pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-02-08 15:02:55 +00:00
parent 3b86e88d2f
commit 5748e13667
24 changed files with 1582 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
oval/c10f1/ALT-PU-2024-1574/definitions.json Normal file
View File

@ -0,0 +1,117 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241574",
"Version": "oval:org.altlinux.errata:def:20241574",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1574: package `gnutls30` update to version 3.6.16-alt4",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1574",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1574",
"Source": "ALTPU"
},
{
"RefID": "CVE-2023-5981",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-5981",
"Source": "CVE"
}
],
"Description": "This update upgrades gnutls30 to version 3.6.16-alt4. \nSecurity Fix(es):\n\n * CVE-2023-5981: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-02-08"
},
"Updated": {
"Date": "2024-02-08"
},
"bdu": null,
"Cves": [
{
"Cvss3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"Cwe": "CWE-203",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-5981",
"Impact": "Low",
"Public": "20231128",
"CveID": "CVE-2023-5981"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241574001",
"Comment": "gnutls-utils is earlier than 0:3.6.16-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241574002",
"Comment": "gnutls30-devel-doc is earlier than 0:3.6.16-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241574003",
"Comment": "libgnutls-devel is earlier than 0:3.6.16-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241574004",
"Comment": "libgnutls-guile is earlier than 0:3.6.16-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241574005",
"Comment": "libgnutls-openssl-devel is earlier than 0:3.6.16-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241574006",
"Comment": "libgnutls27-openssl is earlier than 0:3.6.16-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241574007",
"Comment": "libgnutls30 is earlier than 0:3.6.16-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241574008",
"Comment": "libgnutlsxx-devel is earlier than 0:3.6.16-alt4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241574009",
"Comment": "libgnutlsxx28 is earlier than 0:3.6.16-alt4"
}
]
}
]
}
}
]
}

82
oval/c10f1/ALT-PU-2024-1574/objects.json Normal file
View File

@ -0,0 +1,82 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241574001",
"Version": "1",
"comment": "gnutls-utils is installed",
"Name": "gnutls-utils"
},
{
"ID": "oval:org.altlinux.errata:obj:20241574002",
"Version": "1",
"comment": "gnutls30-devel-doc is installed",
"Name": "gnutls30-devel-doc"
},
{
"ID": "oval:org.altlinux.errata:obj:20241574003",
"Version": "1",
"comment": "libgnutls-devel is installed",
"Name": "libgnutls-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20241574004",
"Version": "1",
"comment": "libgnutls-guile is installed",
"Name": "libgnutls-guile"
},
{
"ID": "oval:org.altlinux.errata:obj:20241574005",
"Version": "1",
"comment": "libgnutls-openssl-devel is installed",
"Name": "libgnutls-openssl-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20241574006",
"Version": "1",
"comment": "libgnutls27-openssl is installed",
"Name": "libgnutls27-openssl"
},
{
"ID": "oval:org.altlinux.errata:obj:20241574007",
"Version": "1",
"comment": "libgnutls30 is installed",
"Name": "libgnutls30"
},
{
"ID": "oval:org.altlinux.errata:obj:20241574008",
"Version": "1",
"comment": "libgnutlsxx-devel is installed",
"Name": "libgnutlsxx-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20241574009",
"Version": "1",
"comment": "libgnutlsxx28 is installed",
"Name": "libgnutlsxx28"
}
]
}

23
oval/c10f1/ALT-PU-2024-1574/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241574001",
"Version": "1",
"Comment": "package EVR is earlier than 0:3.6.16-alt4",
"Arch": {},
"Evr": {
"Text": "0:3.6.16-alt4",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

