pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-12-09 15:05:16 +00:00
parent 33fa11427f
commit 4c262203ed
20 changed files with 1468 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
oval/c10f1/ALT-PU-2024-16608/definitions.json Normal file
View File

@ -0,0 +1,112 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416608",
"Version": "oval:org.altlinux.errata:def:202416608",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16608: package `wireshark` update to version 4.4.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16608",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16608",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-09109",
"RefURL": "https://bdu.fstec.ru/vul/2024-09109",
"Source": "BDU"
},
{
"RefID": "CVE-2024-9781",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-9781",
"Source": "CVE"
}
],
"Description": "This update upgrades wireshark to version 4.4.1-alt1. \nSecurity Fix(es):\n\n * BDU:2024-09109: Уязвимость диссекторов AppleTalk Dissector/RELOAD Framing Dissector анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызывать отказ в обслуживании\n\n * CVE-2024-9781: AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-08"
},
"Updated": {
"Date": "2024-12-08"
},
"BDUs": [
{
"ID": "BDU:2024-09109",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"CWE": "CWE-230",
"Href": "https://bdu.fstec.ru/vul/2024-09109",
"Impact": "Low",
"Public": "20241008"
}
],
"CVEs": [
{
"ID": "CVE-2024-9781",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-9781",
"Impact": "High",
"Public": "20241010"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416608001",
"Comment": "tshark is earlier than 0:4.4.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416608002",
"Comment": "wireshark-base is earlier than 0:4.4.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416608003",
"Comment": "wireshark-devel is earlier than 0:4.4.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416608004",
"Comment": "wireshark-qt is earlier than 0:4.4.1-alt1"
}
]
}
]
}
}
]
}

52
oval/c10f1/ALT-PU-2024-16608/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416608001",
"Version": "1",
"Comment": "tshark is installed",
"Name": "tshark"
},
{
"ID": "oval:org.altlinux.errata:obj:202416608002",
"Version": "1",
"Comment": "wireshark-base is installed",
"Name": "wireshark-base"
},
{
"ID": "oval:org.altlinux.errata:obj:202416608003",
"Version": "1",
"Comment": "wireshark-devel is installed",
"Name": "wireshark-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416608004",
"Version": "1",
"Comment": "wireshark-qt is installed",
"Name": "wireshark-qt"
}
]
}

23
oval/c10f1/ALT-PU-2024-16608/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416608001",
"Version": "1",
"Comment": "package EVR is earlier than 0:4.4.1-alt1",
"Arch": {},
"EVR": {
"Text": "0:4.4.1-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/c10f1/ALT-PU-2024-16608/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416608001",
"Version": "1",
"Check": "all",
"Comment": "tshark is earlier than 0:4.4.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416608001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416608001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416608002",
"Version": "1",
"Check": "all",
"Comment": "wireshark-base is earlier than 0:4.4.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416608002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416608001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416608003",
"Version": "1",
"Check": "all",
"Comment": "wireshark-devel is earlier than 0:4.4.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416608003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416608001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416608004",
"Version": "1",
"Check": "all",
"Comment": "wireshark-qt is earlier than 0:4.4.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416608004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416608001"
}
}
]
}

