pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-11-14 15:05:18 +00:00
parent 79b58e4266
commit 47e32656c0
58 changed files with 5004 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
oval/c10f1/ALT-PU-2021-2943/definitions.json
View File

File diff suppressed because one or more lines are too long

117
oval/c10f1/ALT-PU-2023-4125/definitions.json
View File

@ -24,24 +24,101 @@
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-4125",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-07676",
"RefURL": "https://bdu.fstec.ru/vul/2024-07676",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07677",
"RefURL": "https://bdu.fstec.ru/vul/2024-07677",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07679",
"RefURL": "https://bdu.fstec.ru/vul/2024-07679",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07680",
"RefURL": "https://bdu.fstec.ru/vul/2024-07680",
"Source": "BDU"
},
{
"RefID": "CVE-2023-3247",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-3247",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8925",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8925",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8926",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8926",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8927",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8927",
"Source": "CVE"
},
{
"RefID": "CVE-2024-9026",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-9026",
"Source": "CVE"
}
],
"Description": "This update upgrades php8.0 to version 8.0.29-alt1. \nSecurity Fix(es):\n\n * CVE-2023-3247: In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. \n\n",
"Description": "This update upgrades php8.0 to version 8.0.29-alt1. \nSecurity Fix(es):\n\n * BDU:2024-07676: Уязвимость интерпретатора языка программирования PHP, связанная с недостаточной проверкой входных данных, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-07677: Уязвимость интерпретатора языка программирования PHP, существующая из-за непринятия мер по нейтрализации специальных элементов, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-07679: Уязвимость сценария cgi.force_redirect интерпретатора языка программирования PHP, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2024-07680: Уязвимость интерпретатора языка программирования PHP, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * CVE-2023-3247: In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. \n\n\n\n * CVE-2024-8925: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.\n\n * CVE-2024-8926: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.\n\n * CVE-2024-8927: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.\n\n * CVE-2024-9026: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-06-30"
},
"Updated": {
"Date": "2023-06-30"
"Date": "2024-11-14"
},
"BDUs": null,
"BDUs": [
{
"ID": "BDU:2024-07676",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2024-07676",
"Impact": "Critical",
"Public": "20240929"
},
{
"ID": "BDU:2024-07677",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-78",
"Href": "https://bdu.fstec.ru/vul/2024-07677",
"Impact": "Critical",
"Public": "20240929"
},
{
"ID": "BDU:2024-07679",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-254",
"Href": "https://bdu.fstec.ru/vul/2024-07679",
"Impact": "Critical",
"Public": "20240929"
},
{
"ID": "BDU:2024-07680",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-778",
"Href": "https://bdu.fstec.ru/vul/2024-07680",
"Impact": "Critical",
"Public": "20240929"
}
],
"CVEs": [
{
"ID": "CVE-2023-3247",
@ -50,6 +127,38 @@
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-3247",
"Impact": "Low",
"Public": "20230722"
},
{
"ID": "CVE-2024-8925",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8925",
"Impact": "Low",
"Public": "20241008"
},
{
"ID": "CVE-2024-8926",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-78",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8926",
"Impact": "High",
"Public": "20241008"
},
{
"ID": "CVE-2024-8927",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8927",
"Impact": "High",
"Public": "20241008"
},
{
"ID": "CVE-2024-9026",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-9026",
"Impact": "Low",
"Public": "20241008"
}
],
"AffectedCPEs": {

170
oval/c10f1/ALT-PU-2023-8445/definitions.json Normal file
View File

@ -0,0 +1,170 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20238445",
"Version": "oval:org.altlinux.errata:def:20238445",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-8445: package `php8.2` update to version 8.2.3-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-8445",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-8445",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-02263",
"RefURL": "https://bdu.fstec.ru/vul/2023-02263",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02264",
"RefURL": "https://bdu.fstec.ru/vul/2023-02264",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07326",
"RefURL": "https://bdu.fstec.ru/vul/2024-07326",
"Source": "BDU"
},
{
"RefID": "CVE-2023-0567",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-0567",
"Source": "CVE"
},
{
"RefID": "CVE-2023-0568",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-0568",
"Source": "CVE"
},
{
"RefID": "CVE-2023-0662",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-0662",
"Source": "CVE"
}
],
"Description": "This update upgrades php8.2 to version 8.2.3-alt1. \nSecurity Fix(es):\n\n * BDU:2023-02263: Уязвимость интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-02264: Уязвимость интерпретатора языка программирования PHP, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность\n\n * BDU:2024-07326: Уязвимость функции верификации пароля языка программирования PHP, связанная с недостаточным вычислением хеша пароля, позволяющая нарушителю оказать воздействие на целостность данных\n\n * CVE-2023-0567: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. \n\n\n\n * CVE-2023-0568: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. \n\n * CVE-2023-0662: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. ",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-14"
},
"Updated": {
"Date": "2024-11-14"
},
"BDUs": [
{
"ID": "BDU:2023-02263",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2023-02263",
"Impact": "High",
"Public": "20230216"
},
{
"ID": "BDU:2023-02264",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-131, CWE-770",
"Href": "https://bdu.fstec.ru/vul/2023-02264",
"Impact": "High",
"Public": "20230216"
},
{
"ID": "BDU:2024-07326",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-916",
"Href": "https://bdu.fstec.ru/vul/2024-07326",
"Impact": "Low",
"Public": "20230105"
}
],
"CVEs": [
{
"ID": "CVE-2023-0567",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-916",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-0567",
"Impact": "Low",
"Public": "20230301"
},
{
"ID": "CVE-2023-0568",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-0568",
"Impact": "High",
"Public": "20230216"
},
{
"ID": "CVE-2023-0662",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-0662",
"Impact": "High",
"Public": "20230216"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20238445001",
"Comment": "php8.2 is earlier than 0:8.2.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20238445002",
"Comment": "php8.2-devel is earlier than 0:8.2.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20238445003",
"Comment": "php8.2-libs is earlier than 0:8.2.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20238445004",
"Comment": "php8.2-mysqlnd is earlier than 0:8.2.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20238445005",
"Comment": "rpm-build-php8.2-version is earlier than 0:8.2.3-alt1"
}
]
}
]
}
}
]
}

58
oval/c10f1/ALT-PU-2023-8445/objects.json Normal file
View File

@ -0,0 +1,58 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20238445001",
"Version": "1",
"Comment": "php8.2 is installed",
"Name": "php8.2"
},
{
"ID": "oval:org.altlinux.errata:obj:20238445002",
"Version": "1",
"Comment": "php8.2-devel is installed",
"Name": "php8.2-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20238445003",
"Version": "1",
"Comment": "php8.2-libs is installed",
"Name": "php8.2-libs"
},
{
"ID": "oval:org.altlinux.errata:obj:20238445004",
"Version": "1",
"Comment": "php8.2-mysqlnd is installed",
"Name": "php8.2-mysqlnd"
},
{
"ID": "oval:org.altlinux.errata:obj:20238445005",
"Version": "1",
"Comment": "rpm-build-php8.2-version is installed",
"Name": "rpm-build-php8.2-version"
}
]
}

