From 3f38762e4ab9f129452a7da473dc9d95c9e504db Mon Sep 17 00:00:00 2001 From: pepelyaevip Date: Mon, 26 Feb 2024 15:02:06 +0000 Subject: [PATCH] ALT Vulnerability --- oval/c10f2/ALT-PU-2024-2665/definitions.json | 127 +++++++++++++++ oval/c10f2/ALT-PU-2024-2665/objects.json | 40 +++++ oval/c10f2/ALT-PU-2024-2665/states.json | 23 +++ oval/c10f2/ALT-PU-2024-2665/tests.json | 42 +++++ oval/c10f2/ALT-PU-2024-2686/definitions.json | 132 +++++++++++++++ oval/c10f2/ALT-PU-2024-2686/objects.json | 100 ++++++++++++ oval/c10f2/ALT-PU-2024-2686/states.json | 23 +++ oval/c10f2/ALT-PU-2024-2686/tests.json | 162 +++++++++++++++++++ oval/c9f2/ALT-PU-2024-2663/definitions.json | 104 ++++++++++++ oval/c9f2/ALT-PU-2024-2663/objects.json | 40 +++++ oval/c9f2/ALT-PU-2024-2663/states.json | 23 +++ oval/c9f2/ALT-PU-2024-2663/tests.json | 42 +++++ oval/p10/ALT-PU-2024-2261/definitions.json | 111 +++++++++++++ oval/p10/ALT-PU-2024-2261/objects.json | 34 ++++ oval/p10/ALT-PU-2024-2261/states.json | 23 +++ oval/p10/ALT-PU-2024-2261/tests.json | 30 ++++ oval/p10/ALT-PU-2024-2612/definitions.json | 128 +++++++++++++++ oval/p10/ALT-PU-2024-2612/objects.json | 40 +++++ oval/p10/ALT-PU-2024-2612/states.json | 23 +++ oval/p10/ALT-PU-2024-2612/tests.json | 42 +++++ 20 files changed, 1289 insertions(+) create mode 100644 oval/c10f2/ALT-PU-2024-2665/definitions.json create mode 100644 oval/c10f2/ALT-PU-2024-2665/objects.json create mode 100644 oval/c10f2/ALT-PU-2024-2665/states.json create mode 100644 oval/c10f2/ALT-PU-2024-2665/tests.json create mode 100644 oval/c10f2/ALT-PU-2024-2686/definitions.json create mode 100644 oval/c10f2/ALT-PU-2024-2686/objects.json create mode 100644 oval/c10f2/ALT-PU-2024-2686/states.json create mode 100644 oval/c10f2/ALT-PU-2024-2686/tests.json create mode 100644 oval/c9f2/ALT-PU-2024-2663/definitions.json create mode 100644 oval/c9f2/ALT-PU-2024-2663/objects.json create mode 100644 oval/c9f2/ALT-PU-2024-2663/states.json create mode 100644 oval/c9f2/ALT-PU-2024-2663/tests.json create mode 100644 oval/p10/ALT-PU-2024-2261/definitions.json create mode 100644 oval/p10/ALT-PU-2024-2261/objects.json create mode 100644 oval/p10/ALT-PU-2024-2261/states.json create mode 100644 oval/p10/ALT-PU-2024-2261/tests.json create mode 100644 oval/p10/ALT-PU-2024-2612/definitions.json create mode 100644 oval/p10/ALT-PU-2024-2612/objects.json create mode 100644 oval/p10/ALT-PU-2024-2612/states.json create mode 100644 oval/p10/ALT-PU-2024-2612/tests.json diff --git a/oval/c10f2/ALT-PU-2024-2665/definitions.json b/oval/c10f2/ALT-PU-2024-2665/definitions.json new file mode 100644 index 0000000000..71148c169c --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-2665/definitions.json @@ -0,0 +1,127 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20242665", + "Version": "oval:org.altlinux.errata:def:20242665", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-2665: package `dnsmasq` update to version 2.90-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f2" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-2665", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-2665", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2023-02265", + "RefURL": "https://bdu.fstec.ru/vul/2023-02265", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-01359", + "RefURL": "https://bdu.fstec.ru/vul/2024-01359", + "Source": "BDU" + }, + { + "RefID": "CVE-2023-28450", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-28450", + "Source": "CVE" + }, + { + "RefID": "CVE-2023-50387", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-50387", + "Source": "CVE" + } + ], + "Description": "This update upgrades dnsmasq to version 2.90-alt1. \nSecurity Fix(es):\n\n * BDU:2023-02265: Уязвимость DNS-сервера Dnsmasq. связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-01359: Уязвимость компонента DNSSEC реализации протокола DNS сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-28450: An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.\n\n * CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-02-26" + }, + "Updated": { + "Date": "2024-02-26" + }, + "bdu": [ + { + "Cvss": "AV:N/AC:L/Au:S/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-400, CWE-770", + "Href": "https://bdu.fstec.ru/vul/2023-02265", + "Impact": "High", + "Public": "20230308", + "CveID": "BDU:2023-02265" + }, + { + "Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-400", + "Href": "https://bdu.fstec.ru/vul/2024-01359", + "Impact": "High", + "Public": "20240213", + "CveID": "BDU:2024-01359" + } + ], + "Cves": [ + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-28450", + "Impact": "High", + "Public": "20230315", + "CveID": "CVE-2023-28450" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-770", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-50387", + "Impact": "High", + "Public": "20240214", + "CveID": "CVE-2023-50387" + } + ], + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:5001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20242665001", + "Comment": "dnsmasq is earlier than 0:2.90-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20242665002", + "Comment": "dnsmasq-utils is earlier than 0:2.90-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-2665/objects.json b/oval/c10f2/ALT-PU-2024-2665/objects.json new file mode 100644 index 0000000000..2af150c5d2 --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-2665/objects.json @@ -0,0 +1,40 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:5001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20242665001", + "Version": "1", + "comment": "dnsmasq is installed", + "Name": "dnsmasq" + }, + { + "ID": "oval:org.altlinux.errata:obj:20242665002", + "Version": "1", + "comment": "dnsmasq-utils is installed", + "Name": "dnsmasq-utils" + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-2665/states.json b/oval/c10f2/ALT-PU-2024-2665/states.json new file mode 100644 index 0000000000..d649dedd32 --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-2665/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:5001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20242665001", + "Version": "1", + "Comment": "package EVR is earlier than 0:2.90-alt1", + "Arch": {}, + "Evr": { + "Text": "0:2.90-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-2665/tests.json b/oval/c10f2/ALT-PU-2024-2665/tests.json new file mode 100644 index 0000000000..499134ff27 --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-2665/tests.json @@ -0,0 +1,42 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:5001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:5001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:5001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20242665001", + "Version": "1", + "Check": "all", + "Comment": "dnsmasq is earlier than 0:2.90-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242665001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242665001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20242665002", + "Version": "1", + "Check": "all", + "Comment": "dnsmasq-utils is earlier than 0:2.90-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242665002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242665001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-2686/definitions.json b/oval/c10f2/ALT-PU-2024-2686/definitions.json new file mode 100644 index 0000000000..bdf1ce2cf7 --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-2686/definitions.json @@ -0,0 +1,132 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20242686", + "Version": "oval:org.altlinux.errata:def:20242686", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-2686: package `vim` update to version 9.1.0050-alt2", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f2" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-2686", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-2686", + "Source": "ALTPU" + }, + { + "RefID": "CVE-2024-22667", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-22667", + "Source": "CVE" + } + ], + "Description": "This update upgrades vim to version 9.1.0050-alt2. \nSecurity Fix(es):\n\n * CVE-2024-22667: Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.\n\n * #49180: incorrect output with -i flag", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-02-26" + }, + "Updated": { + "Date": "2024-02-26" + }, + "bdu": null, + "Cves": [ + { + "Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "Cwe": "CWE-787", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-22667", + "Impact": "High", + "Public": "20240205", + "CveID": "CVE-2024-22667" + } + ], + "Bugzilla": [ + { + "Id": "49180", + "Href": "https://bugzilla.altlinux.org/49180", + "Data": "incorrect output with -i flag" + } + ], + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:5001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20242686001", + "Comment": "rpm-build-vim is earlier than 4:9.1.0050-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20242686002", + "Comment": "vim-X11 is earlier than 4:9.1.0050-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20242686003", + "Comment": "vim-X11-gnome2 is earlier than 4:9.1.0050-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20242686004", + "Comment": "vim-X11-gtk2 is earlier than 4:9.1.0050-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20242686005", + "Comment": "vim-X11-gtk3 is earlier than 4:9.1.0050-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20242686006", + "Comment": "vim-common is earlier than 4:9.1.0050-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20242686007", + "Comment": "vim-console is earlier than 4:9.1.0050-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20242686008", + "Comment": "vim-enhanced is earlier than 4:9.1.0050-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20242686009", + "Comment": "vim-minimal is earlier than 4:9.1.0050-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20242686010", + "Comment": "vim-spell-source is earlier than 4:9.1.0050-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20242686011", + "Comment": "vimtutor is earlier than 4:9.1.0050-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20242686012", + "Comment": "xxd is earlier than 4:9.1.0050-alt2" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-2686/objects.json b/oval/c10f2/ALT-PU-2024-2686/objects.json new file mode 100644 index 0000000000..34ea1e8d6b --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-2686/objects.json @@ -0,0 +1,100 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:5001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20242686001", + "Version": "1", + "comment": "rpm-build-vim is installed", + "Name": "rpm-build-vim" + }, + { + "ID": "oval:org.altlinux.errata:obj:20242686002", + "Version": "1", + "comment": "vim-X11 is