pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-12-20 03:06:48 +00:00
parent 953ac5f989
commit 418afa96df
52 changed files with 3706 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
oval/c10f1/ALT-PU-2024-17143/definitions.json Normal file
View File

@ -0,0 +1,138 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202417143",
"Version": "oval:org.altlinux.errata:def:202417143",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-17143: package `subversion` update to version 1.14.5-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-17143",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-17143",
"Source": "ALTPU"
},
{
"RefID": "CVE-2024-45720",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-45720",
"Source": "CVE"
},
{
"RefID": "CVE-2024-46901",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-46901",
"Source": "CVE"
}
],
"Description": "This update upgrades subversion to version 1.14.5-alt1. \nSecurity Fix(es):\n\n * CVE-2024-45720: On Windows platforms, a \"best fit\" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed.\n\nAll versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue.\n\nSubversion is not affected on UNIX-like platforms.\n\n * CVE-2024-46901: Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository.\n\nAll versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue.\n\nRepositories served via other access methods are not affected.\n\n * #48441: rebuild with swig-4.1.1 produces undefined symbol: SWIG_InstallConstants",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-19"
},
"Updated": {
"Date": "2024-12-19"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2024-45720",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-45720",
"Impact": "None",
"Public": "20241009"
},
{
"ID": "CVE-2024-46901",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-46901",
"Impact": "None",
"Public": "20241209"
}
],
"Bugzilla": [
{
"ID": "48441",
"Href": "https://bugzilla.altlinux.org/48441",
"Data": "rebuild with swig-4.1.1 produces undefined symbol: SWIG_InstallConstants"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202417143001",
"Comment": "libsubversion is earlier than 0:1.14.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417143002",
"Comment": "libsubversion-auth-gnome-keyring is earlier than 0:1.14.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417143003",
"Comment": "libsubversion-auth-kwallet is earlier than 0:1.14.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417143004",
"Comment": "libsubversion-devel is earlier than 0:1.14.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417143005",
"Comment": "subversion is earlier than 0:1.14.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417143006",
"Comment": "subversion-javahl is earlier than 0:1.14.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417143007",
"Comment": "subversion-perl is earlier than 0:1.14.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417143008",
"Comment": "subversion-server-common is earlier than 0:1.14.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417143009",
"Comment": "subversion-server-dav is earlier than 0:1.14.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417143010",
"Comment": "subversion-server-standalone is earlier than 0:1.14.5-alt1"
}
]
}
]
}
}
]
}

88
oval/c10f1/ALT-PU-2024-17143/objects.json Normal file
View File

@ -0,0 +1,88 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202417143001",
"Version": "1",
"Comment": "libsubversion is installed",
"Name": "libsubversion"
},
{
"ID": "oval:org.altlinux.errata:obj:202417143002",
"Version": "1",
"Comment": "libsubversion-auth-gnome-keyring is installed",
"Name": "libsubversion-auth-gnome-keyring"
},
{
"ID": "oval:org.altlinux.errata:obj:202417143003",
"Version": "1",
"Comment": "libsubversion-auth-kwallet is installed",
"Name": "libsubversion-auth-kwallet"
},
{
"ID": "oval:org.altlinux.errata:obj:202417143004",
"Version": "1",
"Comment": "libsubversion-devel is installed",
"Name": "libsubversion-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202417143005",
"Version": "1",
"Comment": "subversion is installed",
"Name": "subversion"
},
{
"ID": "oval:org.altlinux.errata:obj:202417143006",
"Version": "1",
"Comment": "subversion-javahl is installed",
"Name": "subversion-javahl"
},
{
"ID": "oval:org.altlinux.errata:obj:202417143007",
"Version": "1",
"Comment": "subversion-perl is installed",
"Name": "subversion-perl"
},
{
"ID": "oval:org.altlinux.errata:obj:202417143008",
"Version": "1",
"Comment": "subversion-server-common is installed",
"Name": "subversion-server-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202417143009",
"Version": "1",
"Comment": "subversion-server-dav is installed",
"Name": "subversion-server-dav"
},
{
"ID": "oval:org.altlinux.errata:obj:202417143010",
"Version": "1",
"Comment": "subversion-server-standalone is installed",
"Name": "subversion-server-standalone"
}
]
}

23
oval/c10f1/ALT-PU-2024-17143/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202417143001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.14.5-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.14.5-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

138
oval/c10f1/ALT-PU-2024-17143/tests.json Normal file
View File

@ -0,0 +1,138 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202417143001",
"Version": "1",
"Check": "all",
"Comment": "libsubversion is earlier than 0:1.14.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417143001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417143001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417143002",
"Version": "1",
"Check": "all",
"Comment": "libsubversion-auth-gnome-keyring is earlier than 0:1.14.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417143002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417143001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417143003",
"Version": "1",
"Check": "all",
"Comment": "libsubversion-auth-kwallet is earlier than 0:1.14.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417143003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417143001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417143004",
"Version": "1",
"Check": "all",
"Comment": "libsubversion-devel is earlier than 0:1.14.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417143004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417143001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417143005",
"Version": "1",
"Check": "all",
"Comment": "subversion is earlier than 0:1.14.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417143005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417143001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417143006",
"Version": "1",
"Check": "all",
"Comment": "subversion-javahl is earlier than 0:1.14.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417143006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417143001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417143007",
"Version": "1",
"Check": "all",
"Comment": "subversion-perl is earlier than 0:1.14.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417143007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417143001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417143008",
"Version": "1",
"Check": "all",
"Comment": "subversion-server-common is earlier than 0:1.14.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417143008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417143001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417143009",
"Version": "1",
"Check": "all",
"Comment": "subversion-server-dav is earlier than 0:1.14.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417143009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417143001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417143010",
"Version": "1",
"Check": "all",
"Comment": "subversion-server-standalone is earlier than 0:1.14.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417143010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417143001"
}
}
]
}