23
oval/c10f1/ALT-PU-2023-8445/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20238445001",
"Version": "1",
"Comment": "package EVR is earlier than 0:8.2.3-alt1",
"Arch": {},
"EVR": {
"Text": "0:8.2.3-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

78
oval/c10f1/ALT-PU-2023-8445/tests.json Normal file
View File

@ -0,0 +1,78 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20238445001",
"Version": "1",
"Check": "all",
"Comment": "php8.2 is earlier than 0:8.2.3-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20238445001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20238445001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20238445002",
"Version": "1",
"Check": "all",
"Comment": "php8.2-devel is earlier than 0:8.2.3-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20238445002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20238445001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20238445003",
"Version": "1",
"Check": "all",
"Comment": "php8.2-libs is earlier than 0:8.2.3-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20238445003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20238445001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20238445004",
"Version": "1",
"Check": "all",
"Comment": "php8.2-mysqlnd is earlier than 0:8.2.3-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20238445004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20238445001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20238445005",
"Version": "1",
"Check": "all",
"Comment": "rpm-build-php8.2-version is earlier than 0:8.2.3-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20238445005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20238445001"
}
}
]
}

89
oval/c10f1/ALT-PU-2024-15469/definitions.json Normal file
View File

@ -0,0 +1,89 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415469",
"Version": "oval:org.altlinux.errata:def:202415469",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15469: package `log4cxx` update to version 1.1.0-alt1_3",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15469",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15469",
"Source": "ALTPU"
},
{
"RefID": "CVE-2023-31038",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-31038",
"Source": "CVE"
}
],
"Description": "This update upgrades log4cxx to version 1.1.0-alt1_3. \nSecurity Fix(es):\n\n * CVE-2023-31038: SQL injection in Log4cxx when using the ODBC appender to send log messages to a database.  No fields sent to the database were properly escaped for SQL injection.  This has been the case since at least version 0.9.0(released 2003-08-06)\n\n\n\n\nNote that Log4cxx is a C++ framework, so only C++ applications are affected.\n\nBefore version 1.1.0, the ODBC appender was automatically part of Log4cxx if the library was found when compiling the library.  As of version 1.1.0, this must be both explicitly enabled in order to be compiled in.\n\n\n\n\nThree preconditions must be met for this vulnerability to be possible:\n\n1. Log4cxx compiled with ODBC support(before version 1.1.0, this was auto-detected at compile time)\n\n2. ODBCAppender enabled for logging messages to, generally done via a config file\n\n3. User input is logged at some point. If your application does not have user input, it is unlikely to be affected.\n\n\n\n\n\nUsers are recommended to upgrade to version 1.1.0 which properly binds the parameters to the SQL statement, or migrate to the new DBAppender class which supports an ODBC connection in addition to other databases. \nNote that this fix does require a configuration file update, as the old configuration files will not configure properly.  An example is shown below, and more information may be found in the Log4cxx documentation on the ODBCAppender.\n\n\n\n\n\nExample of old configuration snippet:\n\n\u003cappender name=\"SqlODBCAppender\" class=\"ODBCAppender\"\u003e\n\n    \u003cparam name=\"sql\" value=\"INSERT INTO logs (message) VALUES ('%m')\" /\u003e\n\n    ... other params here ...\n\n\u003c/appender\u003e\n\n\n\n\nThe migrated configuration snippet with new ColumnMapping parameters:\n\n\n\u003cappender name=\"SqlODBCAppender\" class=\"ODBCAppender\"\u003e\n\n\n\n\n    \u003cparam name=\"sql\" value=\"INSERT INTO logs (message) VALUES (?)\" /\u003e\n\n    \u003cparam name=\"ColumnMapping\" value=\"message\"/\u003e\n    ... other params here ...\n\n\n\u003c/appender\u003e\n\n\n\n\n\n",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-13"
},
"Updated": {
"Date": "2024-11-13"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2023-31038",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-89",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-31038",
"Impact": "High",
"Public": "20230508"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415469001",
"Comment": "log4cxx is earlier than 0:1.1.0-alt1_3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415469002",
"Comment": "log4cxx-devel is earlier than 0:1.1.0-alt1_3"
}
]
}
]
}
}
]
}

40
oval/c10f1/ALT-PU-2024-15469/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415469001",
"Version": "1",
"Comment": "log4cxx is installed",
"Name": "log4cxx"
},
{
"ID": "oval:org.altlinux.errata:obj:202415469002",
"Version": "1",
"Comment": "log4cxx-devel is installed",
"Name": "log4cxx-devel"
}
]
}

23
oval/c10f1/ALT-PU-2024-15469/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415469001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.1.0-alt1_3",
"Arch": {},
"EVR": {
"Text": "0:1.1.0-alt1_3",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/c10f1/ALT-PU-2024-15469/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415469001",
"Version": "1",
"Check": "all",
"Comment": "log4cxx is earlier than 0:1.1.0-alt1_3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415469001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415469001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415469002",
"Version": "1",
"Check": "all",
"Comment": "log4cxx-devel is earlier than 0:1.1.0-alt1_3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415469002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415469001"
}
}
]
}

95
oval/c10f1/ALT-PU-2024-15496/definitions.json Normal file
View File

@ -0,0 +1,95 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415496",
"Version": "oval:org.altlinux.errata:def:202415496",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15496: package `unbound` update to version 1.20.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15496",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15496",
"Source": "ALTPU"
},
{
"RefID": "CVE-2024-8508",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8508",
"Source": "CVE"
}
],
"Description": "This update upgrades unbound to version 1.20.1-alt1. \nSecurity Fix(es):\n\n * CVE-2024-8508: NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-13"
},
"Updated": {
"Date": "2024-11-13"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2024-8508",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8508",
"Impact": "None",
"Public": "20241003"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415496001",
"Comment": "libunbound is earlier than 0:1.20.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415496002",
"Comment": "libunbound-devel is earlier than 0:1.20.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415496003",
"Comment": "unbound is earlier than 0:1.20.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415496004",
"Comment": "unbound-control is earlier than 0:1.20.1-alt1"
}
]
}
]
}
}
]
}

52
oval/c10f1/ALT-PU-2024-15496/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415496001",
"Version": "1",
"Comment": "libunbound is installed",
"Name": "libunbound"
},
{
"ID": "oval:org.altlinux.errata:obj:202415496002",
"Version": "1",
"Comment": "libunbound-devel is installed",
"Name": "libunbound-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202415496003",
"Version": "1",
"Comment": "unbound is installed",
"Name": "unbound"
},
{
"ID": "oval:org.altlinux.errata:obj:202415496004",
"Version": "1",
"Comment": "unbound-control is installed",
"Name": "unbound-control"
}
]
}