installed", + "Name": "vim-X11" + }, + { + "ID": "oval:org.altlinux.errata:obj:20242686003", + "Version": "1", + "comment": "vim-X11-gnome2 is installed", + "Name": "vim-X11-gnome2" + }, + { + "ID": "oval:org.altlinux.errata:obj:20242686004", + "Version": "1", + "comment": "vim-X11-gtk2 is installed", + "Name": "vim-X11-gtk2" + }, + { + "ID": "oval:org.altlinux.errata:obj:20242686005", + "Version": "1", + "comment": "vim-X11-gtk3 is installed", + "Name": "vim-X11-gtk3" + }, + { + "ID": "oval:org.altlinux.errata:obj:20242686006", + "Version": "1", + "comment": "vim-common is installed", + "Name": "vim-common" + }, + { + "ID": "oval:org.altlinux.errata:obj:20242686007", + "Version": "1", + "comment": "vim-console is installed", + "Name": "vim-console" + }, + { + "ID": "oval:org.altlinux.errata:obj:20242686008", + "Version": "1", + "comment": "vim-enhanced is installed", + "Name": "vim-enhanced" + }, + { + "ID": "oval:org.altlinux.errata:obj:20242686009", + "Version": "1", + "comment": "vim-minimal is installed", + "Name": "vim-minimal" + }, + { + "ID": "oval:org.altlinux.errata:obj:20242686010", + "Version": "1", + "comment": "vim-spell-source is installed", + "Name": "vim-spell-source" + }, + { + "ID": "oval:org.altlinux.errata:obj:20242686011", + "Version": "1", + "comment": "vimtutor is installed", + "Name": "vimtutor" + }, + { + "ID": "oval:org.altlinux.errata:obj:20242686012", + "Version": "1", + "comment": "xxd is installed", + "Name": "xxd" + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-2686/states.json b/oval/c10f2/ALT-PU-2024-2686/states.json new file mode 100644 index 0000000000..5951a5e954 --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-2686/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:5001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20242686001", + "Version": "1", + "Comment": "package EVR is earlier than 4:9.1.0050-alt2", + "Arch": {}, + "Evr": { + "Text": "4:9.1.0050-alt2", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-2686/tests.json b/oval/c10f2/ALT-PU-2024-2686/tests.json new file mode 100644 index 0000000000..c3cec343ba --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-2686/tests.json @@ -0,0 +1,162 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:5001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:5001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:5001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20242686001", + "Version": "1", + "Check": "all", + "Comment": "rpm-build-vim is earlier than 4:9.1.0050-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242686001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242686001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20242686002", + "Version": "1", + "Check": "all", + "Comment": "vim-X11 is earlier than 4:9.1.0050-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242686002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242686001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20242686003", + "Version": "1", + "Check": "all", + "Comment": "vim-X11-gnome2 is earlier than 4:9.1.0050-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242686003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242686001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20242686004", + "Version": "1", + "Check": "all", + "Comment": "vim-X11-gtk2 is earlier than 4:9.1.0050-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242686004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242686001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20242686005", + "Version": "1", + "Check": "all", + "Comment": "vim-X11-gtk3 is earlier than 4:9.1.0050-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242686005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242686001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20242686006", + "Version": "1", + "Check": "all", + "Comment": "vim-common is earlier than 4:9.1.0050-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242686006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242686001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20242686007", + "Version": "1", + "Check": "all", + "Comment": "vim-console is earlier than 4:9.1.0050-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242686007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242686001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20242686008", + "Version": "1", + "Check": "all", + "Comment": "vim-enhanced is earlier than 4:9.1.0050-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242686008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242686001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20242686009", + "Version": "1", + "Check": "all", + "Comment": "vim-minimal is earlier than 4:9.1.0050-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242686009" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242686001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20242686010", + "Version": "1", + "Check": "all", + "Comment": "vim-spell-source is earlier than 4:9.1.0050-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242686010" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242686001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20242686011", + "Version": "1", + "Check": "all", + "Comment": "vimtutor is earlier than 