjdk-headless is installed", + "Name": "java-17-openjdk-headless" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416760005", + "Version": "1", + "Comment": "java-17-openjdk-javadoc is installed", + "Name": "java-17-openjdk-javadoc" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416760006", + "Version": "1", + "Comment": "java-17-openjdk-javadoc-zip is installed", + "Name": "java-17-openjdk-javadoc-zip" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416760007", + "Version": "1", + "Comment": "java-17-openjdk-jmods is installed", + "Name": "java-17-openjdk-jmods" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416760008", + "Version": "1", + "Comment": "java-17-openjdk-src is installed", + "Name": "java-17-openjdk-src" + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16760/states.json b/oval/c10f1/ALT-PU-2024-16760/states.json new file mode 100644 index 0000000000..aabca6598d --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16760/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:4001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202416760001", + "Version": "1", + "Comment": "package EVR is earlier than 0:17.0.13.0.11-alt1", + "Arch": {}, + "EVR": { + "Text": "0:17.0.13.0.11-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-16760/tests.json b/oval/c10f1/ALT-PU-2024-16760/tests.json new file mode 100644 index 0000000000..808a4ef9bb --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-16760/tests.json @@ -0,0 +1,114 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:4001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f1' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:4001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:4001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202416760001", + "Version": "1", + "Check": "all", + "Comment": "java-17-openjdk is earlier than 0:17.0.13.0.11-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416760001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416760001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416760002", + "Version": "1", + "Check": "all", + "Comment": "java-17-openjdk-demo is earlier than 0:17.0.13.0.11-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416760002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416760001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416760003", + "Version": "1", + "Check": "all", + "Comment": "java-17-openjdk-devel is earlier than 0:17.0.13.0.11-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416760003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416760001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416760004", + "Version": "1", + "Check": "all", + "Comment": "java-17-openjdk-headless is earlier than 0:17.0.13.0.11-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416760004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416760001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416760005", + "Version": "1", + "Check": "all", + "Comment": "java-17-openjdk-javadoc is earlier than 0:17.0.13.0.11-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416760005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416760001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416760006", + "Version": "1", + "Check": "all", + "Comment": "java-17-openjdk-javadoc-zip is earlier than 0:17.0.13.0.11-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416760006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416760001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416760007", + "Version": "1", + "Check": "all", + "Comment": "java-17-openjdk-jmods is earlier than 0:17.0.13.0.11-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416760007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416760001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416760008", + "Version": "1", + "Check": "all", + "Comment": "java-17-openjdk-src is earlier than 0:17.0.13.0.11-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416760008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416760001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2014-1407/definitions.json b/oval/c9f2/ALT-PU-2014-1407/definitions.json index d58058c33b..6e811eb22c 100644 --- a/oval/c9f2/ALT-PU-2014-1407/definitions.json +++ b/oval/c9f2/ALT-PU-2014-1407/definitions.json @@ -399,10 +399,11 @@ }, { "ID": "BDU:2014-00242", - "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "CWE": "CWE-264", "Href": "https://bdu.fstec.ru/vul/2014-00242", - "Impact": "Low", + "Impact": "High", "Public": "20140319" }, { diff --git a/oval/c9f2/ALT-PU-2014-1408/definitions.json b/oval/c9f2/ALT-PU-2014-1408/definitions.json index 729d0b7086..3c7180551a 100644 --- a/oval/c9f2/ALT-PU-2014-1408/definitions.json +++ b/oval/c9f2/ALT-PU-2014-1408/definitions.json @@ -334,10 +334,11 @@ }, { "ID": "BDU:2014-00242", - "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "CWE": "CWE-264", "Href": "https://bdu.fstec.ru/vul/2014-00242", - "Impact": "Low", + "Impact": "High", "Public": "20140319" }, { diff --git a/oval/c9f2/ALT-PU-2014-1411/definitions.json b/oval/c9f2/ALT-PU-2014-1411/definitions.json index 1666874055..80a47000da 100644 --- a/oval/c9f2/ALT-PU-2014-1411/definitions.json +++ b/oval/c9f2/ALT-PU-2014-1411/definitions.json @@ -394,10 +394,11 @@ }, { "ID": "BDU:2014-00242", - "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "CWE": "CWE-264", "Href": "https://bdu.fstec.ru/vul/2014-00242", - "Impact": "Low", + "Impact": "High", "Public": "20140319" }, { diff --git a/oval/p10/ALT-PU-2014-1407/definitions.json b/oval/p10/ALT-PU-2014-1407/definitions.json index d9c8051a21..fa71cfcfcf 100644 --- a/oval/p10/ALT-PU-2014-1407/definitions.json +++ b/oval/p10/ALT-PU-2014-1407/definitions.json @@ -404,10 +404,11 @@ }, { "ID": "BDU:2014-00242", - "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "CWE": "CWE-264", "Href": "https://bdu.fstec.ru/vul/2014-00242", - "Impact": "Low", + "Impact": "High", "Public": "20140319" }, { diff --git a/oval/p10/ALT-PU-2014-1408/definitions.json b/oval/p10/ALT-PU-2014-1408/definitions.json index 86834e707f..262b2170b7 100644 --- a/oval/p10/ALT-PU-2014-1408/definitions.json +++ b/oval/p10/ALT-PU-2014-1408/definitions.json @@ -339,10 +339,11 @@ }, { "ID": "BDU:2014-00242", - "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "CWE": "CWE-264", "Href": "https://bdu.fstec.ru/vul/2014-00242", - "Impact": "Low", + "Impact": "High", "Public": "20140319" }, { diff --git a/oval/p10/ALT-PU-2014-1411/definitions.json b/oval/p10/ALT-PU-2014-1411/definitions.json index f0c3861ce6..d1d87b54f0 100644 --- a/oval/p10/ALT-PU-2014-1411/definitions.json +++ b/oval/p10/ALT-PU-2014-1411/definitions.json @@ -399,10 +399,11 @@ }, { "ID": "BDU:2014-00242", - "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "CWE": "CWE-264", "Href": "https://bdu.fstec.ru/vul/2014-00242", - "Impact": "Low", + "Impact": "High", "Public": "20140319" }, { diff --git a/oval/p10/ALT-PU-2024-16698/definitions.json b/oval/p10/ALT-PU-2024-16698/definitions.json new file mode 100644 index 0000000000..c2a2a7e9e3 --- /dev/null +++ b/oval/p10/ALT-PU-2024-16698/definitions.json @@ -0,0 +1,207 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202416698", + "Version": "oval:org.altlinux.errata:def:202416698", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-16698: package `java-11-openjdk` update to version 11.0.25.0.9-alt0.c10.1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-16698", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-16698", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-08450", + "RefURL": "https://bdu.fstec.ru/vul/2024-08450", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-08451", + "RefURL": "https://bdu.fstec.ru/vul/2024-08451", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-21208", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21208", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-21210", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21210", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-21217", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21217", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-21235", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21235", + "Source": "CVE" + } + ], + "Description": "This update upgrades java-11-openjdk to version 11.0.25.0.9-alt0.c10.1. \nSecurity Fix(es):\n\n * BDU:2024-08450: Уязвимость компонента Serialization виртуальных машин Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK и программной платформы Oracle Java SE, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-08451: Уязвимость компонента Hotspot виртуальных машин Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK и программной платформы Oracle Java SE, позволяющая нарушителю получить несанкционированный доступ на чтение, изменение или удаление данных\n\n * CVE-2024-21208: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\n\n * CVE-2024-21210: Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).\n\n * CVE-2024-21217: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\n\n * CVE-2024-21235: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-11" + }, + "Updated": { + "Date": "2024-12-11" + }, + "BDUs": [ + { + "ID": "BDU:2024-08450", + "CVSS": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "CWE": "CWE-404", + "Href": "https://bdu.fstec.ru/vul/2024-08450", + "Impact": "Low", + "Public": "20231207" + }, + { + "ID": "BDU:2024-08451", + "CVSS": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "CWE": "CWE-404", + "Href": "https://bdu.fstec.ru/vul/2024-08451", + "Impact": "Low", + "Public": "20231207" + } + ], + "CVEs": [ + { + "ID": "CVE-2024-21208", + "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21208", + "Impact": "Low", + "Public": "20241015" + }, + { + "ID": "CVE-2024-21210", + "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21210", + "Impact": "Low", + "Public": "20241015" + }, + { + "ID": "CVE-2024-21217", + "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21217", + "Impact": "Low", + "Public": "20241015" + }, + { + "ID": "CVE-2024-21235", + "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21235", + "Impact": "Low", + "Public": "20241015" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202416698001", + "Comment": "java-11-openjdk is earlier than 0:11.0.25.0.9-alt0.c10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416698002", + "Comment": "java-11-openjdk-demo is earlier than 