23
oval/c10f1/ALT-PU-2024-15496/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415496001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.20.1-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.20.1-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/c10f1/ALT-PU-2024-15496/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415496001",
"Version": "1",
"Check": "all",
"Comment": "libunbound is earlier than 0:1.20.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415496001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415496001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415496002",
"Version": "1",
"Check": "all",
"Comment": "libunbound-devel is earlier than 0:1.20.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415496002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415496001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415496003",
"Version": "1",
"Check": "all",
"Comment": "unbound is earlier than 0:1.20.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415496003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415496001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415496004",
"Version": "1",
"Check": "all",
"Comment": "unbound-control is earlier than 0:1.20.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415496004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415496001"
}
}
]
}

117
oval/c10f1/ALT-PU-2024-6670/definitions.json
View File

@ -24,6 +24,26 @@
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-6670",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-07676",
"RefURL": "https://bdu.fstec.ru/vul/2024-07676",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07677",
"RefURL": "https://bdu.fstec.ru/vul/2024-07677",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07679",
"RefURL": "https://bdu.fstec.ru/vul/2024-07679",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07680",
"RefURL": "https://bdu.fstec.ru/vul/2024-07680",
"Source": "BDU"
},
{
"RefID": "CVE-2024-1874",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-1874",
@ -38,20 +58,77 @@
"RefID": "CVE-2024-3096",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3096",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8925",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8925",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8926",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8926",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8927",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8927",
"Source": "CVE"
},
{
"RefID": "CVE-2024-9026",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-9026",
"Source": "CVE"
}
],
"Description": "This update upgrades php8.1 to version 8.1.28-alt1. \nSecurity Fix(es):\n\n * CVE-2024-1874: In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell. \n\n\n\n * CVE-2024-2756: Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. \n\n\n * CVE-2024-3096: In PHP  version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\\x00), testing a blank string as the password via password_verify() will incorrectly return true.\n\n",
"Description": "This update upgrades php8.1 to version 8.1.28-alt1. \nSecurity Fix(es):\n\n * BDU:2024-07676: Уязвимость интерпретатора языка программирования PHP, связанная с недостаточной проверкой входных данных, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-07677: Уязвимость интерпретатора языка программирования PHP, существующая из-за непринятия мер по нейтрализации специальных элементов, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-07679: Уязвимость сценария cgi.force_redirect интерпретатора языка программирования PHP, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2024-07680: Уязвимость интерпретатора языка программирования PHP, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * CVE-2024-1874: In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell. \n\n\n\n * CVE-2024-2756: Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. \n\n\n * CVE-2024-3096: In PHP  version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\\x00), testing a blank string as the password via password_verify() will incorrectly return true.\n\n\n\n * CVE-2024-8925: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.\n\n * CVE-2024-8926: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.\n\n * CVE-2024-8927: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.\n\n * CVE-2024-9026: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-04-16"
},
"Updated": {
"Date": "2024-04-16"
"Date": "2024-11-14"
},
"BDUs": null,
"BDUs": [
{
"ID": "BDU:2024-07676",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2024-07676",
"Impact": "Critical",
"Public": "20240929"
},
{
"ID": "BDU:2024-07677",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-78",
"Href": "https://bdu.fstec.ru/vul/2024-07677",
"Impact": "Critical",
"Public": "20240929"
},
{
"ID": "BDU:2024-07679",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-254",
"Href": "https://bdu.fstec.ru/vul/2024-07679",
"Impact": "Critical",
"Public": "20240929"
},
{
"ID": "BDU:2024-07680",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-778",
"Href": "https://bdu.fstec.ru/vul/2024-07680",
"Impact": "Critical",
"Public": "20240929"
}
],
"CVEs": [
{
"ID": "CVE-2024-1874",
@ -70,6 +147,38 @@
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3096",
"Impact": "None",
"Public": "20240429"
},
{
"ID": "CVE-2024-8925",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8925",
"Impact": "Low",
"Public": "20241008"
},
{
"ID": "CVE-2024-8926",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-78",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8926",
"Impact": "High",
"Public": "20241008"
},
{
"ID": "CVE-2024-8927",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8927",
"Impact": "High",
"Public": "20241008"
},
{
"ID": "CVE-2024-9026",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-9026",
"Impact": "Low",
"Public": "20241008"
}
],
"AffectedCPEs": {

112
oval/c9f2/ALT-PU-2019-1959/definitions.json
View File

File diff suppressed because one or more lines are too long

114
oval/c9f2/ALT-PU-2021-3079/definitions.json
View File

File diff suppressed because one or more lines are too long

114
oval/c9f2/ALT-PU-2023-1275/definitions.json
View File

@ -34,6 +34,26 @@
"RefURL": "https://bdu.fstec.ru/vul/2023-02264",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07676",
"RefURL": "https://bdu.fstec.ru/vul/2024-07676",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07677",
"RefURL": "https://bdu.fstec.ru/vul/2024-07677",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07679",
"RefURL": "https://bdu.fstec.ru/vul/2024-07679",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07680",
"RefURL": "https://bdu.fstec.ru/vul/2024-07680",
"Source": "BDU"
},
{
"RefID": "CVE-2023-0567",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-0567",
@ -48,18 +68,38 @@
"RefID": "CVE-2023-0662",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-0662",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8925",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8925",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8926",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8926",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8927",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8927",
"Source": "CVE"
},
{
"RefID": "CVE-2024-9026",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-9026",
"Source": "CVE"
}
],
"Description": "This update upgrades php8.1 to version 8.1.16-alt1. \nSecurity Fix(es):\n\n * BDU:2023-02263: Уязвимость интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-02264: Уязвимость интерпретатора языка программирования PHP, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность\n\n * CVE-2023-0567: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. \n\n\n\n * CVE-2023-0568: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. \n\n * CVE-2023-0662: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. ",
"Description": "This update upgrades php8.1 to version 8.1.16-alt1. \nSecurity Fix(es):\n\n * BDU:2023-02263: Уязвимость интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-02264: Уязвимость интерпретатора языка программирования PHP, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность\n\n * BDU:2024-07676: Уязвимость интерпретатора языка программирования PHP, связанная с недостаточной проверкой входных данных, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-07677: Уязвимость интерпретатора языка программирования PHP, существующая из-за непринятия мер по нейтрализации специальных элементов, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-07679: Уязвимость сценария cgi.force_redirect интерпретатора языка программирования PHP, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2024-07680: Уязвимость интерпретатора языка программирования PHP, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * CVE-2023-0567: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. \n\n\n\n * CVE-2023-0568: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. \n\n * CVE-2023-0662: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. \n\n * CVE-2024-8925: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.\n\n * CVE-2024-8926: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.\n\n * CVE-2024-8927: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.\n\n * CVE-2024-9026: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-02-17"
},
"Updated": {
"Date": "2023-02-17"
"Date": "2024-11-14"
},
"BDUs": [
{
@ -79,6 +119,42 @@
"Href": "https://bdu.fstec.ru/vul/2023-02264",
"Impact": "High",
"Public": "20230216"
},
{
"ID": "BDU:2024-07676",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2024-07676",
"Impact": "Critical",
"Public": "20240929"
},
{
"ID": "BDU:2024-07677",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-78",
"Href": "https://bdu.fstec.ru/vul/2024-07677",
"Impact": "Critical",
"Public": "20240929"
},
{
"ID": "BDU:2024-07679",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-254",
"Href": "https://bdu.fstec.ru/vul/2024-07679",
"Impact": "Critical",
"Public": "20240929"
},
{
"ID": "BDU:2024-07680",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-778",
"Href": "https://bdu.fstec.ru/vul/2024-07680",
"Impact": "Critical",
"Public": "20240929"
}
],
"CVEs": [
@ -105,6 +181,38 @@
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-0662",
"Impact": "High",
"Public": "20230216"
},
{
"ID": "CVE-2024-8925",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8925",
"Impact": "Low",
"Public": "20241008"
},
{
"ID": "CVE-2024-8926",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-78",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8926",
"Impact": "High",
"Public": "20241008"
},
{
"ID": "CVE-2024-8927",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8927",
"Impact": "High",
"Public": "20241008"
},
{
"ID": "CVE-2024-9026",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-9026",
"Impact": "Low",
"Public": "20241008"
}
],
"AffectedCPEs": {

