pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-02-02 21:03:24 +00:00
parent dc9f50e755
commit 4493c7b648
4 changed files with 219 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
oval/p10/ALT-PU-2024-1361/definitions.json Normal file
View File

@ -0,0 +1,114 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241361",
"Version": "oval:org.altlinux.errata:def:20241361",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1361: package `python3-module-celery` update to version 5.3.4-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1361",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1361",
"Source": "ALTPU"
},
{
"RefID": "CVE-2021-23727",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-23727",
"Source": "CVE"
}
],
"Description": "This update upgrades python3-module-celery to version 5.3.4-alt1. \nSecurity Fix(es):\n\n * CVE-2021-23727: This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-02-02"
},
"Updated": {
"Date": "2024-02-02"
},
"bdu": null,
"Cves": [
{
"Cvss": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"Cvss3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-77",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-23727",
"Impact": "High",
"Public": "20211229",
"CveID": "CVE-2021-23727"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241361001",
"Comment": "python3-module-celery is earlier than 0:5.3.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241361002",
"Comment": "python3-module-celery-sphinx is earlier than 0:5.3.4-alt1"
}
]
}
]
}
}
]
}

40
oval/p10/ALT-PU-2024-1361/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241361001",
"Version": "1",
"comment": "python3-module-celery is installed",
"Name": "python3-module-celery"
},
{
"ID": "oval:org.altlinux.errata:obj:20241361002",
"Version": "1",
"comment": "python3-module-celery-sphinx is installed",
"Name": "python3-module-celery-sphinx"
}
]
}

23
oval/p10/ALT-PU-2024-1361/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241361001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.3.4-alt1",
"Arch": {},
"Evr": {
"Text": "0:5.3.4-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/p10/ALT-PU-2024-1361/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241361001",
"Version": "1",
"Check": "all",
"Comment": "python3-module-celery is earlier than 0:5.3.4-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241361001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241361001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241361002",
"Version": "1",
"Check": "all",
"Comment": "python3-module-celery-sphinx is earlier than 0:5.3.4-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241361002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241361001"
}
}
]
}