104
oval/c10f1/ALT-PU-2024-17187/definitions.json Normal file
View File

@ -0,0 +1,104 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202417187",
"Version": "oval:org.altlinux.errata:def:202417187",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-17187: package `python-module-webob` update to version 1.8.9-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-17187",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-17187",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-07761",
"RefURL": "https://bdu.fstec.ru/vul/2024-07761",
"Source": "BDU"
},
{
"RefID": "CVE-2024-42353",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-42353",
"Source": "CVE"
}
],
"Description": "This update upgrades python-module-webob to version 1.8.9-alt1. \nSecurity Fix(es):\n\n * BDU:2024-07761: Уязвимость функций urlparse() и urljoin() библиотеки для разбора HTTP-запросов и формирования HTTP-ответов WebOb, позволяющая нарушителю перенаправить пользователя на произвольный URL-адрес\n\n * CVE-2024-42353: WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-19"
},
"Updated": {
"Date": "2024-12-19"
},
"BDUs": [
{
"ID": "BDU:2024-07761",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-601",
"Href": "https://bdu.fstec.ru/vul/2024-07761",
"Impact": "Low",
"Public": "20240814"
}
],
"CVEs": [
{
"ID": "CVE-2024-42353",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-601",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-42353",
"Impact": "Low",
"Public": "20240814"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202417187001",
"Comment": "python-module-webob is earlier than 0:1.8.9-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417187002",
"Comment": "python3-module-webob is earlier than 0:1.8.9-alt1"
}
]
}
]
}
}
]
}

40
oval/c10f1/ALT-PU-2024-17187/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202417187001",
"Version": "1",
"Comment": "python-module-webob is installed",
"Name": "python-module-webob"
},
{
"ID": "oval:org.altlinux.errata:obj:202417187002",
"Version": "1",
"Comment": "python3-module-webob is installed",
"Name": "python3-module-webob"
}
]
}

23
oval/c10f1/ALT-PU-2024-17187/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202417187001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.8.9-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.8.9-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/c10f1/ALT-PU-2024-17187/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202417187001",
"Version": "1",
"Check": "all",
"Comment": "python-module-webob is earlier than 0:1.8.9-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417187001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417187001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417187002",
"Version": "1",
"Check": "all",
"Comment": "python3-module-webob is earlier than 0:1.8.9-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417187002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417187001"
}
}
]
}

101
oval/c10f1/ALT-PU-2024-17258/definitions.json Normal file
View File

@ -0,0 +1,101 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202417258",
"Version": "oval:org.altlinux.errata:def:202417258",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-17258: package `chicken` update to version 5.4.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-17258",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-17258",
"Source": "ALTPU"
},
{
"RefID": "CVE-2022-45145",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-45145",
"Source": "CVE"
}
],
"Description": "This update upgrades chicken to version 5.4.0-alt1. \nSecurity Fix(es):\n\n * CVE-2022-45145: egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-19"
},
"Updated": {
"Date": "2024-12-19"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2022-45145",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-78",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-45145",
"Impact": "Critical",
"Public": "20221210"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202417258001",
"Comment": "chicken is earlier than 0:5.4.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417258002",
"Comment": "chicken-docs is earlier than 0:5.4.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417258003",
"Comment": "libchicken is earlier than 0:5.4.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417258004",
"Comment": "libchicken-devel is earlier than 0:5.4.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417258005",
"Comment": "libchicken-devel-static is earlier than 0:5.4.0-alt1"
}
]
}
]
}
}
]
}

58
oval/c10f1/ALT-PU-2024-17258/objects.json Normal file
View File

@ -0,0 +1,58 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202417258001",
"Version": "1",
"Comment": "chicken is installed",
"Name": "chicken"
},
{
"ID": "oval:org.altlinux.errata:obj:202417258002",
"Version": "1",
"Comment": "chicken-docs is installed",
"Name": "chicken-docs"
},
{
"ID": "oval:org.altlinux.errata:obj:202417258003",
"Version": "1",
"Comment": "libchicken is installed",
"Name": "libchicken"
},
{
"ID": "oval:org.altlinux.errata:obj:202417258004",
"Version": "1",
"Comment": "libchicken-devel is installed",
"Name": "libchicken-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202417258005",
"Version": "1",
"Comment": "libchicken-devel-static is installed",
"Name": "libchicken-devel-static"
}
]
}

23
oval/c10f1/ALT-PU-2024-17258/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202417258001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.4.0-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.4.0-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