10
oval/c9f2/ALT-PU-2023-6995/definitions.json
View File

@ -30,7 +30,7 @@
"Source": "CVE"
}
],
"Description": "This update upgrades salt to version 3005.4-alt0.c9.1. \nSecurity Fix(es):\n\n * CVE-2023-34049: description unavailable",
"Description": "This update upgrades salt to version 3005.4-alt0.c9.1. \nSecurity Fix(es):\n\n * CVE-2023-34049: The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
@ -42,6 +42,14 @@
"Date": "2023-12-04"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2023-34049",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34049",
"Impact": "None",
"Public": "20241114"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",

112
oval/p10/ALT-PU-2021-2943/definitions.json
View File

File diff suppressed because one or more lines are too long

10
oval/p10/ALT-PU-2023-8079/definitions.json
View File

@ -35,7 +35,7 @@
"Source": "CVE"
}
],
"Description": "This update upgrades salt to version 3006.4-alt0.p10.1. \nSecurity Fix(es):\n\n * CVE-2023-34049: description unavailable",
"Description": "This update upgrades salt to version 3006.4-alt0.p10.1. \nSecurity Fix(es):\n\n * CVE-2023-34049: The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
@ -47,6 +47,14 @@
"Date": "2024-01-29"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2023-34049",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34049",
"Impact": "None",
"Public": "20241114"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",

194
oval/p10/ALT-PU-2023-8445/definitions.json Normal file
View File

@ -0,0 +1,194 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20238445",
"Version": "oval:org.altlinux.errata:def:20238445",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-8445: package `php8.2` update to version 8.2.3-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-8445",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-8445",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-02263",
"RefURL": "https://bdu.fstec.ru/vul/2023-02263",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02264",
"RefURL": "https://bdu.fstec.ru/vul/2023-02264",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07326",
"RefURL": "https://bdu.fstec.ru/vul/2024-07326",
"Source": "BDU"
},
{
"RefID": "CVE-2023-0567",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-0567",
"Source": "CVE"
},
{
"RefID": "CVE-2023-0568",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-0568",
"Source": "CVE"
},
{
"RefID": "CVE-2023-0662",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-0662",
"Source": "CVE"
}
],
"Description": "This update upgrades php8.2 to version 8.2.3-alt1. \nSecurity Fix(es):\n\n * BDU:2023-02263: Уязвимость интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-02264: Уязвимость интерпретатора языка программирования PHP, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность\n\n * BDU:2024-07326: Уязвимость функции верификации пароля языка программирования PHP, связанная с недостаточным вычислением хеша пароля, позволяющая нарушителю оказать воздействие на целостность данных\n\n * CVE-2023-0567: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. \n\n\n\n * CVE-2023-0568: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. \n\n * CVE-2023-0662: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. ",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-14"
},
"Updated": {
"Date": "2024-11-14"
},
"BDUs": [
{
"ID": "BDU:2023-02263",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2023-02263",
"Impact": "High",
"Public": "20230216"
},
{
"ID": "BDU:2023-02264",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-131, CWE-770",
"Href": "https://bdu.fstec.ru/vul/2023-02264",
"Impact": "High",
"Public": "20230216"
},
{
"ID": "BDU:2024-07326",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-916",
"Href": "https://bdu.fstec.ru/vul/2024-07326",
"Impact": "Low",
"Public": "20230105"
}
],
"CVEs": [
{
"ID": "CVE-2023-0567",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-916",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-0567",
"Impact": "Low",
"Public": "20230301"
},
{
"ID": "CVE-2023-0568",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-0568",
"Impact": "High",
"Public": "20230216"
},
{
"ID": "CVE-2023-0662",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-0662",
"Impact": "High",
"Public": "20230216"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20238445001",
"Comment": "php8.2 is earlier than 0:8.2.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20238445002",
"Comment": "php8.2-devel is earlier than 0:8.2.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20238445003",
"Comment": "php8.2-libs is earlier than 0:8.2.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20238445004",
"Comment": "php8.2-mysqlnd is earlier than 0:8.2.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20238445005",
"Comment": "rpm-build-php8.2-version is earlier than 0:8.2.3-alt1"
}
]
}
]
}
}
]
}

58
oval/p10/ALT-PU-2023-8445/objects.json Normal file
View File

@ -0,0 +1,58 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20238445001",
"Version": "1",
"Comment": "php8.2 is installed",
"Name": "php8.2"
},
{
"ID": "oval:org.altlinux.errata:obj:20238445002",
"Version": "1",
"Comment": "php8.2-devel is installed",
"Name": "php8.2-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20238445003",
"Version": "1",
"Comment": "php8.2-libs is installed",
"Name": "php8.2-libs"
},
{
"ID": "oval:org.altlinux.errata:obj:20238445004",
"Version": "1",
"Comment": "php8.2-mysqlnd is installed",
"Name": "php8.2-mysqlnd"
},
{
"ID": "oval:org.altlinux.errata:obj:20238445005",
"Version": "1",
"Comment": "rpm-build-php8.2-version is installed",
"Name": "rpm-build-php8.2-version"
}
]
}