4:9.1.0050-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242686011" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242686001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20242686012", + "Version": "1", + "Check": "all", + "Comment": "xxd is earlier than 4:9.1.0050-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242686012" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242686001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-2663/definitions.json b/oval/c9f2/ALT-PU-2024-2663/definitions.json new file mode 100644 index 0000000000..825c698687 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-2663/definitions.json @@ -0,0 +1,104 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20242663", + "Version": "oval:org.altlinux.errata:def:20242663", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-2663: package `dnsmasq` update to version 2.90-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c9f2" + ], + "Products": [ + "ALT SPWorkstation", + "ALT SPServer" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-2663", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-2663", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-01359", + "RefURL": "https://bdu.fstec.ru/vul/2024-01359", + "Source": "BDU" + }, + { + "RefID": "CVE-2023-50387", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-50387", + "Source": "CVE" + } + ], + "Description": "This update upgrades dnsmasq to version 2.90-alt1. \nSecurity Fix(es):\n\n * BDU:2024-01359: Уязвимость компонента DNSSEC реализации протокола DNS сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-02-26" + }, + "Updated": { + "Date": "2024-02-26" + }, + "bdu": [ + { + "Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-400", + "Href": "https://bdu.fstec.ru/vul/2024-01359", + "Impact": "High", + "Public": "20240213", + "CveID": "BDU:2024-01359" + } + ], + "Cves": [ + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-770", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-50387", + "Impact": "High", + "Public": "20240214", + "CveID": "CVE-2023-50387" + } + ], + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:spworkstation:8.4", + "cpe:/o:alt:spserver:8.4" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:3001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20242663001", + "Comment": "dnsmasq is earlier than 0:2.90-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20242663002", + "Comment": "dnsmasq-utils is earlier than 0:2.90-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-2663/objects.json b/oval/c9f2/ALT-PU-2024-2663/objects.json new file mode 100644 index 0000000000..9bafad635f --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-2663/objects.json @@ -0,0 +1,40 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:3001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20242663001", + "Version": "1", + "comment": "dnsmasq is installed", + "Name": "dnsmasq" + }, + { + "ID": "oval:org.altlinux.errata:obj:20242663002", + "Version": "1", + "comment": "dnsmasq-utils is installed", + "Name": "dnsmasq-utils" + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-2663/states.json b/oval/c9f2/ALT-PU-2024-2663/states.json new file mode 100644 index 0000000000..7a6fe6e92c --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-2663/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:3001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20242663001", + "Version": "1", + "Comment": "package EVR is earlier than 0:2.90-alt1", + "Arch": {}, + "Evr": { + "Text": "0:2.90-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-2663/tests.json b/oval/c9f2/ALT-PU-2024-2663/tests.json new file mode 100644 index 0000000000..effcbd1ab4 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-2663/tests.json @@ -0,0 +1,42 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:3001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c9f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:3001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:3001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20242663001", + "Version": "1", + "Check": "all", + "Comment": "dnsmasq is earlier than 0:2.90-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242663001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242663001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20242663002", + "Version": "1", + "Check": "all", + "Comment": "dnsmasq-utils is earlier than 0:2.90-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242663002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242663001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-2261/definitions.json b/oval/p10/ALT-PU-2024-2261/definitions.json new file mode 100644 index 0000000000..a3aa5c1f40 --- /dev/null +++ b/oval/p10/ALT-PU-2024-2261/definitions.json @@ -0,0 +1,111 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20242261", + "Version": "oval:org.altlinux.errata:def:20242261", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-2261: package `update-kernel` update to version 1.16-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-2261", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-2261", + "Source": "ALTPU" + } + ], + "Description": "This update upgrades update-kernel to version 1.16-alt1. \nSecurity Fix(es):\n\n * #43934: man страницы (en+ru)\n\n * #46987: Неправильный расчёт времени обновлении индексов при небольшой дельте\n\n * #49340: update-kernel -n не скачивает