From 60ccca6a3e6281c8b399bb17b23ac3746c06b5ca Mon Sep 17 00:00:00 2001 From: pepelyaevip Date: Sat, 23 Mar 2024 15:02:16 +0000 Subject: [PATCH] ALT Vulnerability --- oval/c10f1/ALT-PU-2024-4065/definitions.json | 77 ++ oval/c10f1/ALT-PU-2024-4065/objects.json | 34 + oval/c10f1/ALT-PU-2024-4065/states.json | 23 + oval/c10f1/ALT-PU-2024-4065/tests.json | 30 + oval/c10f1/ALT-PU-2024-4163/definitions.json | 99 +++ oval/c10f1/ALT-PU-2024-4163/objects.json | 34 + oval/c10f1/ALT-PU-2024-4163/states.json | 23 + oval/c10f1/ALT-PU-2024-4163/tests.json | 30 + oval/c10f1/ALT-PU-2024-4165/definitions.json | 89 +++ oval/c10f1/ALT-PU-2024-4165/objects.json | 40 ++ oval/c10f1/ALT-PU-2024-4165/states.json | 23 + oval/c10f1/ALT-PU-2024-4165/tests.json | 42 ++ oval/c10f1/ALT-PU-2024-4175/definitions.json | 108 +++ oval/c10f1/ALT-PU-2024-4175/objects.json | 46 ++ oval/c10f1/ALT-PU-2024-4175/states.json | 23 + oval/c10f1/ALT-PU-2024-4175/tests.json | 54 ++ oval/c10f2/ALT-PU-2024-3895/definitions.json | 153 ++++ oval/c10f2/ALT-PU-2024-3895/objects.json | 34 + oval/c10f2/ALT-PU-2024-3895/states.json | 23 + oval/c10f2/ALT-PU-2024-3895/tests.json | 30 + oval/c10f2/ALT-PU-2024-3924/definitions.json | 93 +++ oval/c10f2/ALT-PU-2024-3924/objects.json | 34 + oval/c10f2/ALT-PU-2024-3924/states.json | 23 + oval/c10f2/ALT-PU-2024-3924/tests.json | 30 + oval/c10f2/ALT-PU-2024-4171/definitions.json | 88 +++ oval/c10f2/ALT-PU-2024-4171/objects.json | 52 ++ oval/c10f2/ALT-PU-2024-4171/states.json | 23 + oval/c10f2/ALT-PU-2024-4171/tests.json | 66 ++ oval/c9f2/ALT-PU-2024-3988/definitions.json | 100 +++ oval/c9f2/ALT-PU-2024-3988/objects.json | 34 + oval/c9f2/ALT-PU-2024-3988/states.json | 23 + oval/c9f2/ALT-PU-2024-3988/tests.json | 30 + oval/c9f2/ALT-PU-2024-4030/definitions.json | 701 +++++++++++++++++++ oval/c9f2/ALT-PU-2024-4030/objects.json | 58 ++ oval/c9f2/ALT-PU-2024-4030/states.json | 23 + oval/c9f2/ALT-PU-2024-4030/tests.json | 78 +++ oval/c9f2/ALT-PU-2024-4039/definitions.json | 108 +++ oval/c9f2/ALT-PU-2024-4039/objects.json | 46 ++ oval/c9f2/ALT-PU-2024-4039/states.json | 23 + oval/c9f2/ALT-PU-2024-4039/tests.json | 54 ++ oval/c9f2/ALT-PU-2024-4059/definitions.json | 160 +++++ oval/c9f2/ALT-PU-2024-4059/objects.json | 70 ++ oval/c9f2/ALT-PU-2024-4059/states.json | 23 + oval/c9f2/ALT-PU-2024-4059/tests.json | 102 +++ 44 files changed, 3057 insertions(+) create mode 100644 oval/c10f1/ALT-PU-2024-4065/definitions.json create mode 100644 oval/c10f1/ALT-PU-2024-4065/objects.json create mode 100644 oval/c10f1/ALT-PU-2024-4065/states.json create mode 100644 oval/c10f1/ALT-PU-2024-4065/tests.json create mode 100644 oval/c10f1/ALT-PU-2024-4163/definitions.json create mode 100644 oval/c10f1/ALT-PU-2024-4163/objects.json create mode 100644 oval/c10f1/ALT-PU-2024-4163/states.json create mode 100644 oval/c10f1/ALT-PU-2024-4163/tests.json create mode 100644 oval/c10f1/ALT-PU-2024-4165/definitions.json create mode 100644 oval/c10f1/ALT-PU-2024-4165/objects.json create mode 100644 oval/c10f1/ALT-PU-2024-4165/states.json create mode 100644 oval/c10f1/ALT-PU-2024-4165/tests.json create mode 100644 oval/c10f1/ALT-PU-2024-4175/definitions.json create mode 100644 oval/c10f1/ALT-PU-2024-4175/objects.json create mode 100644 oval/c10f1/ALT-PU-2024-4175/states.json create mode 100644 oval/c10f1/ALT-PU-2024-4175/tests.json create mode 100644 oval/c10f2/ALT-PU-2024-3895/definitions.json create mode 100644 oval/c10f2/ALT-PU-2024-3895/objects.json create mode 100644 oval/c10f2/ALT-PU-2024-3895/states.json create mode 100644 oval/c10f2/ALT-PU-2024-3895/tests.json create mode 100644 oval/c10f2/ALT-PU-2024-3924/definitions.json create mode 100644 oval/c10f2/ALT-PU-2024-3924/objects.json create mode 100644 oval/c10f2/ALT-PU-2024-3924/states.json create mode 100644 oval/c10f2/ALT-PU-2024-3924/tests.json create mode 100644 oval/c10f2/ALT-PU-2024-4171/definitions.json create mode 100644 oval/c10f2/ALT-PU-2024-4171/objects.json create mode 100644 oval/c10f2/ALT-PU-2024-4171/states.json create mode 100644 oval/c10f2/ALT-PU-2024-4171/tests.json create mode 100644 oval/c9f2/ALT-PU-2024-3988/definitions.json create mode 100644 oval/c9f2/ALT-PU-2024-3988/objects.json create mode 100644 oval/c9f2/ALT-PU-2024-3988/states.json create mode 100644 oval/c9f2/ALT-PU-2024-3988/tests.json create mode 100644 oval/c9f2/ALT-PU-2024-4030/definitions.json create mode 100644 oval/c9f2/ALT-PU-2024-4030/objects.json create mode 100644 oval/c9f2/ALT-PU-2024-4030/states.json create mode 100644 oval/c9f2/ALT-PU-2024-4030/tests.json create mode 100644 oval/c9f2/ALT-PU-2024-4039/definitions.json create mode 100644 oval/c9f2/ALT-PU-2024-4039/objects.json create mode 100644 oval/c9f2/ALT-PU-2024-4039/states.json create mode 100644 oval/c9f2/ALT-PU-2024-4039/tests.json create mode 100644 oval/c9f2/ALT-PU-2024-4059/definitions.json create mode 100644 oval/c9f2/ALT-PU-2024-4059/objects.json create mode 100644 oval/c9f2/ALT-PU-2024-4059/states.json create mode 100644 oval/c9f2/ALT-PU-2024-4059/tests.json diff --git a/oval/c10f1/ALT-PU-2024-4065/definitions.json b/oval/c10f1/ALT-PU-2024-4065/definitions.json new file mode 100644 index 0000000000..56b990e9c0 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-4065/definitions.json @@ -0,0 +1,77 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20244065", + "Version": "oval:org.altlinux.errata:def:20244065", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-4065: package `nvidia-modprobe` update to version 550.54.14-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f1" + ], + "Products": [ + "ALT SP Workstation", + "ALT SP Server" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-4065", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-4065", + "Source": "ALTPU" + } + ], + "Description": "This update upgrades nvidia-modprobe to version 550.54.14-alt1. \nSecurity Fix(es):\n\n * #43826: Черный экран при входе пользователя из группы users", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-03-23" + }, + "Updated": { + "Date": "2024-03-23" + }, + "bdu": null, + "Bugzilla": [ + { + "Id": "43826", + "Href": "https://bugzilla.altlinux.org/43826", + "Data": "Черный экран при входе пользователя из группы users" + } + ], + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:4001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20244065001", + "Comment": "nvidia-modprobe is earlier than 0:550.54.14-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-4065/objects.json b/oval/c10f1/ALT-PU-2024-4065/objects.json new file mode 100644 index 0000000000..31f819983c --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-4065/objects.json @@ -0,0 +1,34 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:4001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20244065001", + "Version": "1", + "comment": "nvidia-modprobe is installed", + "Name": "nvidia-modprobe" + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-4065/states.json b/oval/c10f1/ALT-PU-2024-4065/states.json new file mode 100644 index 0000000000..5232e2ad78 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-4065/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:4001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20244065001", + "Version": "1", + "Comment": "package EVR is earlier than 0:550.54.14-alt1", + "Arch": {}, + "Evr": { + "Text": "0:550.54.14-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-4065/tests.json b/oval/c10f1/ALT-PU-2024-4065/tests.json new file mode 100644 index 0000000000..acabe9770a --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-4065/tests.json @@ -0,0 +1,30 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:4001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f1' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:4001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:4001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20244065001", + "Version": "1", + "Check": "all", + "Comment": "nvidia-modprobe is earlier than 0:550.54.14-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244065001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244065001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-4163/definitions.json b/oval/c10f1/ALT-PU-2024-4163/definitions.json new file mode 100644 index 0000000000..fd7c6cec5c --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-4163/definitions.json @@ -0,0 +1,99 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20244163", + "Version": "oval:org.altlinux.errata:def:20244163", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-4163: package `minidlna` update to version 1.3.3-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f1" + ], + "Products": [ + "ALT SP Workstation", + "ALT SP Server" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-4163", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-4163", + "Source": "ALTPU" + }, + { + "RefID": "CVE-2022-26505", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-26505", + "Source": "CVE" + }, + { + "RefID": "CVE-2023-33476", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-33476", + "Source": "CVE" + } + ], + "Description": "This update upgrades minidlna to version 1.3.3-alt1. \nSecurity Fix(es):\n\n * CVE-2022-26505: A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.