23
oval/p10/ALT-PU-2023-8445/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20238445001",
"Version": "1",
"Comment": "package EVR is earlier than 0:8.2.3-alt1",
"Arch": {},
"EVR": {
"Text": "0:8.2.3-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

78
oval/p10/ALT-PU-2023-8445/tests.json Normal file
View File

@ -0,0 +1,78 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20238445001",
"Version": "1",
"Check": "all",
"Comment": "php8.2 is earlier than 0:8.2.3-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20238445001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20238445001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20238445002",
"Version": "1",
"Check": "all",
"Comment": "php8.2-devel is earlier than 0:8.2.3-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20238445002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20238445001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20238445003",
"Version": "1",
"Check": "all",
"Comment": "php8.2-libs is earlier than 0:8.2.3-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20238445003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20238445001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20238445004",
"Version": "1",
"Check": "all",
"Comment": "php8.2-mysqlnd is earlier than 0:8.2.3-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20238445004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20238445001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20238445005",
"Version": "1",
"Check": "all",
"Comment": "rpm-build-php8.2-version is earlier than 0:8.2.3-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20238445005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20238445001"
}
}
]
}

192
oval/p10/ALT-PU-2024-14505/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

100
oval/p10/ALT-PU-2024-14505/objects.json Normal file
View File

@ -0,0 +1,100 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414505001",
"Version": "1",
"Comment": "kernel-doc-std is installed",
"Name": "kernel-doc-std"
},
{
"ID": "oval:org.altlinux.errata:obj:202414505002",
"Version": "1",
"Comment": "kernel-headers-modules-std-def is installed",
"Name": "kernel-headers-modules-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202414505003",
"Version": "1",
"Comment": "kernel-headers-std-def is installed",
"Name": "kernel-headers-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202414505004",
"Version": "1",
"Comment": "kernel-image-domU-std-def is installed",
"Name": "kernel-image-domU-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202414505005",
"Version": "1",
"Comment": "kernel-image-std-def is installed",
"Name": "kernel-image-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202414505006",
"Version": "1",
"Comment": "kernel-image-std-def-checkinstall is installed",
"Name": "kernel-image-std-def-checkinstall"
},
{
"ID": "oval:org.altlinux.errata:obj:202414505007",
"Version": "1",
"Comment": "kernel-modules-drm-ancient-std-def is installed",
"Name": "kernel-modules-drm-ancient-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202414505008",
"Version": "1",
"Comment": "kernel-modules-drm-nouveau-std-def is installed",
"Name": "kernel-modules-drm-nouveau-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202414505009",
"Version": "1",
"Comment": "kernel-modules-drm-std-def is installed",
"Name": "kernel-modules-drm-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202414505010",
"Version": "1",
"Comment": "kernel-modules-ide-std-def is installed",
"Name": "kernel-modules-ide-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202414505011",
"Version": "1",
"Comment": "kernel-modules-midgard-be-m1000-std-def is installed",
"Name": "kernel-modules-midgard-be-m1000-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202414505012",
"Version": "1",
"Comment": "kernel-modules-staging-std-def is installed",
"Name": "kernel-modules-staging-std-def"
}
]
}

23
oval/p10/ALT-PU-2024-14505/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414505001",
"Version": "1",
"Comment": "package EVR is earlier than 2:5.10.228-alt1",
"Arch": {},
"EVR": {
"Text": "2:5.10.228-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

162
oval/p10/ALT-PU-2024-14505/tests.json Normal file
View File

@ -0,0 +1,162 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414505001",
"Version": "1",
"Check": "all",
"Comment": "kernel-doc-std is earlier than 2:5.10.228-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414505001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414505001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414505002",
"Version": "1",
"Check": "all",
"Comment": "kernel-headers-modules-std-def is earlier than 2:5.10.228-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414505002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414505001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414505003",
"Version": "1",
"Check": "all",
"Comment": "kernel-headers-std-def is earlier than 2:5.10.228-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414505003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414505001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414505004",
"Version": "1",
"Check": "all",
"Comment": "kernel-image-domU-std-def is earlier than 2:5.10.228-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414505004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414505001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414505005",
"Version": "1",
"Check": "all",
"Comment": "kernel-image-std-def is earlier than 2:5.10.228-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414505005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414505001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414505006",
"Version": "1",
"Check": "all",
"Comment": "kernel-image-std-def-checkinstall is earlier than 2:5.10.228-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414505006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414505001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414505007",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.10.228-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414505007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414505001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414505008",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.10.228-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414505008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414505001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414505009",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-drm-std-def is earlier than 2:5.10.228-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414505009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414505001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414505010",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-ide-std-def is earlier than 2:5.10.228-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414505010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414505001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414505011",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-midgard-be-m1000-std-def is earlier than 2:5.10.228-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414505011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414505001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414505012",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-staging-std-def is earlier than 2:5.10.228-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414505012"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414505001"
}
}
]
}

106
oval/p10/ALT-PU-2024-14821/definitions.json Normal file
View File

@ -0,0 +1,106 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414821",
"Version": "oval:org.altlinux.errata:def:202414821",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14821: package `docs-simply-linux` update to version 10.4-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14821",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14821",
"Source": "ALTPU"
}
],
"Description": "This update upgrades docs-simply-linux to version 10.4-alt1. \nSecurity Fix(es):\n\n * #48281: Документация docs-simply-linux, п.4.2.2. В операционной системе Linux: убрать двоеточие перед blkid\n\n * #48282: Документация docs-simply-linux, п.4.2.2. В операционной системе Linux: поправки по извлечению съемных носителей",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-13"
},
"Updated": {
"Date": "2024-11-13"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "48281",
"Href": "https://bugzilla.altlinux.org/48281",
"Data": "Документация docs-simply-linux, п.4.2.2. В операционной системе Linux: убрать двоеточие перед blkid"
},
{
"ID": "48282",
"Href": "https://bugzilla.altlinux.org/48282",
"Data": "Документация docs-simply-linux, п.4.2.2. В операционной системе Linux: поправки по извлечению съемных носителей"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414821001",
"Comment": "docs-simply-linux is earlier than 0:10.4-alt1"
}
]
}
]
}
}
]
}

34
oval/p10/ALT-PU-2024-14821/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414821001",
"Version": "1",
"Comment": "docs-simply-linux is installed",
"Name": "docs-simply-linux"
}
]
}

23
oval/p10/ALT-PU-2024-14821/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414821001",
"Version": "1",
"Comment": "package EVR is earlier than 0:10.4-alt1",
"Arch": {},
"EVR": {
"Text": "0:10.4-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p10/ALT-PU-2024-14821/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414821001",
"Version": "1",
"Check": "all",
"Comment": "docs-simply-linux is earlier than 0:10.4-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414821001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414821001"
}
}
]
}