78
oval/c10f1/ALT-PU-2024-17258/tests.json Normal file
View File

@ -0,0 +1,78 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202417258001",
"Version": "1",
"Check": "all",
"Comment": "chicken is earlier than 0:5.4.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417258001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417258001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417258002",
"Version": "1",
"Check": "all",
"Comment": "chicken-docs is earlier than 0:5.4.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417258002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417258001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417258003",
"Version": "1",
"Check": "all",
"Comment": "libchicken is earlier than 0:5.4.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417258003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417258001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417258004",
"Version": "1",
"Check": "all",
"Comment": "libchicken-devel is earlier than 0:5.4.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417258004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417258001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417258005",
"Version": "1",
"Check": "all",
"Comment": "libchicken-devel-static is earlier than 0:5.4.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417258005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417258001"
}
}
]
}

238
oval/c9f2/ALT-PU-2024-16902/definitions.json Normal file
View File

@ -0,0 +1,238 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416902",
"Version": "oval:org.altlinux.errata:def:202416902",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16902: package `libleptonica` update to version 1.82.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16902",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16902",
"Source": "ALTPU"
},
{
"RefID": "BDU:2018-00492",
"RefURL": "https://bdu.fstec.ru/vul/2018-00492",
"Source": "BDU"
},
{
"RefID": "BDU:2018-00494",
"RefURL": "https://bdu.fstec.ru/vul/2018-00494",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05686",
"RefURL": "https://bdu.fstec.ru/vul/2022-05686",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07356",
"RefURL": "https://bdu.fstec.ru/vul/2024-07356",
"Source": "BDU"
},
{
"RefID": "CVE-2018-7186",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7186",
"Source": "CVE"
},
{
"RefID": "CVE-2018-7247",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7247",
"Source": "CVE"
},
{
"RefID": "CVE-2018-7440",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7440",
"Source": "CVE"
},
{
"RefID": "CVE-2018-7441",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7441",
"Source": "CVE"
},
{
"RefID": "CVE-2018-7442",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7442",
"Source": "CVE"
},
{
"RefID": "CVE-2020-36280",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-36280",
"Source": "CVE"
},
{
"RefID": "CVE-2022-38266",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-38266",
"Source": "CVE"
}
],
"Description": "This update upgrades libleptonica to version 1.82.0-alt1. \nSecurity Fix(es):\n\n * BDU:2018-00492: Уязвимость функции gplotMakeOutput библиотеки для работы с изображениями Leptonica, позволяющая нарушителю выполнить произвольную команду\n\n * BDU:2018-00494: Уязвимость функций gplotRead и ptaReadStream библиотеки для работы с изображениями Leptonica, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие\n\n * BDU:2022-05686: Уязвимость компонента tiffio.c библиотеки обработки изображений Leptonica, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-07356: Уязвимость библиотеки обработки изображений Leptonica, связанная с отсутствием проверки деления на ноль, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2018-7186: Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.\n\n * CVE-2018-7247: An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact.\n\n * CVE-2018-7440: An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.\n\n * CVE-2018-7441: Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c.\n\n * CVE-2018-7442: An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.\n\n * CVE-2020-36280: Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.\n\n * CVE-2022-38266: An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-19"
},
"Updated": {
"Date": "2024-12-19"
},
"BDUs": [
{
"ID": "BDU:2018-00492",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-77",
"Href": "https://bdu.fstec.ru/vul/2018-00492",
"Impact": "Critical",
"Public": "20180215"
},
{
"ID": "BDU:2018-00494",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2018-00494",
"Impact": "Critical",
"Public": "20180214"
},
{
"ID": "BDU:2022-05686",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2022-05686",
"Impact": "High",
"Public": "20200312"
},
{
"ID": "BDU:2024-07356",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2024-07356",
"Impact": "Low",
"Public": "20200715"
}
],
"CVEs": [
{
"ID": "CVE-2018-7186",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-7186",
"Impact": "Critical",
"Public": "20180216"
},
{
"ID": "CVE-2018-7247",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-7247",
"Impact": "Critical",
"Public": "20180219"
},
{
"ID": "CVE-2018-7440",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-78",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-7440",
"Impact": "Critical",
"Public": "20180223"
},
{
"ID": "CVE-2018-7441",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-7441",
"Impact": "High",
"Public": "20180223"
},
{
"ID": "CVE-2018-7442",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-22",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-7442",
"Impact": "Critical",
"Public": "20180223"
},
{
"ID": "CVE-2020-36280",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-36280",
"Impact": "High",
"Public": "20210312"
},
{
"ID": "CVE-2022-38266",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-38266",
"Impact": "Low",
"Public": "20220909"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416902001",
"Comment": "libleptonica is earlier than 0:1.82.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416902002",
"Comment": "libleptonica-devel is earlier than 0:1.82.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416902003",
"Comment": "libleptonica-devel-static is earlier than 0:1.82.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416902004",
"Comment": "libleptonica-doc is earlier than 0:1.82.0-alt1"
}
]
}
]
}
}
]
}

52
oval/c9f2/ALT-PU-2024-16902/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416902001",
"Version": "1",
"Comment": "libleptonica is installed",
"Name": "libleptonica"
},
{
"ID": "oval:org.altlinux.errata:obj:202416902002",
"Version": "1",
"Comment": "libleptonica-devel is installed",
"Name": "libleptonica-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416902003",
"Version": "1",
"Comment": "libleptonica-devel-static is installed",
"Name": "libleptonica-devel-static"
},
{
"ID": "oval:org.altlinux.errata:obj:202416902004",
"Version": "1",
"Comment": "libleptonica-doc is installed",
"Name": "libleptonica-doc"
}
]
}