\n\n * CVE-2023-33476: ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Critical", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-03-23" + }, + "Updated": { + "Date": "2024-03-23" + }, + "bdu": null, + "Cves": [ + { + "Cvss": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", + "Cwe": "CWE-290", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-26505", + "Impact": "High", + "Public": "20220306", + "CveID": "CVE-2022-26505" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "Cwe": "CWE-787", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-33476", + "Impact": "Critical", + "Public": "20230602", + "CveID": "CVE-2023-33476" + } + ], + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:4001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20244163001", + "Comment": "minidlna is earlier than 0:1.3.3-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-4163/objects.json b/oval/c10f1/ALT-PU-2024-4163/objects.json new file mode 100644 index 0000000000..4efe5486a3 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-4163/objects.json @@ -0,0 +1,34 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:4001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20244163001", + "Version": "1", + "comment": "minidlna is installed", + "Name": "minidlna" + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-4163/states.json b/oval/c10f1/ALT-PU-2024-4163/states.json new file mode 100644 index 0000000000..2886d540ad --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-4163/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:4001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20244163001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.3.3-alt1", + "Arch": {}, + "Evr": { + "Text": "0:1.3.3-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-4163/tests.json b/oval/c10f1/ALT-PU-2024-4163/tests.json new file mode 100644 index 0000000000..98ef7e91be --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-4163/tests.json @@ -0,0 +1,30 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:4001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f1' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:4001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:4001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20244163001", + "Version": "1", + "Check": "all", + "Comment": "minidlna is earlier than 0:1.3.3-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244163001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244163001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-4165/definitions.json b/oval/c10f1/ALT-PU-2024-4165/definitions.json new file mode 100644 index 0000000000..fe7de61ef9 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-4165/definitions.json @@ -0,0 +1,89 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20244165", + "Version": "oval:org.altlinux.errata:def:20244165", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-4165: package `libsass` update to version 3.6.6-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f1" + ], + "Products": [ + "ALT SP Workstation", + "ALT SP Server" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-4165", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-4165", + "Source": "ALTPU" + }, + { + "RefID": "CVE-2022-26592", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-26592", + "Source": "CVE" + } + ], + "Description": "This update upgrades libsass to version 3.6.6-alt1. \nSecurity Fix(es):\n\n * CVE-2022-26592: Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-03-23" + }, + "Updated": { + "Date": "2024-03-23" + }, + "bdu": null, + "Cves": [ + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "Cwe": "CWE-787", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-26592", + "Impact": "High", + "Public": "20230822", + "CveID": "CVE-2022-26592" + } + ], + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:4001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20244165001", + "Comment": "libsass is earlier than 0:3.6.6-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20244165002", + "Comment": "libsass-devel is earlier than 0:3.6.6-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-4165/objects.json b/oval/c10f1/ALT-PU-2024-4165/objects.json new file mode 100644 index 0000000000..aa4c03ec3a --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-4165/objects.json @@ -0,0 +1,40 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:4001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20244165001", + "Version": "1", + "comment": "libsass is installed", + "Name": "libsass" + }, + { + "ID": "oval:org.altlinux.errata:obj:20244165002", + "Version": "1", + "comment": "libsass-devel is installed", + "Name": "libsass-devel" + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-4165/states.json b/oval/c10f1/ALT-PU-2024-4165/states.json new file mode 100644 index 0000000000..40ef49f9bc --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-4165/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:4001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20244165001", + "Version": "1", + "Comment": "package EVR is earlier than 0:3.6.6-alt1", + "Arch": {}, + "Evr": { + "Text": "0:3.6.6-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-4165/tests.json b/oval/c10f1/ALT-PU-2024-4165/tests.json new file mode 100644 index 0000000000..45167e788a --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-4165/tests.json @@ -0,0 +1,42 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:4001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f1' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:4001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:4001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20244165001", + "Version": "1", + "Check": "all", + "Comment": "libsass is earlier than 0:3.6.6-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244165001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244165001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20244165002", + "Version": "1", + "Check": "all", + "Comment": "libsass-devel is earlier than 0:3.6.6-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244165002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244165001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-4175/definitions.json b/oval/c10f1/ALT-PU-2024-4175/definitions.json new file mode 100644 index 0000000000..b68dbccd46 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-4175/definitions.json @@ -0,0 +1,108 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20244175", + "Version": "oval:org.altlinux.errata:def:20244175", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-4175: package `curl` update to version 8.6.0-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f1" + ], + "Products": [ + "ALT SP Workstation", + "ALT SP Server" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-4175", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-4175", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-01014", + "RefURL": "https://bdu.fstec.ru/vul/2024-01014", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-0853", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-0853", + "Source": "CVE" + } + ], + "Description": "This update upgrades curl to version 8.6.0-alt1. \nSecurity Fix(es):\n\n * BDU:2024-01014: Уязвимость реализации протокола TLS утилиты командной строки cURL, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации\n\n * CVE-2024-0853: curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to\nthe same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-03-23" + }, + "Updated": { + "Date": "2024-03-23" + }, + "bdu": [ + { + "Cvss": "AV:N/AC:L/Au:M/C:P/I:P/A:N", + "Cvss3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", + "Cwe": "CWE-299", + "Href": "https://bdu.fstec.ru/vul/2024-01014", + "Impact": "Low", + "Public": "20231229", + "CveID": "BDU:2024-01014" + } + ], + "Cves": [ + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "Cwe": "CWE-295", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-0853", + "Impact": "Low", + "Public": "20240203", + "CveID": "CVE-2024-0853" + } + ], + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:4001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20244175001", + "Comment": "curl is earlier than 0:8.6.0-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20244175002", + "Comment": "libcurl is earlier than 0:8.6.0-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20244175003", + "Comment": "libcurl-devel is earlier than 0:8.6.0-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-4175/objects.json b/oval/c10f1/ALT-PU-2024-4175/objects.json new file mode 100644 index 0000000000..74017d6e16 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-4175/objects.json @@ -0,0 +1,46 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:4001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20244175001", + "Version": "1", + "comment": "curl is installed", + "Name": "curl" + }, + { + "ID": "oval:org.altlinux.errata:obj:20244175002", + "Version": "1", + "comment": "libcurl is installed", + "Name": "libcurl" + }, + { + "ID": "oval:org.altlinux.errata:obj:20244175003", + "Version": "1", + "comment": "libcurl-devel is installed", + "Name": "libcurl-devel" + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-4175/states.json b/oval/c10f1/ALT-PU-2024-4175/states.json new file mode 100644 index 0000000000..d432d06d7e --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-4175/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:4001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20244175001", + "Version": "1", + "Comment": "package EVR is earlier than 0:8.6.0-alt1", + "Arch": {}, + "Evr": { + "Text": "0:8.6.0-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-4175/tests.json b/oval/c10f1/ALT-PU-2024-4175/tests.json new file mode 100644 index 0000000000..0dd50709d8 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-4175/tests.json @@ -0,0 +1,54 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:4001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f1' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:4001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:4001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20244175001", + "Version": "1", + "Check": "all", + "Comment": "curl is earlier than 0:8.6.0-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244175001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244175001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20244175002", + "Version": "1", + "Check": "all", + "Comment": "libcurl is earlier than 0:8.6.0-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244175002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244175001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20244175003", + "Version": "1", + "Check": "all", + "Comment": "libcurl-devel is earlier than 0:8.6.0-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244175003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244175001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-3895/definitions.json b/oval/c10f2/ALT-PU-2024-3895/definitions.json new file mode 100644 index 0000000000..b9d5a1440b --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-3895/definitions.json @@ -0,0 +1,153 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20243895", + "Version": "oval:org.altlinux.errata:def:20243895", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-3895: package `lightdm-kde-greeter` update to version 0.4.18-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f2" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-3895", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-3895", + "Source": "ALTPU" + } + ], + "Description": "This update upgrades lightdm-kde-greeter to version 0.4.18-alt1. \nSecurity Fix(es):\n\n * #46353: Не запоминается логин последнего доменного пользователя\n\n * #46496: НЕ отображаются всплывающие подсказки для смены языка и выбора сеанса\n\n * #46499: Виртуальная клавиатура пропадает после ввода 1 символа, ввести пароль невозможно при подключении к сети через виджет на экране входа\n\n * #46500: В случае длинного имени пользователя или пароля буквы наползают на значок \"виртуальная клавиатура\"\n\n * #46502: [usability] Настроенная на экране входа сеть недоступна после входа в систему\n\n * #46514: [usability] Отсутствует пользовательское сообщение при вводе некорректного пароля для подключения к сети\n\n * #46518: Не осуществляется подключение ко второй сети\n\n * #46524: guest отображается со звездочкой на экране входа\n\n * #46525: Некорректное сообщение \"Неверный пароль, повторите попытку\" в случае, если срок действия аккаунта истек или аккаунт заблокирован\n\n * #46530: Не выполняется автологин\n\n * #46533: Некорректное отображение темы Классическая при подключенном втором мониторе\n\n * #46534: Некорректная работа всех элементов навигации в Классической теме при подключенном втором мониторе\n\n * #46606: Не запускает сессию wayland при автологине, если при установке создать пользователя с опцией \"Автоматический вход в систему\"\n\n * #47377: Не работает двухфакторная аутентификация\n\n * #47760: Неверно показывает поля входа после нажатия кнопки Войти другим пользователем\n\n * #47950: Стандартная иконка аватара пользователя LightDM (черный на сером)\n\n * #48123: При вводе пароля wifi не работает показ", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-03-23" + }, + "Updated": { + "Date": "2024-03-23" + }, + "bdu": null, + "Bugzilla": [ + { + "Id": "46353", + "Href": "https://bugzilla.altlinux.org/46353", + "Data": "Не запоминается логин последнего доменного пользователя" + }, + { + "Id": "46496", + "Href": "https://bugzilla.altlinux.org/46496", + "Data": "НЕ отображаются всплывающие подсказки для смены языка и выбора сеанса" + }, + { + "Id": "46499", + "Href": "https://bugzilla.altlinux.org/46499", + "Data": "Виртуальная клавиатура пропадает после ввода 1 символа, ввести пароль невозможно при подключении к сети через виджет на экране входа" + }, + { + "Id": "46500", + "Href": "https://bugzilla.altlinux.org/46500", + "Data": "В случае длинного имени пользователя или пароля буквы наползают на значок \"виртуальная клавиатура\"" + }, + { + "Id": "46502", + "Href": "https://bugzilla.altlinux.org/46502", + "Data": "[usability] Настроенная на экране входа сеть недоступна после входа в систему" + }, + { + "Id": "46514", + "Href": "https://bugzilla.altlinux.org/46514", + "Data": "[usability] Отсутствует пользовательское сообщение при вводе некорректного пароля для подключения к сети" + }, + { + "Id": "46518", + "Href": "https://bugzilla.altlinux.org/46518", + "Data": "Не осуществляется подключение ко второй сети" + }, + { + "Id": "46524", + "Href": "https://bugzilla.altlinux.org/46524", + "Data": "guest отображается со звездочкой на экране входа" + }, + { + "Id": "46525", + "Href": "https://bugzilla.altlinux.org/46525", + "Data": "Некорректное сообщение \"Неверный пароль, повторите попытку\" в случае, если срок действия аккаунта истек или аккаунт заблокирован" + }, + { + "Id": "46530", + "Href": "https://bugzilla.altlinux.org/46530", + "Data": "Не выполняется автологин" + }, + { + "Id": "46533", + "Href": "https://bugzilla.altlinux.org/46533", + "Data": "Некорректное отображение темы Классическая при подключенном втором мониторе" + }, + { + "Id": "46534", + "Href": "https://bugzilla.altlinux.org/46534", + "Data": "Некорректная работа всех элементов навигации в Классической теме при подключенном втором мониторе" + }, + { + "Id": "46606", + "Href": "https://bugzilla.altlinux.org/46606", + "Data": "Не запускает сессию wayland при автологине, если при установке создать пользователя с опцией \"Автоматический вход в систему\"" + }, + { + "Id": "47377", + "Href": "https://bugzilla.altlinux.org/47377", + "Data": "Не работает двухфакторная аутентификация" + }, + { + "Id": "47760", + "Href": "https://bugzilla.altlinux.org/47760", + "Data": "Неверно показывает поля входа после нажатия кнопки Войти другим пользователем" + }, + { + "Id": "47950", + "Href": "https://bugzilla.altlinux.org/47950", + "Data": "Стандартная иконка аватара пользователя LightDM (черный на сером)" + }, + { + "Id": "48123", + "Href": "https://bugzilla.altlinux.org/48123", + "Data": "При вводе пароля wifi не работает показ" + } + ], + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:5001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20243895001", + "Comment": "lightdm-kde-greeter is earlier than 0:0.4.18-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-3895/objects.json b/oval/c10f2/ALT-PU-2024-3895/objects.json new file mode 100644 index 0000000000..a4ee1fdf5e --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-3895/objects.json @@ -0,0 +1,34 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:5001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20243895001", + "Version": "1", + "comment": "lightdm-kde-greeter is installed", + "Name": "lightdm-kde-greeter" + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-3895/states.json b/oval/c10f2/ALT-PU-2024-3895/states.json new file mode 100644 index 0000000000..f25f64f28d --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-3895/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:5001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20243895001", + "Version": "1", + "Comment": "package EVR is earlier than 0:0.4.18-alt1", + "Arch": {}, + "Evr": { + "Text": "0:0.4.18-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-3895/tests.json b/oval/c10f2/ALT-PU-2024-3895/tests.json new file mode 100644 index 0000000000..faf31bf67b --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-3895/tests.json @@ -0,0 +1,30 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:5001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:5001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:5001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20243895001", + "Version": "1", + "Check": "all", + "Comment": "lightdm-kde-greeter is earlier than 0:0.4.18-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243895001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243895001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-3924/definitions.json b/oval/c10f2/ALT-PU-2024-3924/definitions.json new file mode 100644 index 0000000000..fea286af57 --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-3924/definitions.json @@ -0,0 +1,93 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20243924", + "Version": "oval:org.altlinux.errata:def:20243924", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-3924: package `alterator-netinst` update to version 1.9.1-alt7", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f2" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-3924", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-3924", + "Source": "ALTPU" + } + ], + "Description": "This