111
oval/p10/ALT-PU-2024-14984/definitions.json Normal file
View File

@ -0,0 +1,111 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414984",
"Version": "oval:org.altlinux.errata:def:202414984",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14984: package `docs-alt-kworkstation` update to version 10.4-alt4",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14984",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14984",
"Source": "ALTPU"
}
],
"Description": "This update upgrades docs-alt-kworkstation to version 10.4-alt4. \nSecurity Fix(es):\n\n * #51823: Документация docs-alt-kworkstation, 70.3. Предустановки: добавить пробел для разделения слов\n\n * #51825: Документация docs-alt-kworkstation, 71.3. Добавление/удаление правил: добавить запятую\n\n * #51826: Документация docs-alt-kworkstation, 70.2. Список USB-устройств: изменить на \"Сканировать устройства\"",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-13"
},
"Updated": {
"Date": "2024-11-13"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "51823",
"Href": "https://bugzilla.altlinux.org/51823",
"Data": "Документация docs-alt-kworkstation, 70.3. Предустановки: добавить пробел для разделения слов"
},
{
"ID": "51825",
"Href": "https://bugzilla.altlinux.org/51825",
"Data": "Документация docs-alt-kworkstation, 71.3. Добавление/удаление правил: добавить запятую"
},
{
"ID": "51826",
"Href": "https://bugzilla.altlinux.org/51826",
"Data": "Документация docs-alt-kworkstation, 70.2. Список USB-устройств: изменить на \"Сканировать устройства\""
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414984001",
"Comment": "docs-alt-kworkstation is earlier than 0:10.4-alt4"
}
]
}
]
}
}
]
}

34
oval/p10/ALT-PU-2024-14984/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414984001",
"Version": "1",
"Comment": "docs-alt-kworkstation is installed",
"Name": "docs-alt-kworkstation"
}
]
}

23
oval/p10/ALT-PU-2024-14984/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414984001",
"Version": "1",
"Comment": "package EVR is earlier than 0:10.4-alt4",
"Arch": {},
"EVR": {
"Text": "0:10.4-alt4",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p10/ALT-PU-2024-14984/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414984001",
"Version": "1",
"Check": "all",
"Comment": "docs-alt-kworkstation is earlier than 0:10.4-alt4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414984001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414984001"
}
}
]
}

731
oval/p10/ALT-PU-2024-15041/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

34
oval/p10/ALT-PU-2024-15041/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415041001",
"Version": "1",
"Comment": "yandex-browser-stable is installed",
"Name": "yandex-browser-stable"
}
]
}

23
oval/p10/ALT-PU-2024-15041/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415041001",
"Version": "1",
"Comment": "package EVR is earlier than 0:24.7.6.1018-alt1",
"Arch": {},
"EVR": {
"Text": "0:24.7.6.1018-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p10/ALT-PU-2024-15041/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415041001",
"Version": "1",
"Check": "all",
"Comment": "yandex-browser-stable is earlier than 0:24.7.6.1018-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415041001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415041001"
}
}
]
}

101
oval/p10/ALT-PU-2024-15053/definitions.json Normal file
View File

@ -0,0 +1,101 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415053",
"Version": "oval:org.altlinux.errata:def:202415053",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15053: package `lxqt-config` update to version 1.4.0-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15053",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15053",
"Source": "ALTPU"
}
],
"Description": "This update upgrades lxqt-config to version 1.4.0-alt2. \nSecurity Fix(es):\n\n * #51891: Окно настроек монитора lxqt не открывается",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-13"
},
"Updated": {
"Date": "2024-11-13"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "51891",
"Href": "https://bugzilla.altlinux.org/51891",
"Data": "Окно настроек монитора lxqt не открывается"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415053001",
"Comment": "lxqt-config is earlier than 0:1.4.0-alt2"
}
]
}
]
}
}
]
}

34
oval/p10/ALT-PU-2024-15053/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415053001",
"Version": "1",
"Comment": "lxqt-config is installed",
"Name": "lxqt-config"
}
]
}

23
oval/p10/ALT-PU-2024-15053/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415053001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.4.0-alt2",
"Arch": {},
"EVR": {
"Text": "0:1.4.0-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p10/ALT-PU-2024-15053/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415053001",
"Version": "1",
"Check": "all",
"Comment": "lxqt-config is earlier than 0:1.4.0-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415053001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415053001"
}
}
]
}

114
oval/p10/ALT-PU-2024-15140/definitions.json Normal file
View File

@ -0,0 +1,114 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415140",
"Version": "oval:org.altlinux.errata:def:202415140",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15140: package `python-module-lxml` update to version 4.6.3.0.16.git5ecb40bc-alt1.p10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15140",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15140",
"Source": "ALTPU"
},
{
"RefID": "CVE-2022-2309",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2309",
"Source": "CVE"
}
],
"Description": "This update upgrades python-module-lxml to version 4.6.3.0.16.git5ecb40bc-alt1.p10.1. \nSecurity Fix(es):\n\n * CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-13"
},
"Updated": {
"Date": "2024-11-13"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2022-2309",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2309",
"Impact": "High",
"Public": "20220705"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415140001",
"Comment": "python-module-lxml is earlier than 0:4.6.3.0.16.git5ecb40bc-alt1.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415140002",
"Comment": "python-module-lxml-doc is earlier than 0:4.6.3.0.16.git5ecb40bc-alt1.p10.1"
}
]
}
]
}
}
]
}

40
oval/p10/ALT-PU-2024-15140/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415140001",
"Version": "1",
"Comment": "python-module-lxml is installed",
"Name": "python-module-lxml"
},
{
"ID": "oval:org.altlinux.errata:obj:202415140002",
"Version": "1",
"Comment": "python-module-lxml-doc is installed",
"Name": "python-module-lxml-doc"
}
]
}

23
oval/p10/ALT-PU-2024-15140/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415140001",
"Version": "1",
"Comment": "package EVR is earlier than 0:4.6.3.0.16.git5ecb40bc-alt1.p10.1",
"Arch": {},
"EVR": {
"Text": "0:4.6.3.0.16.git5ecb40bc-alt1.p10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/p10/ALT-PU-2024-15140/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415140001",
"Version": "1",
"Check": "all",
"Comment": "python-module-lxml is earlier than 0:4.6.3.0.16.git5ecb40bc-alt1.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415140001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415140001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415140002",
"Version": "1",
"Check": "all",
"Comment": "python-module-lxml-doc is earlier than 0:4.6.3.0.16.git5ecb40bc-alt1.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415140002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415140001"
}
}
]
}