23
oval/c9f2/ALT-PU-2024-16902/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416902001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.82.0-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.82.0-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/c9f2/ALT-PU-2024-16902/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416902001",
"Version": "1",
"Check": "all",
"Comment": "libleptonica is earlier than 0:1.82.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416902001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416902001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416902002",
"Version": "1",
"Check": "all",
"Comment": "libleptonica-devel is earlier than 0:1.82.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416902002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416902001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416902003",
"Version": "1",
"Check": "all",
"Comment": "libleptonica-devel-static is earlier than 0:1.82.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416902003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416902001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416902004",
"Version": "1",
"Check": "all",
"Comment": "libleptonica-doc is earlier than 0:1.82.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416902004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416902001"
}
}
]
}

101
oval/c9f2/ALT-PU-2024-17193/definitions.json Normal file
View File

@ -0,0 +1,101 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202417193",
"Version": "oval:org.altlinux.errata:def:202417193",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-17193: package `thefuck` update to version 3.31-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-17193",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-17193",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-04706",
"RefURL": "https://bdu.fstec.ru/vul/2021-04706",
"Source": "BDU"
},
{
"RefID": "CVE-2021-34363",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-34363",
"Source": "CVE"
}
],
"Description": "This update upgrades thefuck to version 3.31-alt1. \nSecurity Fix(es):\n\n * BDU:2021-04706: Уязвимость пакета TheFuck языка программирования Python, связанная с недостатками ограничения имени пути к каталогу, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании\n\n * CVE-2021-34363: The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the \"undo archive operation\" feature.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-19"
},
"Updated": {
"Date": "2024-12-19"
},
"BDUs": [
{
"ID": "BDU:2021-04706",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"CWE": "CWE-22",
"Href": "https://bdu.fstec.ru/vul/2021-04706",
"Impact": "Critical",
"Public": "20210617"
}
],
"CVEs": [
{
"ID": "CVE-2021-34363",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"CWE": "CWE-22",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-34363",
"Impact": "Critical",
"Public": "20210610"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202417193001",
"Comment": "thefuck is earlier than 0:3.31-alt1"
}
]
}
]
}
}
]
}

34
oval/c9f2/ALT-PU-2024-17193/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202417193001",
"Version": "1",
"Comment": "thefuck is installed",
"Name": "thefuck"
}
]
}

23
oval/c9f2/ALT-PU-2024-17193/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202417193001",
"Version": "1",
"Comment": "package EVR is earlier than 0:3.31-alt1",
"Arch": {},
"EVR": {
"Text": "0:3.31-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c9f2/ALT-PU-2024-17193/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202417193001",
"Version": "1",
"Check": "all",
"Comment": "thefuck is earlier than 0:3.31-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417193001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417193001"
}
}
]
}

101
oval/c9f2/ALT-PU-2024-17195/definitions.json Normal file
View File

@ -0,0 +1,101 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202417195",
"Version": "oval:org.altlinux.errata:def:202417195",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-17195: package `neomutt` update to version 20210205-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-17195",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-17195",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-04606",
"RefURL": "https://bdu.fstec.ru/vul/2021-04606",
"Source": "BDU"
},
{
"RefID": "CVE-2021-32055",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32055",
"Source": "CVE"
}
],
"Description": "This update upgrades neomutt to version 20210205-alt2. \nSecurity Fix(es):\n\n * BDU:2021-04606: Уязвимость компонента imap/util.c почтовых клиентов Mutt и NeoMutt, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании\n\n * CVE-2021-32055: Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-19"
},
"Updated": {
"Date": "2024-12-19"
},
"BDUs": [
{
"ID": "BDU:2021-04606",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-04606",
"Impact": "Critical",
"Public": "20210504"
}
],
"CVEs": [
{
"ID": "CVE-2021-32055",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32055",
"Impact": "Critical",
"Public": "20210505"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202417195001",
"Comment": "neomutt is earlier than 0:20210205-alt2"
}
]
}
]
}
}
]
}

34
oval/c9f2/ALT-PU-2024-17195/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202417195001",
"Version": "1",
"Comment": "neomutt is installed",
"Name": "neomutt"
}
]
}

23
oval/c9f2/ALT-PU-2024-17195/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202417195001",
"Version": "1",
"Comment": "package EVR is earlier than 0:20210205-alt2",
"Arch": {},
"EVR": {
"Text": "0:20210205-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c9f2/ALT-PU-2024-17195/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202417195001",
"Version": "1",
"Check": "all",
"Comment": "neomutt is earlier than 0:20210205-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417195001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417195001"
}
}
]
}

179
oval/c9f2/ALT-PU-2024-17262/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