241
oval/c9f2/ALT-PU-2024-16552/definitions.json Normal file
View File

@ -0,0 +1,241 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416552",
"Version": "oval:org.altlinux.errata:def:202416552",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16552: package `nasm` update to version 2.16.03-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16552",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16552",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-02930",
"RefURL": "https://bdu.fstec.ru/vul/2019-02930",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02141",
"RefURL": "https://bdu.fstec.ru/vul/2023-02141",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05881",
"RefURL": "https://bdu.fstec.ru/vul/2023-05881",
"Source": "BDU"
},
{
"RefID": "CVE-2019-14248",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14248",
"Source": "CVE"
},
{
"RefID": "CVE-2019-20334",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-20334",
"Source": "CVE"
},
{
"RefID": "CVE-2019-6290",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-6290",
"Source": "CVE"
},
{
"RefID": "CVE-2019-6291",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-6291",
"Source": "CVE"
},
{
"RefID": "CVE-2019-8343",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-8343",
"Source": "CVE"
},
{
"RefID": "CVE-2020-18780",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-18780",
"Source": "CVE"
},
{
"RefID": "CVE-2020-21686",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21686",
"Source": "CVE"
},
{
"RefID": "CVE-2022-29654",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-29654",
"Source": "CVE"
},
{
"RefID": "CVE-2022-44370",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-44370",
"Source": "CVE"
}
],
"Description": "This update upgrades nasm to version 2.16.03-alt1. \nSecurity Fix(es):\n\n * BDU:2019-02930: Уязвимость компонента libnasm.a ассемблера Netwide Assembler (NASM), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-02141: Уязвимость функции quote_for_pmake() (asm/nasm.c) ассемблера Netwide Assembler (NASM), позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-05881: Уязвимость функции quote_for_pmake (asm/nasm.c) ассемблера ассемблера Netwide Assembler (NASM), позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2019-14248: In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when \"%pragma limit\" is mishandled.\n\n * CVE-2019-20334: In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.\n\n * CVE-2019-6290: An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.\n\n * CVE-2019-6291: An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.\n\n * CVE-2019-8343: In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.\n\n * CVE-2020-18780: A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command.\n\n * CVE-2020-21686: A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.\n\n * CVE-2022-29654: Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.\n\n * CVE-2022-44370: NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-08"
},
"Updated": {
"Date": "2024-12-08"
},
"BDUs": [
{
"ID": "BDU:2019-02930",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2019-02930",
"Impact": "Low",
"Public": "20190618"
},
{
"ID": "BDU:2023-02141",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2023-02141",
"Impact": "High",
"Public": "20230329"
},
{
"ID": "BDU:2023-05881",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-05881",
"Impact": "Low",
"Public": "20230822"
}
],
"CVEs": [
{
"ID": "CVE-2019-14248",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14248",
"Impact": "Low",
"Public": "20190724"
},
{
"ID": "CVE-2019-20334",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-20334",
"Impact": "Low",
"Public": "20200104"
},
{
"ID": "CVE-2019-6290",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-6290",
"Impact": "Low",
"Public": "20190115"
},
{
"ID": "CVE-2019-6291",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-6291",
"Impact": "Low",
"Public": "20190115"
},
{
"ID": "CVE-2019-8343",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-8343",
"Impact": "High",
"Public": "20190215"
},
{
"ID": "CVE-2020-18780",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-18780",
"Impact": "Low",
"Public": "20230822"
},
{
"ID": "CVE-2020-21686",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21686",
"Impact": "Low",
"Public": "20230822"
},
{
"ID": "CVE-2022-29654",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-29654",
"Impact": "Low",
"Public": "20230822"
},
{
"ID": "CVE-2022-44370",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-44370",
"Impact": "High",
"Public": "20230329"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416552001",
"Comment": "nasm is earlier than 0:2.16.03-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416552002",
"Comment": "nasm-doc is earlier than 0:2.16.03-alt1"
}
]
}
]
}
}
]
}

40
oval/c9f2/ALT-PU-2024-16552/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416552001",
"Version": "1",
"Comment": "nasm is installed",
"Name": "nasm"
},
{
"ID": "oval:org.altlinux.errata:obj:202416552002",
"Version": "1",
"Comment": "nasm-doc is installed",
"Name": "nasm-doc"
}
]
}

23
oval/c9f2/ALT-PU-2024-16552/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416552001",
"Version": "1",
"Comment": "package EVR is earlier than 0:2.16.03-alt1",
"Arch": {},
"EVR": {
"Text": "0:2.16.03-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/c9f2/ALT-PU-2024-16552/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416552001",
"Version": "1",
"Check": "all",
"Comment": "nasm is earlier than 0:2.16.03-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416552001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416552001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416552002",
"Version": "1",
"Check": "all",
"Comment": "nasm-doc is earlier than 0:2.16.03-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416552002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416552001"
}
}
]
}