пакеты", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-02-26" + }, + "Updated": { + "Date": "2024-02-26" + }, + "bdu": null, + "Bugzilla": [ + { + "Id": "43934", + "Href": "https://bugzilla.altlinux.org/43934", + "Data": "man страницы (en+ru)" + }, + { + "Id": "46987", + "Href": "https://bugzilla.altlinux.org/46987", + "Data": "Неправильный расчёт времени обновлении индексов при небольшой дельте" + }, + { + "Id": "49340", + "Href": "https://bugzilla.altlinux.org/49340", + "Data": "update-kernel -n не скачивает пакеты" + } + ], + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20242261001", + "Comment": "update-kernel is earlier than 0:1.16-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-2261/objects.json b/oval/p10/ALT-PU-2024-2261/objects.json new file mode 100644 index 0000000000..3c723ace47 --- /dev/null +++ b/oval/p10/ALT-PU-2024-2261/objects.json @@ -0,0 +1,34 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20242261001", + "Version": "1", + "comment": "update-kernel is installed", + "Name": "update-kernel" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-2261/states.json b/oval/p10/ALT-PU-2024-2261/states.json new file mode 100644 index 0000000000..bcbce037b6 --- /dev/null +++ b/oval/p10/ALT-PU-2024-2261/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20242261001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.16-alt1", + "Arch": {}, + "Evr": { + "Text": "0:1.16-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-2261/tests.json b/oval/p10/ALT-PU-2024-2261/tests.json new file mode 100644 index 0000000000..182cae1f22 --- /dev/null +++ b/oval/p10/ALT-PU-2024-2261/tests.json @@ -0,0 +1,30 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20242261001", + "Version": "1", + "Check": "all", + "Comment": "update-kernel is earlier than 0:1.16-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242261001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242261001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-2612/definitions.json b/oval/p10/ALT-PU-2024-2612/definitions.json new file mode 100644 index 0000000000..c384c07e64 --- /dev/null +++ b/oval/p10/ALT-PU-2024-2612/definitions.json @@ -0,0 +1,128 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20242612", + "Version": "oval:org.altlinux.errata:def:20242612", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-2612: package `dnsmasq` update to version 2.90-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-2612", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-2612", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-01359", + "RefURL": "https://bdu.fstec.ru/vul/2024-01359", + "Source": "BDU" + }, + { + "RefID": "CVE-2023-50387", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-50387", + "Source": "CVE" + } + ], + "Description": "This update upgrades dnsmasq to version 2.90-alt1. \nSecurity Fix(es):\n\n * BDU:2024-01359: Уязвимость компонента DNSSEC реализации протокола DNS сервера DNS BIND, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-02-26" + }, + "Updated": { + "Date": "2024-02-26" + }, + "bdu": [ + { + "Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-400", + "Href": "https://bdu.fstec.ru/vul/2024-01359", + "Impact": "High", + "Public": "20240213", + "CveID": "BDU:2024-01359" + } + ], + "Cves": [ + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-770", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-50387", + "Impact": "High", + "Public": "20240214", + "CveID": "CVE-2023-50387" + } + ], + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20242612001", + "Comment": "dnsmasq is earlier than 0:2.90-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20242612002", + "Comment": "dnsmasq-utils is earlier than 0:2.90-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-2612/objects.json b/oval/p10/ALT-PU-2024-2612/objects.json new file mode 100644 index 0000000000..09bd64887f --- /dev/null +++ b/oval/p10/ALT-PU-2024-2612/objects.json @@ -0,0 +1,40 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20242612001", + "Version": "1", + "comment": "dnsmasq is installed", + "Name": "dnsmasq" + }, + { + "ID": "oval:org.altlinux.errata:obj:20242612002", + "Version": "1", + "comment": "dnsmasq-utils is installed", + "Name": "dnsmasq-utils" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-2612/states.json b/oval/p10/ALT-PU-2024-2612/states.json new file mode 100644 index 0000000000..59ba63dfe7 --- /dev/null +++ b/oval/p10/ALT-PU-2024-2612/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20242612001", + "Version": "1", + "Comment": "package EVR is earlier than 0:2.90-alt1", + "Arch": {}, + "Evr": { + "Text": "0:2.90-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-2612/tests.json b/oval/p10/ALT-PU-2024-2612/tests.json new file mode 100644 index 0000000000..832691a103 --- /dev/null +++ b/oval/p10/ALT-PU-2024-2612/tests.json @@ -0,0 +1,42 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20242612001", + "Version": "1", + "Check": "all", + "Comment": "dnsmasq is earlier than 0:2.90-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242612001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242612001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20242612002", + "Version": "1", + "Check": "all", + "Comment": "dnsmasq-utils is earlier than 0:2.90-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20242612002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20242612001" + } + } + ] +} \ No newline at end of file