76
oval/c9f2/ALT-PU-2024-17262/objects.json Normal file
View File

@ -0,0 +1,76 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202417262001",
"Version": "1",
"Comment": "java-17-openjdk is installed",
"Name": "java-17-openjdk"
},
{
"ID": "oval:org.altlinux.errata:obj:202417262002",
"Version": "1",
"Comment": "java-17-openjdk-demo is installed",
"Name": "java-17-openjdk-demo"
},
{
"ID": "oval:org.altlinux.errata:obj:202417262003",
"Version": "1",
"Comment": "java-17-openjdk-devel is installed",
"Name": "java-17-openjdk-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202417262004",
"Version": "1",
"Comment": "java-17-openjdk-headless is installed",
"Name": "java-17-openjdk-headless"
},
{
"ID": "oval:org.altlinux.errata:obj:202417262005",
"Version": "1",
"Comment": "java-17-openjdk-javadoc is installed",
"Name": "java-17-openjdk-javadoc"
},
{
"ID": "oval:org.altlinux.errata:obj:202417262006",
"Version": "1",
"Comment": "java-17-openjdk-javadoc-zip is installed",
"Name": "java-17-openjdk-javadoc-zip"
},
{
"ID": "oval:org.altlinux.errata:obj:202417262007",
"Version": "1",
"Comment": "java-17-openjdk-jmods is installed",
"Name": "java-17-openjdk-jmods"
},
{
"ID": "oval:org.altlinux.errata:obj:202417262008",
"Version": "1",
"Comment": "java-17-openjdk-src is installed",
"Name": "java-17-openjdk-src"
}
]
}

23
oval/c9f2/ALT-PU-2024-17262/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202417262001",
"Version": "1",
"Comment": "package EVR is earlier than 0:17.0.13.0.11-alt0.c9.1",
"Arch": {},
"EVR": {
"Text": "0:17.0.13.0.11-alt0.c9.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

114
oval/c9f2/ALT-PU-2024-17262/tests.json Normal file
View File

@ -0,0 +1,114 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202417262001",
"Version": "1",
"Check": "all",
"Comment": "java-17-openjdk is earlier than 0:17.0.13.0.11-alt0.c9.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417262001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417262001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417262002",
"Version": "1",
"Check": "all",
"Comment": "java-17-openjdk-demo is earlier than 0:17.0.13.0.11-alt0.c9.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417262002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417262001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417262003",
"Version": "1",
"Check": "all",
"Comment": "java-17-openjdk-devel is earlier than 0:17.0.13.0.11-alt0.c9.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417262003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417262001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417262004",
"Version": "1",
"Check": "all",
"Comment": "java-17-openjdk-headless is earlier than 0:17.0.13.0.11-alt0.c9.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417262004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417262001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417262005",
"Version": "1",
"Check": "all",
"Comment": "java-17-openjdk-javadoc is earlier than 0:17.0.13.0.11-alt0.c9.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417262005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417262001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417262006",
"Version": "1",
"Check": "all",
"Comment": "java-17-openjdk-javadoc-zip is earlier than 0:17.0.13.0.11-alt0.c9.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417262006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417262001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417262007",
"Version": "1",
"Check": "all",
"Comment": "java-17-openjdk-jmods is earlier than 0:17.0.13.0.11-alt0.c9.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417262007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417262001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417262008",
"Version": "1",
"Check": "all",
"Comment": "java-17-openjdk-src is earlier than 0:17.0.13.0.11-alt0.c9.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417262008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417262001"
}
}
]
}

118
oval/p10/ALT-PU-2024-16430/definitions.json Normal file
View File

@ -0,0 +1,118 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416430",
"Version": "oval:org.altlinux.errata:def:202416430",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16430: package `ImageMagick` update to version 6.9.13.19-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit",
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16430",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16430",
"Source": "ALTPU"
}
],
"Description": "This update upgrades ImageMagick to version 6.9.13.19-alt1. \nSecurity Fix(es):\n\n * #51794: Искажение цвета в hasher при преобразовании svg в png",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-19"
},
"Updated": {
"Date": "2024-12-19"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "51794",
"Href": "https://bugzilla.altlinux.org/51794",
"Data": "Искажение цвета в hasher при преобразовании svg в png"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:container:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416430001",
"Comment": "ImageMagick is earlier than 0:6.9.13.19-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416430002",
"Comment": "ImageMagick-doc is earlier than 0:6.9.13.19-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416430003",
"Comment": "ImageMagick-tools is earlier than 0:6.9.13.19-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416430004",
"Comment": "libImageMagick++6.9 is earlier than 0:6.9.13.19-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416430005",
"Comment": "libImageMagick-devel is earlier than 0:6.9.13.19-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416430006",
"Comment": "libImageMagick6-common is earlier than 0:6.9.13.19-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416430007",
"Comment": "libImageMagick6.7 is earlier than 0:6.9.13.19-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416430008",
"Comment": "perl-Magick is earlier than 0:6.9.13.19-alt1"
}
]
}
]
}
}
]
}