261
oval/c9f2/ALT-PU-2024-16554/definitions.json Normal file
View File

@ -0,0 +1,261 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416554",
"Version": "oval:org.altlinux.errata:def:202416554",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16554: package `prosody` update to version 0.11.12-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16554",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16554",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-04582",
"RefURL": "https://bdu.fstec.ru/vul/2021-04582",
"Source": "BDU"
},
{
"RefID": "BDU:2021-04583",
"RefURL": "https://bdu.fstec.ru/vul/2021-04583",
"Source": "BDU"
},
{
"RefID": "BDU:2021-04584",
"RefURL": "https://bdu.fstec.ru/vul/2021-04584",
"Source": "BDU"
},
{
"RefID": "BDU:2021-04585",
"RefURL": "https://bdu.fstec.ru/vul/2021-04585",
"Source": "BDU"
},
{
"RefID": "BDU:2021-04586",
"RefURL": "https://bdu.fstec.ru/vul/2021-04586",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05563",
"RefURL": "https://bdu.fstec.ru/vul/2022-05563",
"Source": "BDU"
},
{
"RefID": "CVE-2021-32917",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32917",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32918",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32918",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32919",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32919",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32920",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32920",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32921",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32921",
"Source": "CVE"
},
{
"RefID": "CVE-2021-37601",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37601",
"Source": "CVE"
},
{
"RefID": "CVE-2022-0217",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-0217",
"Source": "CVE"
}
],
"Description": "This update upgrades prosody to version 0.11.12-alt2. \nSecurity Fix(es):\n\n * BDU:2021-04582: Уязвимость компонента proxy65 сервера для Jabber/XMPP Prosody, связанная с отсутствием механизма авторизации, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-04583: Уязвимость сервера для Jabber/XMPP Prosody, связанная с ошибкой механизма контроля расходуемых ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-04584: Уязвимость опции dialback_without_dialback модуля mod_dialback сервера для Jabber/XMPP Prosody, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * BDU:2021-04585: Уязвимость сервера для Jabber/XMPP Prosody, связанная с ошибкой механизма контроля расходуемых ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-04586: Уязвимость сервера для Jabber/XMPP Prosody, связанная с одновременным выполнением с использованием общего ресурса с неправильной синхронизацией, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * BDU:2022-05563: Уязвимость реализации модуля WebSocket сервера для Jabber/XMPP Prosody, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2021-32917: An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth.\n\n * CVE-2021-32918: An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.\n\n * CVE-2021-32919: An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled).\n\n * CVE-2021-32920: Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.\n\n * CVE-2021-32921: An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker.\n\n * CVE-2021-37601: muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.\n\n * CVE-2022-0217: It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611).\n\n * #38692: Неправильная упаковка",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-08"
},
"Updated": {
"Date": "2024-12-08"
},
"BDUs": [
{
"ID": "BDU:2021-04582",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-862",
"Href": "https://bdu.fstec.ru/vul/2021-04582",
"Impact": "Low",
"Public": "20210502"
},
{
"ID": "BDU:2021-04583",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2021-04583",
"Impact": "High",
"Public": "20210502"
},
{
"ID": "BDU:2021-04584",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2021-04584",
"Impact": "High",
"Public": "20210502"
},
{
"ID": "BDU:2021-04585",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2021-04585",
"Impact": "High",
"Public": "20210502"
},
{
"ID": "BDU:2021-04586",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-362",
"Href": "https://bdu.fstec.ru/vul/2021-04586",
"Impact": "Low",
"Public": "20210502"
},
{
"ID": "BDU:2022-05563",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20, CWE-611, CWE-776",
"Href": "https://bdu.fstec.ru/vul/2022-05563",
"Impact": "High",
"Public": "20220826"
}
],
"CVEs": [
{
"ID": "CVE-2021-32917",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-862",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32917",
"Impact": "Low",
"Public": "20210513"
},
{
"ID": "CVE-2021-32918",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32918",
"Impact": "High",
"Public": "20210513"
},
{
"ID": "CVE-2021-32919",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32919",
"Impact": "High",
"Public": "20210513"
},
{
"ID": "CVE-2021-32920",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32920",
"Impact": "High",
"Public": "20210513"
},
{
"ID": "CVE-2021-32921",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32921",
"Impact": "Low",
"Public": "20210513"
},
{
"ID": "CVE-2021-37601",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37601",
"Impact": "High",
"Public": "20210730"
},
{
"ID": "CVE-2022-0217",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-611",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-0217",
"Impact": "High",
"Public": "20220826"
}
],
"Bugzilla": [
{
"ID": "38692",
"Href": "https://bugzilla.altlinux.org/38692",
"Data": "Неправильная упаковка"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416554001",
"Comment": "prosody is earlier than 0:0.11.12-alt2"
}
]
}
]
}
}
]
}