update upgrades alterator-netinst to version 1.9.1-alt7. \nSecurity Fix(es):\n\n * #40265: Сервер сетевых установок: удалить образ -\u003e образ отображается в текущих\n\n * #45970: [FR] Крайне необходимо добавить возможность выставления опции ai для автоинсталла (сценарий установки по PXE)\n\n * #46599: Сервер сетевых установок: удалить образ -\u003e сервер не грузится\n\n * #46975: Некорректное применение настроек через alterator-netinst: невозможно удалить строки, связанные с подключением по VNC\n\n * #49051: Нет возможности выбрать вариант загрузки, пустое значение", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-03-23" + }, + "Updated": { + "Date": "2024-03-23" + }, + "bdu": null, + "Bugzilla": [ + { + "Id": "40265", + "Href": "https://bugzilla.altlinux.org/40265", + "Data": "Сервер сетевых установок: удалить образ -\u003e образ отображается в текущих" + }, + { + "Id": "45970", + "Href": "https://bugzilla.altlinux.org/45970", + "Data": "[FR] Крайне необходимо добавить возможность выставления опции ai для автоинсталла (сценарий установки по PXE)" + }, + { + "Id": "46599", + "Href": "https://bugzilla.altlinux.org/46599", + "Data": "Сервер сетевых установок: удалить образ -\u003e сервер не грузится" + }, + { + "Id": "46975", + "Href": "https://bugzilla.altlinux.org/46975", + "Data": "Некорректное применение настроек через alterator-netinst: невозможно удалить строки, связанные с подключением по VNC" + }, + { + "Id": "49051", + "Href": "https://bugzilla.altlinux.org/49051", + "Data": "Нет возможности выбрать вариант загрузки, пустое значение" + } + ], + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:5001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20243924001", + "Comment": "alterator-netinst is earlier than 0:1.9.1-alt7" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-3924/objects.json b/oval/c10f2/ALT-PU-2024-3924/objects.json new file mode 100644 index 0000000000..8fa04d13ec --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-3924/objects.json @@ -0,0 +1,34 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:5001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20243924001", + "Version": "1", + "comment": "alterator-netinst is installed", + "Name": "alterator-netinst" + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-3924/states.json b/oval/c10f2/ALT-PU-2024-3924/states.json new file mode 100644 index 0000000000..3a484d3de9 --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-3924/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:5001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20243924001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.9.1-alt7", + "Arch": {}, + "Evr": { + "Text": "0:1.9.1-alt7", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-3924/tests.json b/oval/c10f2/ALT-PU-2024-3924/tests.json new file mode 100644 index 0000000000..1459e84025 --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-3924/tests.json @@ -0,0 +1,30 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:5001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:5001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:5001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20243924001", + "Version": "1", + "Check": "all", + "Comment": "alterator-netinst is earlier than 0:1.9.1-alt7", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243924001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243924001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-4171/definitions.json b/oval/c10f2/ALT-PU-2024-4171/definitions.json new file mode 100644 index 0000000000..120cf6bd46 --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-4171/definitions.json @@ -0,0 +1,88 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20244171", + "Version": "oval:org.altlinux.errata:def:20244171", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-4171: package `salt` update to version 3005.5-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f2" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-4171", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-4171", + "Source": "ALTPU" + }, + { + "RefID": "CVE-2024-22231", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-22231", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-22232", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-22232", + "Source": "CVE" + } + ], + "Description": "This update upgrades salt to version 3005.5-alt1. \nSecurity Fix(es):\n\n * CVE-2024-22231: description unavailable\n\n * CVE-2024-22232: description unavailable", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-03-23" + }, + "Updated": { + "Date": "2024-03-23" + }, + "bdu": null, + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:5001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20244171001", + "Comment": "python3-module-salt is earlier than 0:3005.5-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20244171002", + "Comment": "salt-api is earlier than 0:3005.5-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20244171003", + "Comment": "salt-master is earlier than 0:3005.5-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20244171004", + "Comment": "salt-minion is earlier than 0:3005.5-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-4171/objects.json b/oval/c10f2/ALT-PU-2024-4171/objects.json new file mode 100644 index 0000000000..2537fed385 --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-4171/objects.json @@ -0,0 +1,52 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:5001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20244171001", + "Version": "1", + "comment": "python3-module-salt is installed", + "Name": "python3-module-salt" + }, + { + "ID": "oval:org.altlinux.errata:obj:20244171002", + "Version": "1", + "comment": "salt-api is installed", + "Name": "salt-api" + }, + { + "ID": "oval:org.altlinux.errata:obj:20244171003", + "Version": "1", + "comment": "salt-master is installed", + "Name": "salt-master" + }, + { + "ID": "oval:org.altlinux.errata:obj:20244171004", + "Version": "1", + "comment": "salt-minion is installed", + "Name": "salt-minion" + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-4171/states.json b/oval/c10f2/ALT-PU-2024-4171/states.json new file mode 100644 index 0000000000..9dcafa0289 --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-4171/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:5001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20244171001", + "Version": "1", + "Comment": "package EVR is earlier than 0:3005.5-alt1", + "Arch": {}, + "Evr": { + "Text": "0:3005.5-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f2/ALT-PU-2024-4171/tests.json b/oval/c10f2/ALT-PU-2024-4171/tests.json new file mode 100644 index 0000000000..e9aeeffb8b --- /dev/null +++ b/oval/c10f2/ALT-PU-2024-4171/tests.json @@ -0,0 +1,66 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:5001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:5001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:5001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20244171001", + "Version": "1", + "Check": "all", + "Comment": "python3-module-salt is earlier than 0:3005.5-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244171001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244171001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20244171002", + "Version": "1", + "Check": "all", + "Comment": "salt-api is earlier than 0:3005.5-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244171002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244171001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20244171003", + "Version": "1", + "Check": "all", + "Comment": "salt-master is earlier than 0:3005.5-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244171003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244171001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20244171004", + "Version": "1", + "Check": "all", + "Comment": "salt-minion is earlier than 0:3005.5-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244171004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244171001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-3988/definitions.json b/oval/c9f2/ALT-PU-2024-3988/definitions.json new file mode 100644 index 0000000000..da0c9438a8 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-3988/definitions.json @@ -0,0 +1,100 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20243988", + "Version": "oval:org.altlinux.errata:def:20243988", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-3988: package `vault` update to version 1.13.12-alt2", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c9f2" + ], + "Products": [ + "ALT SPWorkstation", + "ALT SPServer" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-3988", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-3988", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2023-08660", + "RefURL": "https://bdu.fstec.ru/vul/2023-08660", + "Source": "BDU" + }, + { + "RefID": "CVE-2023-6337", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-6337", + "Source": "CVE" + } + ], + "Description": "This update upgrades vault to version 1.13.12-alt2. \nSecurity Fix(es):\n\n * BDU:2023-08660: Уязвимость компонента max_request_duration платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-6337: HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.