76
oval/p10/ALT-PU-2024-16430/objects.json Normal file
View File

@ -0,0 +1,76 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416430001",
"Version": "1",
"Comment": "ImageMagick is installed",
"Name": "ImageMagick"
},
{
"ID": "oval:org.altlinux.errata:obj:202416430002",
"Version": "1",
"Comment": "ImageMagick-doc is installed",
"Name": "ImageMagick-doc"
},
{
"ID": "oval:org.altlinux.errata:obj:202416430003",
"Version": "1",
"Comment": "ImageMagick-tools is installed",
"Name": "ImageMagick-tools"
},
{
"ID": "oval:org.altlinux.errata:obj:202416430004",
"Version": "1",
"Comment": "libImageMagick++6.9 is installed",
"Name": "libImageMagick++6.9"
},
{
"ID": "oval:org.altlinux.errata:obj:202416430005",
"Version": "1",
"Comment": "libImageMagick-devel is installed",
"Name": "libImageMagick-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416430006",
"Version": "1",
"Comment": "libImageMagick6-common is installed",
"Name": "libImageMagick6-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202416430007",
"Version": "1",
"Comment": "libImageMagick6.7 is installed",
"Name": "libImageMagick6.7"
},
{
"ID": "oval:org.altlinux.errata:obj:202416430008",
"Version": "1",
"Comment": "perl-Magick is installed",
"Name": "perl-Magick"
}
]
}

23
oval/p10/ALT-PU-2024-16430/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416430001",
"Version": "1",
"Comment": "package EVR is earlier than 0:6.9.13.19-alt1",
"Arch": {},
"EVR": {
"Text": "0:6.9.13.19-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

114
oval/p10/ALT-PU-2024-16430/tests.json Normal file
View File

@ -0,0 +1,114 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416430001",
"Version": "1",
"Check": "all",
"Comment": "ImageMagick is earlier than 0:6.9.13.19-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416430001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416430001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416430002",
"Version": "1",
"Check": "all",
"Comment": "ImageMagick-doc is earlier than 0:6.9.13.19-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416430002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416430001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416430003",
"Version": "1",
"Check": "all",
"Comment": "ImageMagick-tools is earlier than 0:6.9.13.19-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416430003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416430001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416430004",
"Version": "1",
"Check": "all",
"Comment": "libImageMagick++6.9 is earlier than 0:6.9.13.19-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416430004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416430001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416430005",
"Version": "1",
"Check": "all",
"Comment": "libImageMagick-devel is earlier than 0:6.9.13.19-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416430005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416430001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416430006",
"Version": "1",
"Check": "all",
"Comment": "libImageMagick6-common is earlier than 0:6.9.13.19-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416430006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416430001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416430007",
"Version": "1",
"Check": "all",
"Comment": "libImageMagick6.7 is earlier than 0:6.9.13.19-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416430007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416430001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416430008",
"Version": "1",
"Check": "all",
"Comment": "perl-Magick is earlier than 0:6.9.13.19-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416430008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416430001"
}
}
]
}

107
oval/p10/ALT-PU-2024-16546/definitions.json Normal file
View File

@ -0,0 +1,107 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416546",
"Version": "oval:org.altlinux.errata:def:202416546",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16546: package `plasma5-addons` update to version 5.27.11-alt5",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit",
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16546",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16546",
"Source": "ALTPU"
}
],
"Description": "This update upgrades plasma5-addons to version 5.27.11-alt5. \nSecurity Fix(es):\n\n * #45528: Сбрасывается выбранная кнопка \"Fixed scale\" в настройках виджета \"Веб-браузер\" в plasma5-desktop.\n\n * #45957: Не работает активация по комбинации клавиш в виджета \"Заметки\" в plasma5-addons.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-19"
},
"Updated": {
"Date": "2024-12-19"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "45528",
"Href": "https://bugzilla.altlinux.org/45528",
"Data": "Сбрасывается выбранная кнопка \"Fixed scale\" в настройках виджета \"Веб-браузер\" в plasma5-desktop."
},
{
"ID": "45957",
"Href": "https://bugzilla.altlinux.org/45957",
"Data": "Не работает активация по комбинации клавиш в виджета \"Заметки\" в plasma5-addons."
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:container:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416546001",
"Comment": "libplasmapotdprovidercore0 is earlier than 1:5.27.11-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416546002",
"Comment": "plasma5-addons is earlier than 1:5.27.11-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416546003",
"Comment": "plasma5-addons-common is earlier than 1:5.27.11-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416546004",
"Comment": "plasma5-addons-devel is earlier than 1:5.27.11-alt5"
}
]
}
]
}
}
]
}

52
oval/p10/ALT-PU-2024-16546/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416546001",
"Version": "1",
"Comment": "libplasmapotdprovidercore0 is installed",
"Name": "libplasmapotdprovidercore0"
},
{
"ID": "oval:org.altlinux.errata:obj:202416546002",
"Version": "1",
"Comment": "plasma5-addons is installed",
"Name": "plasma5-addons"
},
{
"ID": "oval:org.altlinux.errata:obj:202416546003",
"Version": "1",
"Comment": "plasma5-addons-common is installed",
"Name": "plasma5-addons-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202416546004",
"Version": "1",
"Comment": "plasma5-addons-devel is installed",
"Name": "plasma5-addons-devel"
}
]
}

23
oval/p10/ALT-PU-2024-16546/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416546001",
"Version": "1",
"Comment": "package EVR is earlier than 1:5.27.11-alt5",
"Arch": {},
"EVR": {
"Text": "1:5.27.11-alt5",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/p10/ALT-PU-2024-16546/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416546001",
"Version": "1",
"Check": "all",
"Comment": "libplasmapotdprovidercore0 is earlier than 1:5.27.11-alt5",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416546001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416546001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416546002",
"Version": "1",
"Check": "all",
"Comment": "plasma5-addons is earlier than 1:5.27.11-alt5",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416546002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416546001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416546003",
"Version": "1",
"Check": "all",
"Comment": "plasma5-addons-common is earlier than 1:5.27.11-alt5",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416546003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416546001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416546004",
"Version": "1",
"Check": "all",
"Comment": "plasma5-addons-devel is earlier than 1:5.27.11-alt5",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416546004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416546001"
}
}
]
}