126
oval/c10f1/ALT-PU-2024-1574/tests.json Normal file
View File

@ -0,0 +1,126 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241574001",
"Version": "1",
"Check": "all",
"Comment": "gnutls-utils is earlier than 0:3.6.16-alt4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241574001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241574001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241574002",
"Version": "1",
"Check": "all",
"Comment": "gnutls30-devel-doc is earlier than 0:3.6.16-alt4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241574002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241574001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241574003",
"Version": "1",
"Check": "all",
"Comment": "libgnutls-devel is earlier than 0:3.6.16-alt4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241574003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241574001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241574004",
"Version": "1",
"Check": "all",
"Comment": "libgnutls-guile is earlier than 0:3.6.16-alt4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241574004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241574001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241574005",
"Version": "1",
"Check": "all",
"Comment": "libgnutls-openssl-devel is earlier than 0:3.6.16-alt4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241574005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241574001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241574006",
"Version": "1",
"Check": "all",
"Comment": "libgnutls27-openssl is earlier than 0:3.6.16-alt4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241574006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241574001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241574007",
"Version": "1",
"Check": "all",
"Comment": "libgnutls30 is earlier than 0:3.6.16-alt4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241574007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241574001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241574008",
"Version": "1",
"Check": "all",
"Comment": "libgnutlsxx-devel is earlier than 0:3.6.16-alt4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241574008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241574001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241574009",
"Version": "1",
"Check": "all",
"Comment": "libgnutlsxx28 is earlier than 0:3.6.16-alt4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241574009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241574001"
}
}
]
}

99
oval/c10f1/ALT-PU-2024-1975/definitions.json Normal file
View File

@ -0,0 +1,99 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241975",
"Version": "oval:org.altlinux.errata:def:20241975",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1975: package `runc` update to version 1.1.12-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1975",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1975",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-00973",
"RefURL": "https://bdu.fstec.ru/vul/2024-00973",
"Source": "BDU"
},
{
"RefID": "CVE-2024-21626",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21626",
"Source": "CVE"
}
],
"Description": "This update upgrades runc to version 1.1.12-alt1. \nSecurity Fix(es):\n\n * BDU:2024-00973: Уязвимость инструмента для запуска изолированных контейнеров Runc связана с недостатками разграничений контролируемой области системы, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2024-21626: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (\"attack 2\"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (\"attack 1\"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (\"attack 3a\" and \"attack 3b\"). runc 1.1.12 includes patches for this issue. ",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-02-08"
},
"Updated": {
"Date": "2024-02-08"
},
"bdu": [
{
"Cvss": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"Cvss3": "AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"Cwe": "CWE-403, CWE-668",
"Href": "https://bdu.fstec.ru/vul/2024-00973",
"Impact": "High",
"Public": "20240131",
"CveID": "BDU:2024-00973"
}
],
"Cves": [
{
"Cwe": "CWE-668",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21626",
"Impact": "None",
"Public": "20240131",
"CveID": "CVE-2024-21626"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241975001",
"Comment": "runc is earlier than 0:1.1.12-alt1"
}
]
}
]
}
}
]
}

34
oval/c10f1/ALT-PU-2024-1975/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241975001",
"Version": "1",
"comment": "runc is installed",
"Name": "runc"
}
]
}

23
oval/c10f1/ALT-PU-2024-1975/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241975001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.1.12-alt1",
"Arch": {},
"Evr": {
"Text": "0:1.1.12-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c10f1/ALT-PU-2024-1975/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241975001",
"Version": "1",
"Check": "all",
"Comment": "runc is earlier than 0:1.1.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241975001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241975001"
}
}
]
}