34
oval/c9f2/ALT-PU-2024-16554/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416554001",
"Version": "1",
"Comment": "prosody is installed",
"Name": "prosody"
}
]
}

23
oval/c9f2/ALT-PU-2024-16554/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416554001",
"Version": "1",
"Comment": "package EVR is earlier than 0:0.11.12-alt2",
"Arch": {},
"EVR": {
"Text": "0:0.11.12-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c9f2/ALT-PU-2024-16554/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416554001",
"Version": "1",
"Check": "all",
"Comment": "prosody is earlier than 0:0.11.12-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416554001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416554001"
}
}
]
}

86
oval/c9f2/ALT-PU-2024-16558/definitions.json Normal file
View File

@ -0,0 +1,86 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416558",
"Version": "oval:org.altlinux.errata:def:202416558",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16558: package `unrtf` update to version 0.21.10-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16558",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16558",
"Source": "ALTPU"
},
{
"RefID": "CVE-2016-10091",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10091",
"Source": "CVE"
}
],
"Description": "This update upgrades unrtf to version 0.21.10-alt1. \nSecurity Fix(es):\n\n * CVE-2016-10091: Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-08"
},
"Updated": {
"Date": "2024-12-08"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2016-10091",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10091",
"Impact": "High",
"Public": "20170421"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416558001",
"Comment": "unrtf is earlier than 0:0.21.10-alt1"
}
]
}
]
}
}
]
}

34
oval/c9f2/ALT-PU-2024-16558/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416558001",
"Version": "1",
"Comment": "unrtf is installed",
"Name": "unrtf"
}
]
}

23
oval/c9f2/ALT-PU-2024-16558/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416558001",
"Version": "1",
"Comment": "package EVR is earlier than 0:0.21.10-alt1",
"Arch": {},
"EVR": {
"Text": "0:0.21.10-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c9f2/ALT-PU-2024-16558/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416558001",
"Version": "1",
"Check": "all",
"Comment": "unrtf is earlier than 0:0.21.10-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416558001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416558001"
}
}
]
}

261
oval/p10/ALT-PU-2024-16593/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

34
oval/p10/ALT-PU-2024-16593/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416593001",
"Version": "1",
"Comment": "traefik is installed",
"Name": "traefik"
}
]
}

23
oval/p10/ALT-PU-2024-16593/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416593001",
"Version": "1",
"Comment": "package EVR is earlier than 0:2.11.14-alt1",
"Arch": {},
"EVR": {
"Text": "0:2.11.14-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p10/ALT-PU-2024-16593/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416593001",
"Version": "1",
"Check": "all",
"Comment": "traefik is earlier than 0:2.11.14-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416593001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416593001"
}
}
]
}