0:11.0.25.0.9-alt0.c10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416698003", + "Comment": "java-11-openjdk-devel is earlier than 0:11.0.25.0.9-alt0.c10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416698004", + "Comment": "java-11-openjdk-headless is earlier than 0:11.0.25.0.9-alt0.c10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416698005", + "Comment": "java-11-openjdk-javadoc is earlier than 0:11.0.25.0.9-alt0.c10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416698006", + "Comment": "java-11-openjdk-javadoc-zip is earlier than 0:11.0.25.0.9-alt0.c10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416698007", + "Comment": "java-11-openjdk-jmods is earlier than 0:11.0.25.0.9-alt0.c10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416698008", + "Comment": "java-11-openjdk-src is earlier than 0:11.0.25.0.9-alt0.c10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202416698009", + "Comment": "java-11-openjdk-static-libs is earlier than 0:11.0.25.0.9-alt0.c10.1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-16698/objects.json b/oval/p10/ALT-PU-2024-16698/objects.json new file mode 100644 index 0000000000..c1e1628a61 --- /dev/null +++ b/oval/p10/ALT-PU-2024-16698/objects.json @@ -0,0 +1,82 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202416698001", + "Version": "1", + "Comment": "java-11-openjdk is installed", + "Name": "java-11-openjdk" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416698002", + "Version": "1", + "Comment": "java-11-openjdk-demo is installed", + "Name": "java-11-openjdk-demo" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416698003", + "Version": "1", + "Comment": "java-11-openjdk-devel is installed", + "Name": "java-11-openjdk-devel" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416698004", + "Version": "1", + "Comment": "java-11-openjdk-headless is installed", + "Name": "java-11-openjdk-headless" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416698005", + "Version": "1", + "Comment": "java-11-openjdk-javadoc is installed", + "Name": "java-11-openjdk-javadoc" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416698006", + "Version": "1", + "Comment": "java-11-openjdk-javadoc-zip is installed", + "Name": "java-11-openjdk-javadoc-zip" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416698007", + "Version": "1", + "Comment": "java-11-openjdk-jmods is installed", + "Name": "java-11-openjdk-jmods" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416698008", + "Version": "1", + "Comment": "java-11-openjdk-src is installed", + "Name": "java-11-openjdk-src" + }, + { + "ID": "oval:org.altlinux.errata:obj:202416698009", + "Version": "1", + "Comment": "java-11-openjdk-static-libs is installed", + "Name": "java-11-openjdk-static-libs" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-16698/states.json b/oval/p10/ALT-PU-2024-16698/states.json new file mode 100644 index 0000000000..3538c31867 --- /dev/null +++ b/oval/p10/ALT-PU-2024-16698/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202416698001", + "Version": "1", + "Comment": "package EVR is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Arch": {}, + "EVR": { + "Text": "0:11.0.25.0.9-alt0.c10.1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-16698/tests.json b/oval/p10/ALT-PU-2024-16698/tests.json new file mode 100644 index 0000000000..5ec49446ed --- /dev/null +++ b/oval/p10/ALT-PU-2024-16698/tests.json @@ -0,0 +1,126 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202416698001", + "Version": "1", + "Check": "all", + "Comment": "java-11-openjdk is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416698001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416698001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416698002", + "Version": "1", + "Check": "all", + "Comment": "java-11-openjdk-demo is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416698002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416698001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416698003", + "Version": "1", + "Check": "all", + "Comment": "java-11-openjdk-devel is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416698003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416698001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416698004", + "Version": "1", + "Check": "all", + "Comment": "java-11-openjdk-headless is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416698004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416698001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416698005", + "Version": "1", + "Check": "all", + "Comment": "java-11-openjdk-javadoc is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416698005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416698001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416698006", + "Version": "1", + "Check": "all", + "Comment": "java-11-openjdk-javadoc-zip is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416698006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416698001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416698007", + "Version": "1", + "Check": "all", + "Comment": "java-11-openjdk-jmods