\n\nFixed in Vault 1.15.4, 1.14.8, 1.13.12.\n\n", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-03-23" + }, + "Updated": { + "Date": "2024-03-23" + }, + "bdu": [ + { + "Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-770", + "Href": "https://bdu.fstec.ru/vul/2023-08660", + "Impact": "High", + "Public": "20231127", + "CveID": "BDU:2023-08660" + } + ], + "Cves": [ + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-770", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-6337", + "Impact": "High", + "Public": "20231208", + "CveID": "CVE-2023-6337" + } + ], + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:spworkstation:8.4", + "cpe:/o:alt:spserver:8.4" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:3001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20243988001", + "Comment": "vault is earlier than 0:1.13.12-alt2" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-3988/objects.json b/oval/c9f2/ALT-PU-2024-3988/objects.json new file mode 100644 index 0000000000..f6083d635c --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-3988/objects.json @@ -0,0 +1,34 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:3001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20243988001", + "Version": "1", + "comment": "vault is installed", + "Name": "vault" + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-3988/states.json b/oval/c9f2/ALT-PU-2024-3988/states.json new file mode 100644 index 0000000000..501d807fc6 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-3988/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:3001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20243988001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.13.12-alt2", + "Arch": {}, + "Evr": { + "Text": "0:1.13.12-alt2", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-3988/tests.json b/oval/c9f2/ALT-PU-2024-3988/tests.json new file mode 100644 index 0000000000..6876cf2a13 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-3988/tests.json @@ -0,0 +1,30 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:3001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c9f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:3001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:3001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20243988001", + "Version": "1", + "Check": "all", + "Comment": "vault is earlier than 0:1.13.12-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243988001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243988001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-4030/definitions.json b/oval/c9f2/ALT-PU-2024-4030/definitions.json new file mode 100644 index 0000000000..565c8f6b48 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-4030/definitions.json @@ -0,0 +1,701 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20244030", + "Version": "oval:org.altlinux.errata:def:20244030", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-4030: package `MySQL` update to version 8.0.36-alt0.c9.1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c9f2" + ], + "Products": [ + "ALT SPWorkstation", + "ALT SPServer" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-4030", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-4030", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-00791", + "RefURL": "https://bdu.fstec.ru/vul/2024-00791", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-00792", + "RefURL": "https://bdu.fstec.ru/vul/2024-00792", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-00793", + "RefURL": "https://bdu.fstec.ru/vul/2024-00793", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-00794", + "RefURL": "https://bdu.fstec.ru/vul/2024-00794", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-00795", + "RefURL": "https://bdu.fstec.ru/vul/2024-00795", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-00796", + "RefURL": "https://bdu.fstec.ru/vul/2024-00796", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-00797", + "RefURL": "https://bdu.fstec.ru/vul/2024-00797", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-00798", + "RefURL": "https://bdu.fstec.ru/vul/2024-00798", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-00799", + "RefURL": "https://bdu.fstec.ru/vul/2024-00799", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-00800", + "RefURL": "https://bdu.fstec.ru/vul/2024-00800", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-01055", + "RefURL": "https://bdu.fstec.ru/vul/2024-01055", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-01056", + "RefURL": "https://bdu.fstec.ru/vul/2024-01056", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-01057", + "RefURL": "https://bdu.fstec.ru/vul/2024-01057", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-01058", + "RefURL": "https://bdu.fstec.ru/vul/2024-01058", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-01059", + "RefURL": "https://bdu.fstec.ru/vul/2024-01059", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-01060", + "RefURL": "https://bdu.fstec.ru/vul/2024-01060", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-01061", + "RefURL": "https://bdu.fstec.ru/vul/2024-01061", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-01068", + "RefURL": "https://bdu.fstec.ru/vul/2024-01068", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-01069", + "RefURL": "https://bdu.fstec.ru/vul/2024-01069", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-01070", + "RefURL": "https://bdu.fstec.ru/vul/2024-01070", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-01072", + "RefURL": "https://bdu.fstec.ru/vul/2024-01072", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-01073", + "RefURL": "https://bdu.fstec.ru/vul/2024-01073", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-20960", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20960", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20961", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20961", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20962", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20962", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20963", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20963", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20964", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20964", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20965", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20965", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20966", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20966", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20967", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20967", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20968", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20968", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20969", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20969", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20970", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20970", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20971", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20971", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20972", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20972", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20973", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20973", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20974", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20974", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20975", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20975", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20976", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20976", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20977", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20977", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20978", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20978", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20981", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20981", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20982", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20982", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20983", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20983", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20984", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20984", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-20985", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20985", + "Source": "CVE" + } + ], + "Description": "This update upgrades MySQL to version 8.0.36-alt0.c9.1. \nSecurity Fix(es):\n\n * BDU:2024-00791: Уязвимость компонента Server: RAPID системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-00792: Уязвимость компонента Server: Options системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-00793: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-00794: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-00795: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-00796: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-00797: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-00798: Уязвимость компонента Server: Security: Privileges системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-00799: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-00800: Уязвимость компонента Server : Security : Firewall системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-01055: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-01056: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-01057: Уязвимость компонента Server: DDL системы управления базами данных Oracle MySQL Server, позволяющая нарушителю получить несанкционированный доступ на чтение, изменение или удаление данных или вызвать отказ в обслуживании\n\n * BDU:2024-01058: Уязвимость компонента Server: Replication системы управления базами данных Oracle MySQL Server, позволяющая нарушителю получить несанкционированный доступ на чтение, изменение или удаление данных или вызвать отказ в обслуживании\n\n * BDU:2024-01059: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-01060: Уязвимость компонента Server: Security: Encryption системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-01061: Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-01068: Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-01069: Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-01070: Уязвимость компонента Server: UDF системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-01072: Уязвимость компонента Server: DML системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-01073: Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2024-20960: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20961: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20962: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20963: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20964: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20965: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20966: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20967: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).\n\n * CVE-2024-20968: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20969: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).\n\n * CVE-2024-20970: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20971: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20972: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20973: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20974: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20975: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20976: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20977: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20978: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20981: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20982: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20983: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20984: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * CVE-2024-20985: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-03-23" + }, + "Updated": { + "Date": "2024-03-23" + }, + "bdu": [ + { + "Cvss": "AV:N/AC:L/Au:S/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-00791", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-00791" + }, + { + "Cvss": "AV:N/AC:H/Au:M/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-00792", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-00792" + }, + { + "Cvss": "AV:N/AC:L/Au:M/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-00793", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-00793" + }, + { + "Cvss": "AV:N/AC:L/Au:M/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-00794", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-00794" + }, + { + "Cvss": "AV:N/AC:L/Au:M/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-00795", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-00795" + }, + { + "Cvss": "AV:N/AC:L/Au:M/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-00796", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-00796" + }, + { + "Cvss": "AV:N/AC:L/Au:S/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-00797", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-00797" + }, + { + "Cvss": "AV:N/AC:H/Au:S/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-00798", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-00798" + }, + { + "Cvss": "AV:N/AC:L/Au:M/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-00799", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-00799" + }, + { + "Cvss": "AV:N/AC:H/Au:M/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-00800", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-00800" + }, + { + "Cvss": "AV:N/AC:L/Au:S/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-01055", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-01055" + }, + { + "Cvss": "AV:N/AC:L/Au:M/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-01056", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-01056" + }, + { + "Cvss": "AV:N/AC:L/Au:M/C:N/I:P/A:C", + "Cvss3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", + "Cwe": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-01057", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-01057" + }, + { + "Cvss": "AV:N/AC:L/Au:M/C:N/I:P/A:C", + "Cvss3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", + "Cwe": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-01058", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-01058" + }, + { + "Cvss": "AV:N/AC:L/Au:M/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-01059", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-01059" + }, + { + "Cvss": "AV:N/AC:L/Au:M/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-01060", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-01060" + }, + { + "Cvss": "AV:N/AC:L/Au:M/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-01061", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-01061" + }, + { + "Cvss": "AV:N/AC:L/Au:S/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-404", + "Href": "https://bdu.fstec.ru/vul/2024-01068", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-01068" + }, + { + "Cvss": "AV:N/AC:L/Au:M/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-404", + "Href": "https://bdu.fstec.ru/vul/2024-01069", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-01069" + }, + { + "Cvss": "AV:N/AC:L/Au:M/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-404", + "Href": "https://bdu.fstec.ru/vul/2024-01070", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-01070" + }, + { + "Cvss": "AV:N/AC:L/Au:M/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-404", + "Href": "https://bdu.fstec.ru/vul/2024-01072", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-01072" + }, + { + "Cvss": "AV:N/AC:L/Au:S/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-404", + "Href": "https://bdu.fstec.ru/vul/2024-01073", + "Impact": "Low", + "Public": "20240116", + "CveID": "BDU:2024-01073" + } + ], + "Cves": [ + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20960", + "Impact": "Low", + "Public": "20240217", + "CveID": "CVE-2024-20960" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20961", + "Impact": "Low", + "Public": "20240116", + "CveID": "CVE-2024-20961" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20962", + "Impact": "Low", + "Public": "20240217", + "CveID": "CVE-2024-20962" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20963", + "Impact": "Low", + "Public": "20240116", + "CveID": "CVE-2024-20963" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20964", + "Impact": "Low", + "Public": "20240217", + "CveID": "CVE-2024-20964" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20965", + "Impact": "Low", + "Public": "20240116", + "CveID": "CVE-2024-20965" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20966", + "Impact": "Low", + "Public": "20240217", + "CveID": "CVE-2024-20966" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", + "Cwe": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20967", + "Impact": "Low", + "Public": "20240116", + "CveID": "CVE-2024-20967" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20968", + "Impact": "Low", + "Public": "20240217", + "CveID": "CVE-2024-20968" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", + "Cwe": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20969", + "Impact": "Low", + "Public": "20240116", + "CveID": "CVE-2024-20969" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20970", + "Impact": "Low", + "Public": "20240217", + "CveID": "CVE-2024-20970" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20971", + "Impact": "Low", + "Public": "20240116", + "CveID": "CVE-2024-20971" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20972", + "Impact": "Low", + "Public": "20240217", + "CveID": "CVE-2024-20972" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20973", + "Impact": "Low", + "Public": "20240116", + "CveID": "CVE-2024-20973" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20974", + "Impact": "Low", + "Public": "20240217", + "CveID": "CVE-2024-20974" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20975", + "Impact": "Low", + "Public": "20240116", + "CveID": "CVE-2024-20975" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20976", + "Impact": "Low", + "Public": "20240217", + "CveID": "CVE-2024-20976" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20977", + "Impact": "Low", + "Public": "20240116", + "CveID": "CVE-2024-20977" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20978", + "Impact": "Low", + "Public": "20240217", + "CveID": "CVE-2024-20978" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20981", + "Impact": "Low", + "Public": "20240116", + "CveID": "CVE-2024-20981" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20982", + "Impact": "Low", + "Public": "20240217", + "CveID": "CVE-2024-20982" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20983", + "Impact": "Low", + "Public": "20240116", + "CveID": "CVE-2024-20983" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20984", + "Impact": "Low", + "Public": "20240217", + "CveID": "CVE-2024-20984" + }, + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20985", + "Impact": "Low", + "Public": "20240116", + "CveID": "CVE-2024-20985" + } + ], + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:spworkstation:8.4", + "cpe:/o:alt:spserver:8.4" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:3001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20244030001", + "Comment": "MySQL-client is earlier than 0:8.0.36-alt0.c9.