179
oval/c10f2/ALT-PU-2024-1715/definitions.json Normal file
View File

@ -0,0 +1,179 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241715",
"Version": "oval:org.altlinux.errata:def:20241715",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1715: package `bind` update to version 9.16.44-alt0.c10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1715",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1715",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03436",
"RefURL": "https://bdu.fstec.ru/vul/2023-03436",
"Source": "BDU"
},
{
"RefID": "BDU:2023-06079",
"RefURL": "https://bdu.fstec.ru/vul/2023-06079",
"Source": "BDU"
},
{
"RefID": "BDU:2023-07642",
"RefURL": "https://bdu.fstec.ru/vul/2023-07642",
"Source": "BDU"
},
{
"RefID": "CVE-2023-2828",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2828",
"Source": "CVE"
},
{
"RefID": "CVE-2023-2829",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2829",
"Source": "CVE"
},
{
"RefID": "CVE-2023-2911",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-2911",
"Source": "CVE"
},
{
"RefID": "CVE-2023-3341",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-3341",
"Source": "CVE"
}
],
"Description": "This update upgrades bind to version 9.16.44-alt0.c10.1. \nSecurity Fix(es):\n\n * BDU:2023-03436: Уязвимость сервера DNS BIND, связанная с переполнением буфера в стеке при работе BIND в качестве «резолвера», позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-06079: Уязвимость демона named DNS-сервера BIND, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-07642: Уязвимость сервера DNS BIND, связанная с выделением неограниченной памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-2828: Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.\n\nIt has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.\n\n * CVE-2023-2829: A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record.\nThis issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.\n\n * CVE-2023-2911: If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow.\nThis issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.\n\n * CVE-2023-3341: The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.\nThis issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-02-08"
},
"Updated": {
"Date": "2024-02-08"
},
"bdu": [
{
"Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-121",
"Href": "https://bdu.fstec.ru/vul/2023-03436",
"Impact": "High",
"Public": "20230621",
"CveID": "BDU:2023-03436"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-674, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2023-06079",
"Impact": "High",
"Public": "20230620",
"CveID": "BDU:2023-06079"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-770",
"Href": "https://bdu.fstec.ru/vul/2023-07642",
"Impact": "High",
"Public": "20230614",
"CveID": "BDU:2023-07642"
}
],
"Cves": [
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2828",
"Impact": "High",
"Public": "20230621",
"CveID": "CVE-2023-2828"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2829",
"Impact": "High",
"Public": "20230621",
"CveID": "CVE-2023-2829"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-2911",
"Impact": "High",
"Public": "20230621",
"CveID": "CVE-2023-2911"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-3341",
"Impact": "High",
"Public": "20230920",
"CveID": "CVE-2023-3341"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241715001",
"Comment": "bind is earlier than 0:9.16.44-alt0.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241715002",
"Comment": "bind-devel is earlier than 0:9.16.44-alt0.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241715003",
"Comment": "bind-doc is earlier than 0:9.16.44-alt0.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241715004",
"Comment": "bind-utils is earlier than 0:9.16.44-alt0.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241715005",
"Comment": "libbind is earlier than 0:9.16.44-alt0.c10.1"
}
]
}
]
}
}
]
}

58
oval/c10f2/ALT-PU-2024-1715/objects.json Normal file
View File

@ -0,0 +1,58 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241715001",
"Version": "1",
"comment": "bind is installed",
"Name": "bind"
},
{
"ID": "oval:org.altlinux.errata:obj:20241715002",
"Version": "1",
"comment": "bind-devel is installed",
"Name": "bind-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20241715003",
"Version": "1",
"comment": "bind-doc is installed",
"Name": "bind-doc"
},
{
"ID": "oval:org.altlinux.errata:obj:20241715004",
"Version": "1",
"comment": "bind-utils is installed",
"Name": "bind-utils"
},
{
"ID": "oval:org.altlinux.errata:obj:20241715005",
"Version": "1",
"comment": "libbind is installed",
"Name": "libbind"
}
]
}

23
oval/c10f2/ALT-PU-2024-1715/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241715001",
"Version": "1",
"Comment": "package EVR is earlier than 0:9.16.44-alt0.c10.1",
"Arch": {},
"Evr": {
"Text": "0:9.16.44-alt0.c10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

78
oval/c10f2/ALT-PU-2024-1715/tests.json Normal file
View File

@ -0,0 +1,78 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241715001",
"Version": "1",
"Check": "all",
"Comment": "bind is earlier than 0:9.16.44-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241715001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241715001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241715002",
"Version": "1",
"Check": "all",
"Comment": "bind-devel is earlier than 0:9.16.44-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241715002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241715001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241715003",
"Version": "1",
"Check": "all",
"Comment": "bind-doc is earlier than 0:9.16.44-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241715003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241715001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241715004",
"Version": "1",
"Check": "all",
"Comment": "bind-utils is earlier than 0:9.16.44-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241715004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241715001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241715005",
"Version": "1",
"Check": "all",
"Comment": "libbind is earlier than 0:9.16.44-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241715005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241715001"
}
}
]
}