112
oval/p9/ALT-PU-2019-1959/definitions.json
View File

File diff suppressed because one or more lines are too long

170
oval/p9/ALT-PU-2024-15467/definitions.json Normal file
View File

@ -0,0 +1,170 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415467",
"Version": "oval:org.altlinux.errata:def:202415467",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15467: package `kernel-image-std-def` update to version 5.4.285-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15467",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15467",
"Source": "ALTPU"
},
{
"RefID": "CVE-2024-50116",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50116",
"Source": "CVE"
},
{
"RefID": "CVE-2024-50117",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50117",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-std-def to version 5.4.285-alt1. \nSecurity Fix(es):\n\n * CVE-2024-50116: In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug due to missing clearing of buffer delay flag\n\nSyzbot reported that after nilfs2 reads a corrupted file system image\nand degrades to read-only, the BUG_ON check for the buffer delay flag\nin submit_bh_wbc() may fail, causing a kernel bug.\n\nThis is because the buffer delay flag is not cleared when clearing the\nbuffer state flags to discard a page/folio or a buffer head. So, fix\nthis.\n\nThis became necessary when the use of nilfs2's own page clear routine\nwas expanded. This state inconsistency does not occur if the buffer\nis written normally by log writing.\n\n * CVE-2024-50117: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Guard against bad data for ATIF ACPI method\n\nIf a BIOS provides bad data in response to an ATIF method call\nthis causes a NULL pointer dereference in the caller.\n\n```\n? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1))\n? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434)\n? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2))\n? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminator 1) arch/x86/mm/fault.c:1232 (discriminator 1))\n? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642)\n? exc_page_fault (arch/x86/mm/fault.c:1542)\n? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623)\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminator 2)) amdgpu\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminator 1)) amdgpu\n```\n\nIt has been encountered on at least one system, so guard for it.\n\n(cherry picked from commit c9b7c809b89f24e9372a4e7f02d64c950b07fdee)",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-13"
},
"Updated": {
"Date": "2024-11-13"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2024-50116",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50116",
"Impact": "Low",
"Public": "20241105"
},
{
"ID": "CVE-2024-50117",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50117",
"Impact": "Low",
"Public": "20241105"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415467001",
"Comment": "kernel-doc-std is earlier than 2:5.4.285-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415467002",
"Comment": "kernel-headers-modules-std-def is earlier than 2:5.4.285-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415467003",
"Comment": "kernel-headers-std-def is earlier than 2:5.4.285-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415467004",
"Comment": "kernel-image-domU-std-def is earlier than 2:5.4.285-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415467005",
"Comment": "kernel-image-std-def is earlier than 2:5.4.285-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415467006",
"Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.4.285-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415467007",
"Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.4.285-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415467008",
"Comment": "kernel-modules-drm-radeon-std-def is earlier than 2:5.4.285-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415467009",
"Comment": "kernel-modules-drm-std-def is earlier than 2:5.4.285-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415467010",
"Comment": "kernel-modules-ide-std-def is earlier than 2:5.4.285-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415467011",
"Comment": "kernel-modules-midgard-be-m1000-std-def is earlier than 2:5.4.285-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415467012",
"Comment": "kernel-modules-staging-std-def is earlier than 2:5.4.285-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415467013",
"Comment": "kernel-modules-v4l-std-def is earlier than 2:5.4.285-alt1"
}
]
}
]
}
}
]
}

106
oval/p9/ALT-PU-2024-15467/objects.json Normal file
View File

@ -0,0 +1,106 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:1001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415467001",
"Version": "1",
"Comment": "kernel-doc-std is installed",
"Name": "kernel-doc-std"
},
{
"ID": "oval:org.altlinux.errata:obj:202415467002",
"Version": "1",
"Comment": "kernel-headers-modules-std-def is installed",
"Name": "kernel-headers-modules-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415467003",
"Version": "1",
"Comment": "kernel-headers-std-def is installed",
"Name": "kernel-headers-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415467004",
"Version": "1",
"Comment": "kernel-image-domU-std-def is installed",
"Name": "kernel-image-domU-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415467005",
"Version": "1",
"Comment": "kernel-image-std-def is installed",
"Name": "kernel-image-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415467006",
"Version": "1",
"Comment": "kernel-modules-drm-ancient-std-def is installed",
"Name": "kernel-modules-drm-ancient-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415467007",
"Version": "1",
"Comment": "kernel-modules-drm-nouveau-std-def is installed",
"Name": "kernel-modules-drm-nouveau-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415467008",
"Version": "1",
"Comment": "kernel-modules-drm-radeon-std-def is installed",
"Name": "kernel-modules-drm-radeon-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415467009",
"Version": "1",
"Comment": "kernel-modules-drm-std-def is installed",
"Name": "kernel-modules-drm-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415467010",
"Version": "1",
"Comment": "kernel-modules-ide-std-def is installed",
"Name": "kernel-modules-ide-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415467011",
"Version": "1",
"Comment": "kernel-modules-midgard-be-m1000-std-def is installed",
"Name": "kernel-modules-midgard-be-m1000-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415467012",
"Version": "1",
"Comment": "kernel-modules-staging-std-def is installed",
"Name": "kernel-modules-staging-std-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415467013",
"Version": "1",
"Comment": "kernel-modules-v4l-std-def is installed",
"Name": "kernel-modules-v4l-std-def"
}
]
}

23
oval/p9/ALT-PU-2024-15467/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:1001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415467001",
"Version": "1",
"Comment": "package EVR is earlier than 2:5.4.285-alt1",
"Arch": {},
"EVR": {
"Text": "2:5.4.285-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

174
oval/p9/ALT-PU-2024-15467/tests.json Normal file
View File

@ -0,0 +1,174 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:1001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p9' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:1001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:1001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415467001",
"Version": "1",
"Check": "all",
"Comment": "kernel-doc-std is earlier than 2:5.4.285-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415467001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415467001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415467002",
"Version": "1",
"Check": "all",
"Comment": "kernel-headers-modules-std-def is earlier than 2:5.4.285-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415467002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415467001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415467003",
"Version": "1",
"Check": "all",
"Comment": "kernel-headers-std-def is earlier than 2:5.4.285-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415467003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415467001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415467004",
"Version": "1",
"Check": "all",
"Comment": "kernel-image-domU-std-def is earlier than 2:5.4.285-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415467004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415467001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415467005",
"Version": "1",
"Check": "all",
"Comment": "kernel-image-std-def is earlier than 2:5.4.285-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415467005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415467001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415467006",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.4.285-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415467006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415467001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415467007",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.4.285-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415467007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415467001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415467008",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-drm-radeon-std-def is earlier than 2:5.4.285-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415467008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415467001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415467009",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-drm-std-def is earlier than 2:5.4.285-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415467009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415467001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415467010",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-ide-std-def is earlier than 2:5.4.285-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415467010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415467001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415467011",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-midgard-be-m1000-std-def is earlier than 2:5.4.285-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415467011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415467001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415467012",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-staging-std-def is earlier than 2:5.4.285-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415467012"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415467001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415467013",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-v4l-std-def is earlier than 2:5.4.285-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415467013"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415467001"
}
}
]
}