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20244030002", + "Comment": "MySQL-server is earlier than 0:8.0.36-alt0.c9.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20244030003", + "Comment": "MySQL-server-perl is earlier than 0:8.0.36-alt0.c9.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20244030004", + "Comment": "libmysqlclient21 is earlier than 0:8.0.36-alt0.c9.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20244030005", + "Comment": "libmysqlclient21-devel is earlier than 0:8.0.36-alt0.c9.1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-4030/objects.json b/oval/c9f2/ALT-PU-2024-4030/objects.json new file mode 100644 index 0000000000..ded6e80144 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-4030/objects.json @@ -0,0 +1,58 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:3001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20244030001", + "Version": "1", + "comment": "MySQL-client is installed", + "Name": "MySQL-client" + }, + { + "ID": "oval:org.altlinux.errata:obj:20244030002", + "Version": "1", + "comment": "MySQL-server is installed", + "Name": "MySQL-server" + }, + { + "ID": "oval:org.altlinux.errata:obj:20244030003", + "Version": "1", + "comment": "MySQL-server-perl is installed", + "Name": "MySQL-server-perl" + }, + { + "ID": "oval:org.altlinux.errata:obj:20244030004", + "Version": "1", + "comment": "libmysqlclient21 is installed", + "Name": "libmysqlclient21" + }, + { + "ID": "oval:org.altlinux.errata:obj:20244030005", + "Version": "1", + "comment": "libmysqlclient21-devel is installed", + "Name": "libmysqlclient21-devel" + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-4030/states.json b/oval/c9f2/ALT-PU-2024-4030/states.json new file mode 100644 index 0000000000..adb48e918a --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-4030/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:3001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20244030001", + "Version": "1", + "Comment": "package EVR is earlier than 0:8.0.36-alt0.c9.1", + "Arch": {}, + "Evr": { + "Text": "0:8.0.36-alt0.c9.1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-4030/tests.json b/oval/c9f2/ALT-PU-2024-4030/tests.json new file mode 100644 index 0000000000..4bc98cd647 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-4030/tests.json @@ -0,0 +1,78 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:3001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c9f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:3001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:3001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20244030001", + "Version": "1", + "Check": "all", + "Comment": "MySQL-client is earlier than 0:8.0.36-alt0.c9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244030001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244030001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20244030002", + "Version": "1", + "Check": "all", + "Comment": "MySQL-server is earlier than 0:8.0.36-alt0.c9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244030002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244030001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20244030003", + "Version": "1", + "Check": "all", + "Comment": "MySQL-server-perl is earlier than 0:8.0.36-alt0.c9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244030003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244030001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20244030004", + "Version": "1", + "Check": "all", + "Comment": "libmysqlclient21 is earlier than 0:8.0.36-alt0.c9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244030004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244030001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20244030005", + "Version": "1", + "Check": "all", + "Comment": "libmysqlclient21-devel is earlier than 0:8.0.36-alt0.c9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244030005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244030001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-4039/definitions.json b/oval/c9f2/ALT-PU-2024-4039/definitions.json new file mode 100644 index 0000000000..adf96e6bea --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-4039/definitions.json @@ -0,0 +1,108 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20244039", + "Version": "oval:org.altlinux.errata:def:20244039", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-4039: package `libssh2` update to version 1.11.0-alt2", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c9f2" + ], + "Products": [ + "ALT SPWorkstation", + "ALT SPServer" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-4039", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-4039", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2023-08853", + "RefURL": "https://bdu.fstec.ru/vul/2023-08853", + "Source": "BDU" + }, + { + "RefID": "CVE-2023-48795", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", + "Source": "CVE" + } + ], + "Description": "This update upgrades libssh2 to version 1.11.0-alt2. \nSecurity Fix(es):\n\n * BDU:2023-08853: Уязвимость реализации протокола SSH, связанная с возможностью откорректировать порядковые номера пакетов в процессе согласования соединения и добиться удаления произвольного числа служебных SSH-сообщений, позволяющая нарушителю обойти проверки целостности, отключить существующие функции безопасности, получить несанкционированный доступ к защищаемой информации\n\n * CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-03-23" + }, + "Updated": { + "Date": "2024-03-23" + }, + "bdu": [ + { + "Cvss": "AV:N/AC:H/Au:N/C:C/I:C/A:N", + "Cvss3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "Cwe": "CWE-222", + "Href": "https://bdu.fstec.ru/vul/2023-08853", + "Impact": "High", + "Public": "20231218", + "CveID": "BDU:2023-08853" + } + ], + "Cves": [ + { + "Cvss3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "Cwe": "CWE-354", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", + "Impact": "Low", + "Public": "20231218", + "CveID": "CVE-2023-48795" + } + ], + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:spworkstation:8.4", + "cpe:/o:alt:spserver:8.4" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:3001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20244039001", + "Comment": "libssh2 is earlier than 0:1.11.0-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20244039002", + "Comment": "libssh2-devel is earlier than 0:1.11.0-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20244039003", + "Comment": "libssh2-docs is earlier than 0:1.11.0-alt2" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-4039/objects.json b/oval/c9f2/ALT-PU-2024-4039/objects.json new file mode 100644 index 0000000000..a771bff4df --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-4039/objects.json @@ -0,0 +1,46 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:3001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20244039001", + "Version": "1", + "comment": "libssh2 is installed", + "Name": "libssh2" + }, + { + "ID": "oval:org.altlinux.errata:obj:20244039002", + "Version": "1", + "comment": "libssh2-devel is installed", + "Name": "libssh2-devel" + }, + { + "ID": "oval:org.altlinux.errata:obj:20244039003", + "Version": "1", + "comment": "libssh2-docs is installed", + "Name": "libssh2-docs" + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-4039/states.json b/oval/c9f2/ALT-PU-2024-4039/states.json new file mode 100644 index 0000000000..54100ef58a --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-4039/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:3001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20244039001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.11.0-alt2", + "Arch": {}, + "Evr": { + "Text": "0:1.11.0-alt2", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-4039/tests.json b/oval/c9f2/ALT-PU-2024-4039/tests.json new file mode 100644 index 0000000000..aa825c7bb2 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-4039/tests.json @@ -0,0 +1,54 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:3001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c9f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:3001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:3001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20244039001", + "Version": "1", + "Check": "all", + "Comment": "libssh2 