is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416698007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416698001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416698008", + "Version": "1", + "Check": "all", + "Comment": "java-11-openjdk-src is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416698008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416698001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202416698009", + "Version": "1", + "Check": "all", + "Comment": "java-11-openjdk-static-libs is earlier than 0:11.0.25.0.9-alt0.c10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202416698009" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202416698001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-4843/definitions.json b/oval/p10/ALT-PU-2024-4843/definitions.json index e074267d08..278ef01fce 100644 --- a/oval/p10/ALT-PU-2024-4843/definitions.json +++ b/oval/p10/ALT-PU-2024-4843/definitions.json @@ -1383,11 +1383,11 @@ { "ID": "BDU:2023-03584", "CVSS": "AV:L/AC:H/Au:S/C:C/I:C/A:C", - "CVSS3": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-362, CWE-416", "Href": "https://bdu.fstec.ru/vul/2023-03584", "Impact": "High", - "Public": "20230707" + "Public": "20230627" }, { "ID": "BDU:2023-03677", diff --git a/oval/p10/ALT-PU-2024-9477/definitions.json b/oval/p10/ALT-PU-2024-9477/definitions.json new file mode 100644 index 0000000000..febea33661 --- /dev/null +++ b/oval/p10/ALT-PU-2024-9477/definitions.json @@ -0,0 +1,179 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20249477", + "Version": "oval:org.altlinux.errata:def:20249477", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-9477: package `krb5` update to version 1.19.4-alt4", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-9477", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-9477", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-07005", + "RefURL": "https://bdu.fstec.ru/vul/2024-07005", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-07016", + "RefURL": "https://bdu.fstec.ru/vul/2024-07016", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-37370", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-37370", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-37371", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-37371", + "Source": "CVE" + } + ], + "Description": "This update upgrades krb5 to version 1.19.4-alt4. \nSecurity Fix(es):\n\n * BDU:2024-07005: Уязвимость реализации сетевого протокола аутентификации Kerberos 5, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации\n\n * BDU:2024-07016: Уязвимость реализации сетевого протокола аутентификации Kerberos 5, связанная с недостаточной проверкой входных данных, позволяющая нарушителю получить несанкционированный доступ к токену-оболочки GSS krb5\n\n * CVE-2024-37370: In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.\n\n * CVE-2024-37371: In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Critical", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-12-11" + }, + "Updated": { + "Date": "2024-12-11" + }, + "BDUs": [ + { + "ID": "BDU:2024-07005", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "CWE": "CWE-125", + "Href": "https://bdu.fstec.ru/vul/2024-07005", + "Impact": "Critical", + "Public": "20240628" + }, + { + "ID": "BDU:2024-07016", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "CWE": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-07016", + "Impact": "High", + "Public": "20240628" + } + ], + "CVEs": [ + { + "ID": "CVE-2024-37370", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-37370", + "Impact": "High", + "Public": "20240628" + }, + { + "ID": "CVE-2024-37371", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "CWE": "NVD-CWE-Other", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-37371", + "Impact": "Critical", + "Public": "20240628" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20249477001", + "Comment": "krb5-doc is earlier than 0:1.19.4-alt4" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20249477002", + "Comment": "krb5-kadmin is earlier than 0:1.19.4-alt4" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20249477003", + "Comment": "krb5-kdc is earlier than 0:1.19.4-alt4" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20249477004", + "Comment": "krb5-kinit is earlier than 0:1.19.4-alt4" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20249477005", + "Comment": "krb5-ksu is earlier than 0:1.19.4-alt4" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20249477006", + "Comment": "libkrb5 is earlier than 0:1.19.4-alt4" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20249477007", + "Comment": "libkrb5-devel is earlier than 0:1.19.4-alt4" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20249477008", + "Comment": "libkrb5-ldap is earlier than 0:1.19.4-alt4" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-9477/objects.json b/oval/p10/ALT-PU-2024-9477/objects.json new file mode 100644 index 0000000000..f9c9f3906a --- /dev/null +++ b/oval/p10/ALT-PU-2024-9477/objects.json @@ -0,0 +1,76 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20249477001", + "Version": "1", + "Comment": "krb5-doc is installed", + "Name": "krb5-doc" + }, + { + "ID": "oval:org.altlinux.errata:obj:20249477002", + "Version": "1", + "Comment": "krb5-kadmin is