165
oval/c9f2/ALT-PU-2024-1622/definitions.json Normal file
View File

@ -0,0 +1,165 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241622",
"Version": "oval:org.altlinux.errata:def:20241622",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1622: package `libssh` update to version 0.10.6-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1622",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1622",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-08853",
"RefURL": "https://bdu.fstec.ru/vul/2023-08853",
"Source": "BDU"
},
{
"RefID": "BDU:2024-00199",
"RefURL": "https://bdu.fstec.ru/vul/2024-00199",
"Source": "BDU"
},
{
"RefID": "BDU:2024-00200",
"RefURL": "https://bdu.fstec.ru/vul/2024-00200",
"Source": "BDU"
},
{
"RefID": "CVE-2023-48795",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"Source": "CVE"
},
{
"RefID": "CVE-2023-6004",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-6004",
"Source": "CVE"
},
{
"RefID": "CVE-2023-6918",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-6918",
"Source": "CVE"
}
],
"Description": "This update upgrades libssh to version 0.10.6-alt1. \nSecurity Fix(es):\n\n * BDU:2023-08853: Уязвимость реализации протокола SSH, связанная с возможностью откорректировать порядковые номера пакетов в процессе согласования соединения и добиться удаления произвольного числа служебных SSH-сообщений, позволяющая нарушителю обойти проверки целостности, отключить существующие функции безопасности, получить несанкционированный доступ к защищаемой информации\n\n * BDU:2024-00199: Уязвимость компонента ProxyCommand/ProxyJump библиотеки libssh, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-00200: Уязвимость библиотеки libssh, связанная с разыменованием указателя NULL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.\n\n * CVE-2023-6004: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.\n\n * CVE-2023-6918: A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.\n\n * #49050: CVE-2023-48795 для закрытия необходимо обновление до версии 0.10.6",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-02-08"
},
"Updated": {
"Date": "2024-02-08"
},
"bdu": [
{
"Cvss": "AV:N/AC:H/Au:N/C:C/I:C/A:N",
"Cvss3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"Cwe": "CWE-222",
"Href": "https://bdu.fstec.ru/vul/2023-08853",
"Impact": "High",
"Public": "20231218",
"CveID": "BDU:2023-08853"
},
{
"Cvss": "AV:L/AC:L/Au:S/C:P/I:P/A:N",
"Cvss3": "AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"Cwe": "CWE-74, CWE-94, CWE-707",
"Href": "https://bdu.fstec.ru/vul/2024-00199",
"Impact": "Low",
"Public": "20231218",
"CveID": "BDU:2024-00199"
},
{
"Cvss": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"Cwe": "CWE-252",
"Href": "https://bdu.fstec.ru/vul/2024-00200",
"Impact": "Low",
"Public": "20231218",
"CveID": "BDU:2024-00200"
}
],
"Cves": [
{
"Cvss3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"Cwe": "CWE-354",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"Impact": "Low",
"Public": "20231218",
"CveID": "CVE-2023-48795"
},
{
"Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"Cwe": "CWE-74",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-6004",
"Impact": "Low",
"Public": "20240103",
"CveID": "CVE-2023-6004"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"Cwe": "CWE-252",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-6918",
"Impact": "Low",
"Public": "20231219",
"CveID": "CVE-2023-6918"
}
],
"Bugzilla": [
{
"Id": "49050",
"Href": "https://bugzilla.altlinux.org/49050",
"Data": "CVE-2023-48795 для закрытия необходимо обновление до версии 0.10.6"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241622001",
"Comment": "libssh is earlier than 0:0.10.6-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241622002",
"Comment": "libssh-devel is earlier than 0:0.10.6-alt1"
}
]
}
]
}
}
]
}

40
oval/c9f2/ALT-PU-2024-1622/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241622001",
"Version": "1",
"comment": "libssh is installed",
"Name": "libssh"
},
{
"ID": "oval:org.altlinux.errata:obj:20241622002",
"Version": "1",
"comment": "libssh-devel is installed",
"Name": "libssh-devel"
}
]
}

23
oval/c9f2/ALT-PU-2024-1622/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241622001",
"Version": "1",
"Comment": "package EVR is earlier than 0:0.10.6-alt1",
"Arch": {},
"Evr": {
"Text": "0:0.10.6-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/c9f2/ALT-PU-2024-1622/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241622001",
"Version": "1",
"Check": "all",
"Comment": "libssh is earlier than 0:0.10.6-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241622001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241622001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241622002",
"Version": "1",
"Check": "all",
"Comment": "libssh-devel is earlier than 0:0.10.6-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241622002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241622001"
}
}
]
}