268
oval/p10/ALT-PU-2024-16925/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

76
oval/p10/ALT-PU-2024-16925/objects.json Normal file
View File

@ -0,0 +1,76 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416925001",
"Version": "1",
"Comment": "libcrypto1.1 is installed",
"Name": "libcrypto1.1"
},
{
"ID": "oval:org.altlinux.errata:obj:202416925002",
"Version": "1",
"Comment": "libssl-devel is installed",
"Name": "libssl-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416925003",
"Version": "1",
"Comment": "libssl-devel-static is installed",
"Name": "libssl-devel-static"
},
{
"ID": "oval:org.altlinux.errata:obj:202416925004",
"Version": "1",
"Comment": "libssl1.1 is installed",
"Name": "libssl1.1"
},
{
"ID": "oval:org.altlinux.errata:obj:202416925005",
"Version": "1",
"Comment": "openssl is installed",
"Name": "openssl"
},
{
"ID": "oval:org.altlinux.errata:obj:202416925006",
"Version": "1",
"Comment": "openssl-doc is installed",
"Name": "openssl-doc"
},
{
"ID": "oval:org.altlinux.errata:obj:202416925007",
"Version": "1",
"Comment": "openssl-engines is installed",
"Name": "openssl-engines"
},
{
"ID": "oval:org.altlinux.errata:obj:202416925008",
"Version": "1",
"Comment": "tsget is installed",
"Name": "tsget"
}
]
}

23
oval/p10/ALT-PU-2024-16925/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416925001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.1.1w-alt0.p10.2",
"Arch": {},
"EVR": {
"Text": "0:1.1.1w-alt0.p10.2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

114
oval/p10/ALT-PU-2024-16925/tests.json Normal file
View File

@ -0,0 +1,114 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416925001",
"Version": "1",
"Check": "all",
"Comment": "libcrypto1.1 is earlier than 0:1.1.1w-alt0.p10.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416925001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416925001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416925002",
"Version": "1",
"Check": "all",
"Comment": "libssl-devel is earlier than 0:1.1.1w-alt0.p10.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416925002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416925001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416925003",
"Version": "1",
"Check": "all",
"Comment": "libssl-devel-static is earlier than 0:1.1.1w-alt0.p10.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416925003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416925001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416925004",
"Version": "1",
"Check": "all",
"Comment": "libssl1.1 is earlier than 0:1.1.1w-alt0.p10.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416925004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416925001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416925005",
"Version": "1",
"Check": "all",
"Comment": "openssl is earlier than 0:1.1.1w-alt0.p10.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416925005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416925001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416925006",
"Version": "1",
"Check": "all",
"Comment": "openssl-doc is earlier than 0:1.1.1w-alt0.p10.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416925006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416925001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416925007",
"Version": "1",
"Check": "all",
"Comment": "openssl-engines is earlier than 0:1.1.1w-alt0.p10.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416925007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416925001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416925008",
"Version": "1",
"Check": "all",
"Comment": "tsget is earlier than 0:1.1.1w-alt0.p10.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416925008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416925001"
}
}
]
}

131
oval/p10/ALT-PU-2024-16947/definitions.json Normal file
View File

@ -0,0 +1,131 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416947",
"Version": "oval:org.altlinux.errata:def:202416947",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16947: package `redis` update to version 6.2.16-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit",
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16947",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16947",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-07792",
"RefURL": "https://bdu.fstec.ru/vul/2024-07792",
"Source": "BDU"
},
{
"RefID": "CVE-2024-31228",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-31228",
"Source": "CVE"
},
{
"RefID": "CVE-2024-31449",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-31449",
"Source": "CVE"
}
],
"Description": "This update upgrades redis to version 6.2.16-alt1. \nSecurity Fix(es):\n\n * BDU:2024-07792: Уязвимость системы управления базами данных (СУБД) Redis, связанная с переполнением буфера в стеке, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2024-31228: Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n * CVE-2024-31449: Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-19"
},
"Updated": {
"Date": "2024-12-19"
},
"BDUs": [
{
"ID": "BDU:2024-07792",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-121",
"Href": "https://bdu.fstec.ru/vul/2024-07792",
"Impact": "High",
"Public": "20241002"
}
],
"CVEs": [
{
"ID": "CVE-2024-31228",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-31228",
"Impact": "None",
"Public": "20241007"
},
{
"ID": "CVE-2024-31449",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-31449",
"Impact": "None",
"Public": "20241007"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:container:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416947001",
"Comment": "redis is earlier than 0:6.2.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416947002",
"Comment": "redis-cli is earlier than 0:6.2.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416947003",
"Comment": "redis-devel is earlier than 0:6.2.16-alt1"
}
]
}
]
}
}
]
}