171
oval/p9/ALT-PU-2024-15473/definitions.json Normal file
View File

@ -0,0 +1,171 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415473",
"Version": "oval:org.altlinux.errata:def:202415473",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15473: package `kernel-image-un-def` update to version 5.10.229-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15473",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15473",
"Source": "ALTPU"
},
{
"RefID": "CVE-2024-50115",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50115",
"Source": "CVE"
},
{
"RefID": "CVE-2024-50116",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50116",
"Source": "CVE"
},
{
"RefID": "CVE-2024-50117",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50117",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-un-def to version 5.10.229-alt1. \nSecurity Fix(es):\n\n * CVE-2024-50115: In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn't using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM's much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it's only the nSVM flow\nthat is broken.\n\n * CVE-2024-50116: In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug due to missing clearing of buffer delay flag\n\nSyzbot reported that after nilfs2 reads a corrupted file system image\nand degrades to read-only, the BUG_ON check for the buffer delay flag\nin submit_bh_wbc() may fail, causing a kernel bug.\n\nThis is because the buffer delay flag is not cleared when clearing the\nbuffer state flags to discard a page/folio or a buffer head. So, fix\nthis.\n\nThis became necessary when the use of nilfs2's own page clear routine\nwas expanded. This state inconsistency does not occur if the buffer\nis written normally by log writing.\n\n * CVE-2024-50117: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Guard against bad data for ATIF ACPI method\n\nIf a BIOS provides bad data in response to an ATIF method call\nthis causes a NULL pointer dereference in the caller.\n\n```\n? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1))\n? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434)\n? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2))\n? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminator 1) arch/x86/mm/fault.c:1232 (discriminator 1))\n? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642)\n? exc_page_fault (arch/x86/mm/fault.c:1542)\n? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623)\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminator 2)) amdgpu\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminator 1)) amdgpu\n```\n\nIt has been encountered on at least one system, so guard for it.\n\n(cherry picked from commit c9b7c809b89f24e9372a4e7f02d64c950b07fdee)",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-13"
},
"Updated": {
"Date": "2024-11-13"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2024-50115",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50115",
"Impact": "High",
"Public": "20241105"
},
{
"ID": "CVE-2024-50116",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50116",
"Impact": "Low",
"Public": "20241105"
},
{
"ID": "CVE-2024-50117",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50117",
"Impact": "Low",
"Public": "20241105"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415473001",
"Comment": "kernel-doc-un is earlier than 1:5.10.229-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415473002",
"Comment": "kernel-headers-modules-un-def is earlier than 1:5.10.229-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415473003",
"Comment": "kernel-headers-un-def is earlier than 1:5.10.229-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415473004",
"Comment": "kernel-image-domU-un-def is earlier than 1:5.10.229-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415473005",
"Comment": "kernel-image-un-def is earlier than 1:5.10.229-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415473006",
"Comment": "kernel-modules-drm-ancient-un-def is earlier than 1:5.10.229-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415473007",
"Comment": "kernel-modules-drm-nouveau-un-def is earlier than 1:5.10.229-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415473008",
"Comment": "kernel-modules-drm-un-def is earlier than 1:5.10.229-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415473009",
"Comment": "kernel-modules-ide-un-def is earlier than 1:5.10.229-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415473010",
"Comment": "kernel-modules-staging-un-def is earlier than 1:5.10.229-alt1"
}
]
}
]
}
}
]
}

88
oval/p9/ALT-PU-2024-15473/objects.json Normal file
View File

@ -0,0 +1,88 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:1001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415473001",
"Version": "1",
"Comment": "kernel-doc-un is installed",
"Name": "kernel-doc-un"
},
{
"ID": "oval:org.altlinux.errata:obj:202415473002",
"Version": "1",
"Comment": "kernel-headers-modules-un-def is installed",
"Name": "kernel-headers-modules-un-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415473003",
"Version": "1",
"Comment": "kernel-headers-un-def is installed",
"Name": "kernel-headers-un-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415473004",
"Version": "1",
"Comment": "kernel-image-domU-un-def is installed",
"Name": "kernel-image-domU-un-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415473005",
"Version": "1",
"Comment": "kernel-image-un-def is installed",
"Name": "kernel-image-un-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415473006",
"Version": "1",
"Comment": "kernel-modules-drm-ancient-un-def is installed",
"Name": "kernel-modules-drm-ancient-un-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415473007",
"Version": "1",
"Comment": "kernel-modules-drm-nouveau-un-def is installed",
"Name": "kernel-modules-drm-nouveau-un-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415473008",
"Version": "1",
"Comment": "kernel-modules-drm-un-def is installed",
"Name": "kernel-modules-drm-un-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415473009",
"Version": "1",
"Comment": "kernel-modules-ide-un-def is installed",
"Name": "kernel-modules-ide-un-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202415473010",
"Version": "1",
"Comment": "kernel-modules-staging-un-def is installed",
"Name": "kernel-modules-staging-un-def"
}
]
}

23
oval/p9/ALT-PU-2024-15473/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:1001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415473001",
"Version": "1",
"Comment": "package EVR is earlier than 1:5.10.229-alt1",
"Arch": {},
"EVR": {
"Text": "1:5.10.229-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

138
oval/p9/ALT-PU-2024-15473/tests.json Normal file
View File

@ -0,0 +1,138 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:1001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p9' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:1001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:1001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415473001",
"Version": "1",
"Check": "all",
"Comment": "kernel-doc-un is earlier than 1:5.10.229-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415473001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415473001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415473002",
"Version": "1",
"Check": "all",
"Comment": "kernel-headers-modules-un-def is earlier than 1:5.10.229-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415473002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415473001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415473003",
"Version": "1",
"Check": "all",
"Comment": "kernel-headers-un-def is earlier than 1:5.10.229-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415473003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415473001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415473004",
"Version": "1",
"Check": "all",
"Comment": "kernel-image-domU-un-def is earlier than 1:5.10.229-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415473004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415473001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415473005",
"Version": "1",
"Check": "all",
"Comment": "kernel-image-un-def is earlier than 1:5.10.229-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415473005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415473001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415473006",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-drm-ancient-un-def is earlier than 1:5.10.229-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415473006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415473001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415473007",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-drm-nouveau-un-def is earlier than 1:5.10.229-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415473007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415473001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415473008",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-drm-un-def is earlier than 1:5.10.229-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415473008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415473001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415473009",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-ide-un-def is earlier than 1:5.10.229-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415473009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415473001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415473010",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-staging-un-def is earlier than 1:5.10.229-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415473010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415473001"
}
}
]
}