is earlier than 0:1.11.0-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244039001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244039001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20244039002", + "Version": "1", + "Check": "all", + "Comment": "libssh2-devel is earlier than 0:1.11.0-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244039002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244039001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20244039003", + "Version": "1", + "Check": "all", + "Comment": "libssh2-docs is earlier than 0:1.11.0-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244039003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244039001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-4059/definitions.json b/oval/c9f2/ALT-PU-2024-4059/definitions.json new file mode 100644 index 0000000000..afce19cee6 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-4059/definitions.json @@ -0,0 +1,160 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20244059", + "Version": "oval:org.altlinux.errata:def:20244059", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-4059: package `cyrus-sasl2` update to version 2.1.28-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c9f2" + ], + "Products": [ + "ALT SPWorkstation", + "ALT SPServer" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-4059", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-4059", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2020-01461", + "RefURL": "https://bdu.fstec.ru/vul/2020-01461", + "Source": "BDU" + }, + { + "RefID": "BDU:2022-01443", + "RefURL": "https://bdu.fstec.ru/vul/2022-01443", + "Source": "BDU" + }, + { + "RefID": "CVE-2019-19906", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19906", + "Source": "CVE" + }, + { + "RefID": "CVE-2022-24407", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-24407", + "Source": "CVE" + } + ], + "Description": "This update upgrades cyrus-sasl2 to version 2.1.28-alt1. \nSecurity Fix(es):\n\n * BDU:2020-01461: Уязвимость метода аунтефикации пользователей Cyrus SASL, связанная с записью за границами буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01443: Уязвимость реализации механизма аутентификации Cyrus SASL, связанная с непринятием мер по защите структуры SQL-запроса, позволяющая нарушителю выполнить произвольный SQL-запрос\n\n * CVE-2019-19906: cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.\n\n * CVE-2022-24407: In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.\n\n * #49511: При подготовке к Usrmerge сломался sssd", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Critical", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-03-23" + }, + "Updated": { + "Date": "2024-03-23" + }, + "bdu": [ + { + "Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-787", + "Href": "https://bdu.fstec.ru/vul/2020-01461", + "Impact": "High", + "Public": "20191125", + "CveID": "BDU:2020-01461" + }, + { + "Cvss": "AV:N/AC:L/Au:N/C:C/I:C/A:N", + "Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "Cwe": "CWE-89", + "Href": "https://bdu.fstec.ru/vul/2022-01443", + "Impact": "Critical", + "Public": "20220302", + "CveID": "BDU:2022-01443" + } + ], + "Cves": [ + { + "Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-787", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19906", + "Impact": "High", + "Public": "20191219", + "CveID": "CVE-2019-19906" + }, + { + "Cvss": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "Cwe": "CWE-89", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-24407", + "Impact": "High", + "Public": "20220224", + "CveID": "CVE-2022-24407" + } + ], + "Bugzilla": [ + { + "Id": "49511", + "Href": "https://bugzilla.altlinux.org/49511", + "Data": "При подготовке к Usrmerge сломался sssd" + } + ], + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:spworkstation:8.4", + "cpe:/o:alt:spserver:8.4" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:3001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20244059001", + "Comment": "cyrus-sasl2 is earlier than 0:2.1.28-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20244059002", + "Comment": "cyrus-sasl2-docs is earlier than 0:2.1.28-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20244059003", + "Comment": "libsasl2-3 is earlier than 0:2.1.28-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20244059004", + "Comment": "libsasl2-devel is earlier than 0:2.1.28-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20244059005", + "Comment": "libsasl2-plugin-gssapi is earlier than 0:2.1.28-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20244059006", + "Comment": "libsasl2-plugin-ldapdb is earlier than 0:2.1.28-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20244059007", + "Comment": "libsasl2-plugin-sql is earlier than 0:2.1.28-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-4059/objects.json b/oval/c9f2/ALT-PU-2024-4059/objects.json new file mode 100644 index 0000000000..a67eeafeba --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-4059/objects.json @@ -0,0 +1,70 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:3001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20244059001", + "Version": "1", + "comment": "cyrus-sasl2 is installed", + "Name": "cyrus-sasl2" + }, + { + "ID": "oval:org.altlinux.errata:obj:20244059002", + "Version": "1", + "comment": "cyrus-sasl2-docs is installed", + "Name": "cyrus-sasl2-docs" + }, + { + "ID": "oval:org.altlinux.errata:obj:20244059003", + "Version": "1", + "comment": "libsasl2-3 is installed", + "Name": "libsasl2-3" + }, + { + "ID": "oval:org.altlinux.errata:obj:20244059004", + "Version": "1", + "comment": "libsasl2-devel is installed", + "Name": "libsasl2-devel" + }, + { + "ID": "oval:org.altlinux.errata:obj:20244059005", + "Version": "1", + "comment": "libsasl2-plugin-gssapi is installed", + "Name": "libsasl2-plugin-gssapi" + }, + { + "ID": "oval:org.altlinux.errata:obj:20244059006", + "Version": "1", + "comment": "libsasl2-plugin-ldapdb is installed", + "Name": "libsasl2-plugin-ldapdb" + }, + { + "ID": "oval:org.altlinux.errata:obj:20244059007", + "Version": "1", + "comment": "libsasl2-plugin-sql is installed", + "Name": "libsasl2-plugin-sql" + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-4059/states.json b/oval/c9f2/ALT-PU-2024-4059/states.json new file mode 100644 index 0000000000..82221bfc46 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-4059/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:3001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20244059001", + "Version": "1", + "Comment": "package EVR is earlier than 0:2.1.28-alt1", + "Arch": {}, + "Evr": { + "Text": "0:2.1.28-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-4059/tests.json b/oval/c9f2/ALT-PU-2024-4059/tests.json new file mode 100644 index 0000000000..58a1c8744f --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-4059/tests.json @@ -0,0 +1,102 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:3001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c9f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:3001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:3001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20244059001", + "Version": "1", + "Check": "all", + "Comment": "cyrus-sasl2 is earlier than 0:2.1.28-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244059001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244059001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20244059002", + "Version": "1", + "Check": "all", + "Comment": "cyrus-sasl2-docs is earlier than 0:2.1.28-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244059002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244059001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20244059003", + "Version": "1", + "Check": "all", + "Comment": "libsasl2-3 is earlier than 0:2.1.28-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244059003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244059001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20244059004", + "Version": "1", + "Check": "all", + "Comment": "libsasl2-devel is earlier than 0:2.1.28-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244059004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244059001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20244059005", + "Version": "1", + "Check": "all", + "Comment": "libsasl2-plugin-gssapi is earlier than 0:2.1.28-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244059005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244059001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20244059006", + "Version": "1", + "Check": "all", + "Comment": "libsasl2-plugin-ldapdb is earlier than 0:2.1.28-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244059006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244059001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20244059007", + "Version": "1", + "Check": "all", + "Comment": "libsasl2-plugin-sql is earlier than 0:2.1.28-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20244059007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20244059001" + } + } + ] +} \ No newline at end of file