46
oval/p10/ALT-PU-2024-16947/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416947001",
"Version": "1",
"Comment": "redis is installed",
"Name": "redis"
},
{
"ID": "oval:org.altlinux.errata:obj:202416947002",
"Version": "1",
"Comment": "redis-cli is installed",
"Name": "redis-cli"
},
{
"ID": "oval:org.altlinux.errata:obj:202416947003",
"Version": "1",
"Comment": "redis-devel is installed",
"Name": "redis-devel"
}
]
}

23
oval/p10/ALT-PU-2024-16947/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416947001",
"Version": "1",
"Comment": "package EVR is earlier than 0:6.2.16-alt1",
"Arch": {},
"EVR": {
"Text": "0:6.2.16-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/p10/ALT-PU-2024-16947/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416947001",
"Version": "1",
"Check": "all",
"Comment": "redis is earlier than 0:6.2.16-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416947001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416947001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416947002",
"Version": "1",
"Check": "all",
"Comment": "redis-cli is earlier than 0:6.2.16-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416947002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416947001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416947003",
"Version": "1",
"Check": "all",
"Comment": "redis-devel is earlier than 0:6.2.16-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416947003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416947001"
}
}
]
}

104
oval/p11/ALT-PU-2024-16919/definitions.json Normal file
View File

@ -0,0 +1,104 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416919",
"Version": "oval:org.altlinux.errata:def:202416919",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16919: package `curl` update to version 8.11.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16919",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16919",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-11106",
"RefURL": "https://bdu.fstec.ru/vul/2024-11106",
"Source": "BDU"
},
{
"RefID": "CVE-2024-11053",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053",
"Source": "CVE"
}
],
"Description": "This update upgrades curl to version 8.11.1-alt1. \nSecurity Fix(es):\n\n * BDU:2024-11106: Уязвимость обработчика netrc-файлов утилиты командной строки cURL, позволяющая нарушителю получить доступ к учётным данным\n\n * CVE-2024-11053: When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-19"
},
"Updated": {
"Date": "2024-12-19"
},
"BDUs": [
{
"ID": "BDU:2024-11106",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2024-11106",
"Impact": "Critical",
"Public": "20241108"
}
],
"CVEs": [
{
"ID": "CVE-2024-11053",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053",
"Impact": "None",
"Public": "20241211"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416919001",
"Comment": "curl is earlier than 0:8.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416919002",
"Comment": "libcurl is earlier than 0:8.11.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416919003",
"Comment": "libcurl-devel is earlier than 0:8.11.1-alt1"
}
]
}
]
}
}
]
}

46
oval/p11/ALT-PU-2024-16919/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416919001",
"Version": "1",
"Comment": "curl is installed",
"Name": "curl"
},
{
"ID": "oval:org.altlinux.errata:obj:202416919002",
"Version": "1",
"Comment": "libcurl is installed",
"Name": "libcurl"
},
{
"ID": "oval:org.altlinux.errata:obj:202416919003",
"Version": "1",
"Comment": "libcurl-devel is installed",
"Name": "libcurl-devel"
}
]
}

23
oval/p11/ALT-PU-2024-16919/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416919001",
"Version": "1",
"Comment": "package EVR is earlier than 0:8.11.1-alt1",
"Arch": {},
"EVR": {
"Text": "0:8.11.1-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/p11/ALT-PU-2024-16919/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p11' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416919001",
"Version": "1",
"Check": "all",
"Comment": "curl is earlier than 0:8.11.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416919001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416919001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416919002",
"Version": "1",
"Check": "all",
"Comment": "libcurl is earlier than 0:8.11.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416919002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416919001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416919003",
"Version": "1",
"Check": "all",
"Comment": "libcurl-devel is earlier than 0:8.11.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416919003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416919001"
}
}
]
}

75
oval/p11/ALT-PU-2024-17270/definitions.json Normal file
View File

@ -0,0 +1,75 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202417270",
"Version": "oval:org.altlinux.errata:def:202417270",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-17270: package `python3-module-pg_activity` update to version 3.5.1-alt3",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-17270",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-17270",
"Source": "ALTPU"
}
],
"Description": "This update upgrades python3-module-pg_activity to version 3.5.1-alt3. \nSecurity Fix(es):\n\n * #52272: Выделить исполняемый файл в подпакет pg-activity",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-19"
},
"Updated": {
"Date": "2024-12-19"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "52272",
"Href": "https://bugzilla.altlinux.org/52272",
"Data": "Выделить исполняемый файл в подпакет pg-activity"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202417270001",
"Comment": "python3-module-pg_activity is earlier than 0:3.5.1-alt3"
}
]
}
]
}
}
]
}

34
oval/p11/ALT-PU-2024-17270/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202417270001",
"Version": "1",
"Comment": "python3-module-pg_activity is installed",
"Name": "python3-module-pg_activity"
}
]
}

23
oval/p11/ALT-PU-2024-17270/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202417270001",
"Version": "1",
"Comment": "package EVR is earlier than 0:3.5.1-alt3",
"Arch": {},
"EVR": {
"Text": "0:3.5.1-alt3",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p11/ALT-PU-2024-17270/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p11' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202417270001",
"Version": "1",
"Check": "all",
"Comment": "python3-module-pg_activity is earlier than 0:3.5.1-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417270001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417270001"
}
}
]
}