99
oval/c9f2/ALT-PU-2024-1733/definitions.json Normal file
View File

@ -0,0 +1,99 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241733",
"Version": "oval:org.altlinux.errata:def:20241733",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1733: package `runc` update to version 1.1.12-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1733",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1733",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-00973",
"RefURL": "https://bdu.fstec.ru/vul/2024-00973",
"Source": "BDU"
},
{
"RefID": "CVE-2024-21626",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-21626",
"Source": "CVE"
}
],
"Description": "This update upgrades runc to version 1.1.12-alt1. \nSecurity Fix(es):\n\n * BDU:2024-00973: Уязвимость инструмента для запуска изолированных контейнеров Runc связана с недостатками разграничений контролируемой области системы, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2024-21626: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (\"attack 2\"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (\"attack 1\"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (\"attack 3a\" and \"attack 3b\"). runc 1.1.12 includes patches for this issue. ",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-02-08"
},
"Updated": {
"Date": "2024-02-08"
},
"bdu": [
{
"Cvss": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"Cvss3": "AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"Cwe": "CWE-403, CWE-668",
"Href": "https://bdu.fstec.ru/vul/2024-00973",
"Impact": "High",
"Public": "20240131",
"CveID": "BDU:2024-00973"
}
],
"Cves": [
{
"Cwe": "CWE-668",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-21626",
"Impact": "None",
"Public": "20240131",
"CveID": "CVE-2024-21626"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241733001",
"Comment": "runc is earlier than 0:1.1.12-alt1"
}
]
}
]
}
}
]
}

34
oval/c9f2/ALT-PU-2024-1733/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241733001",
"Version": "1",
"comment": "runc is installed",
"Name": "runc"
}
]
}

23
oval/c9f2/ALT-PU-2024-1733/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241733001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.1.12-alt1",
"Arch": {},
"Evr": {
"Text": "0:1.1.12-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c9f2/ALT-PU-2024-1733/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241733001",
"Version": "1",
"Check": "all",
"Comment": "runc is earlier than 0:1.1.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241733001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241733001"
}
}
]
}

113
oval/p10/ALT-PU-2024-1529/definitions.json Normal file
View File

@ -0,0 +1,113 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241529",
"Version": "oval:org.altlinux.errata:def:20241529",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1529: package `stlink` update to version 1.6.1-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1529",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1529",
"Source": "ALTPU"
}
],
"Description": "This update upgrades stlink to version 1.6.1-alt2. \nSecurity Fix(es):\n\n * #34271: update to 1.6.1 from http://github.com/stlink-org/stlink",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-02-08"
},
"Updated": {
"Date": "2024-02-08"
},
"bdu": null,
"Bugzilla": [
{
"Id": "34271",
"Href": "https://bugzilla.altlinux.org/34271",
"Data": "update to 1.6.1 from http://github.com/stlink-org/stlink"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241529001",
"Comment": "libstlink is earlier than 1:1.6.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241529002",
"Comment": "libstlink-devel is earlier than 1:1.6.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241529003",
"Comment": "stlink is earlier than 1:1.6.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241529004",
"Comment": "stlink-gui is earlier than 1:1.6.1-alt2"
}
]
}
]
}
}
]
}

52
oval/p10/ALT-PU-2024-1529/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241529001",
"Version": "1",
"comment": "libstlink is installed",
"Name": "libstlink"
},
{
"ID": "oval:org.altlinux.errata:obj:20241529002",
"Version": "1",
"comment": "libstlink-devel is installed",
"Name": "libstlink-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20241529003",
"Version": "1",
"comment": "stlink is installed",
"Name": "stlink"
},
{
"ID": "oval:org.altlinux.errata:obj:20241529004",
"Version": "1",
"comment": "stlink-gui is installed",
"Name": "stlink-gui"
}
]
}

23
oval/p10/ALT-PU-2024-1529/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241529001",
"Version": "1",
"Comment": "package EVR is earlier than 1:1.6.1-alt2",
"Arch": {},
"Evr": {
"Text": "1:1.6.1-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/p10/ALT-PU-2024-1529/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241529001",
"Version": "1",
"Check": "all",
"Comment": "libstlink is earlier than 1:1.6.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241529001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241529001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241529002",
"Version": "1",
"Check": "all",
"Comment": "libstlink-devel is earlier than 1:1.6.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241529002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241529001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241529003",
"Version": "1",
"Check": "all",
"Comment": "stlink is earlier than 1:1.6.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241529003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241529001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241529004",
"Version": "1",
"Check": "all",
"Comment": "stlink-gui is earlier than 1:1.6.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241529004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241529001"
}
}
]
}