installed", + "Name": "krb5-kadmin" + }, + { + "ID": "oval:org.altlinux.errata:obj:20249477003", + "Version": "1", + "Comment": "krb5-kdc is installed", + "Name": "krb5-kdc" + }, + { + "ID": "oval:org.altlinux.errata:obj:20249477004", + "Version": "1", + "Comment": "krb5-kinit is installed", + "Name": "krb5-kinit" + }, + { + "ID": "oval:org.altlinux.errata:obj:20249477005", + "Version": "1", + "Comment": "krb5-ksu is installed", + "Name": "krb5-ksu" + }, + { + "ID": "oval:org.altlinux.errata:obj:20249477006", + "Version": "1", + "Comment": "libkrb5 is installed", + "Name": "libkrb5" + }, + { + "ID": "oval:org.altlinux.errata:obj:20249477007", + "Version": "1", + "Comment": "libkrb5-devel is installed", + "Name": "libkrb5-devel" + }, + { + "ID": "oval:org.altlinux.errata:obj:20249477008", + "Version": "1", + "Comment": "libkrb5-ldap is installed", + "Name": "libkrb5-ldap" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-9477/states.json b/oval/p10/ALT-PU-2024-9477/states.json new file mode 100644 index 0000000000..2aa73d352d --- /dev/null +++ b/oval/p10/ALT-PU-2024-9477/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:20249477001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.19.4-alt4", + "Arch": {}, + "EVR": { + "Text": "0:1.19.4-alt4", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-9477/tests.json b/oval/p10/ALT-PU-2024-9477/tests.json new file mode 100644 index 0000000000..bacdf3626b --- /dev/null +++ b/oval/p10/ALT-PU-2024-9477/tests.json @@ -0,0 +1,114 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20249477001", + "Version": "1", + "Check": "all", + "Comment": "krb5-doc is earlier than 0:1.19.4-alt4", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20249477001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20249477001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20249477002", + "Version": "1", + "Check": "all", + "Comment": "krb5-kadmin is earlier than 0:1.19.4-alt4", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20249477002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20249477001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20249477003", + "Version": "1", + "Check": "all", + "Comment": "krb5-kdc is earlier than 0:1.19.4-alt4", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20249477003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20249477001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20249477004", + "Version": "1", + "Check": "all", + "Comment": "krb5-kinit is earlier than 0:1.19.4-alt4", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20249477004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20249477001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20249477005", + "Version": "1", + "Check": "all", + "Comment": "krb5-ksu is earlier than 0:1.19.4-alt4", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20249477005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20249477001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20249477006", + "Version": "1", + "Check": "all", + "Comment": "libkrb5 is earlier than 0:1.19.4-alt4", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20249477006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20249477001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20249477007", + "Version": "1", + "Check": "all", + "Comment": "libkrb5-devel is earlier than 0:1.19.4-alt4", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20249477007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20249477001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20249477008", + "Version": "1", + "Check": "all", + "Comment": "libkrb5-ldap is earlier than 0:1.19.4-alt4", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20249477008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20249477001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p9/ALT-PU-2014-1407/definitions.json b/oval/p9/ALT-PU-2014-1407/definitions.json index 61c5c5c66d..9b554b28e9 100644 --- a/oval/p9/ALT-PU-2014-1407/definitions.json +++ b/oval/p9/ALT-PU-2014-1407/definitions.json @@ -404,10 +404,11 @@ }, { "ID": "BDU:2014-00242", - "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "CWE": "CWE-264", "Href": "https://bdu.fstec.ru/vul/2014-00242", - "Impact": "Low", + "Impact": "High", "Public": "20140319" }, { diff --git a/oval/p9/ALT-PU-2014-1408/definitions.json b/oval/p9/ALT-PU-2014-1408/definitions.json index 2adcf2d6a0..4264a2f6d7 100644 --- a/oval/p9/ALT-PU-2014-1408/definitions.json +++ b/oval/p9/ALT-PU-2014-1408/definitions.json @@ -339,10 +339,11 @@ }, { "ID": "BDU:2014-00242", - "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "CWE": "CWE-264", "Href": "https://bdu.fstec.ru/vul/2014-00242", - "Impact": "Low", + "Impact": "High", "Public": "20140319" }, { diff --git a/oval/p9/ALT-PU-2014-1411/definitions.json b/oval/p9/ALT-PU-2014-1411/definitions.json index bebed2166f..a8fcd17ec4 100644 --- a/oval/p9/ALT-PU-2014-1411/definitions.json +++ b/oval/p9/ALT-PU-2014-1411/definitions.json @@ -399,10 +399,11 @@ }, { "ID": "BDU:2014-00242", - "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "CWE": "CWE-264", "Href": "https://bdu.fstec.ru/vul/2014-00242", - "Impact": "Low", + "Impact": "High", "Public": "20140319" }, {