pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-05-23 15:02:26 +00:00
parent f2223a000f
commit 6920eafded
24 changed files with 1639 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

185
oval/c10f1/ALT-PU-2024-7762/definitions.json Normal file
View File

@ -0,0 +1,185 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20247762",
"Version": "oval:org.altlinux.errata:def:20247762",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-7762: package `ghostscript` update to version 10.01.1-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-7762",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-7762",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-00147",
"RefURL": "https://bdu.fstec.ru/vul/2022-00147",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02055",
"RefURL": "https://bdu.fstec.ru/vul/2023-02055",
"Source": "BDU"
},
{
"RefID": "CVE-2021-3781",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3781",
"Source": "CVE"
},
{
"RefID": "CVE-2021-45949",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-45949",
"Source": "CVE"
},
{
"RefID": "CVE-2023-28879",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-28879",
"Source": "CVE"
}
],
"Description": "This update upgrades ghostscript to version 10.01.1-alt2. \nSecurity Fix(es):\n\n * BDU:2022-00147: Уязвимость реализации функции sampled_data_finish() набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-02055: Уязвимость набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2021-3781: A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\n\n * CVE-2021-45949: Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).\n\n * CVE-2023-28879: In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.\n\n * #46986: Артефакты генерации postscript, отсутствие текста на тестовой странице CUPS",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-05-23"
},
"Updated": {
"Date": "2024-05-23"
},
"BDUs": [
{
"ID": "BDU:2022-00147",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-00147",
"Impact": "Low",
"Public": "20210526"
},
{
"ID": "BDU:2023-02055",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2023-02055",
"Impact": "Critical",
"Public": "20230331"
}
],
"CVEs": [
{
"ID": "CVE-2021-3781",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CWE": "CWE-78",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3781",
"Impact": "Critical",
"Public": "20220216"
},
{
"ID": "CVE-2021-45949",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-45949",
"Impact": "Low",
"Public": "20220101"
},
{
"ID": "CVE-2023-28879",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-28879",
"Impact": "Critical",
"Public": "20230331"
}
],
"Bugzilla": [
{
"ID": "46986",
"Href": "https://bugzilla.altlinux.org/46986",
"Data": "Артефакты генерации postscript, отсутствие текста на тестовой странице CUPS"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20247762001",
"Comment": "ghostscript is earlier than 0:10.01.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20247762002",
"Comment": "ghostscript-classic is earlier than 0:10.01.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20247762003",
"Comment": "ghostscript-common is earlier than 0:10.01.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20247762004",
"Comment": "ghostscript-gtk is earlier than 0:10.01.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20247762005",
"Comment": "ghostscript-module-X is earlier than 0:10.01.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20247762006",
"Comment": "ghostscript-utils is earlier than 0:10.01.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20247762007",
"Comment": "libgs is earlier than 0:10.01.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20247762008",
"Comment": "libgs-devel is earlier than 0:10.01.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20247762009",
"Comment": "libijs is earlier than 0:0.35_10.01.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20247762010",
"Comment": "libijs-devel is earlier than 0:10.01.1-alt2"
}
]
}
]
}
}
]
}

88
oval/c10f1/ALT-PU-2024-7762/objects.json Normal file
View File

@ -0,0 +1,88 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20247762001",
"Version": "1",
"Comment": "ghostscript is installed",
"Name": "ghostscript"
},
{
"ID": "oval:org.altlinux.errata:obj:20247762002",
"Version": "1",
"Comment": "ghostscript-classic is installed",
"Name": "ghostscript-classic"
},
{
"ID": "oval:org.altlinux.errata:obj:20247762003",
"Version": "1",
"Comment": "ghostscript-common is installed",
"Name": "ghostscript-common"
},
{
"ID": "oval:org.altlinux.errata:obj:20247762004",
"Version": "1",
"Comment": "ghostscript-gtk is installed",
"Name": "ghostscript-gtk"
},
{
"ID": "oval:org.altlinux.errata:obj:20247762005",
"Version": "1",
"Comment": "ghostscript-module-X is installed",
"Name": "ghostscript-module-X"
},
{
"ID": "oval:org.altlinux.errata:obj:20247762006",
"Version": "1",
"Comment": "ghostscript-utils is installed",
"Name": "ghostscript-utils"
},
{
"ID": "oval:org.altlinux.errata:obj:20247762007",
"Version": "1",
"Comment": "libgs is installed",
"Name": "libgs"
},
{
"ID": "oval:org.altlinux.errata:obj:20247762008",
"Version": "1",
"Comment": "libgs-devel is installed",
"Name": "libgs-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20247762009",
"Version": "1",
"Comment": "libijs is installed",
"Name": "libijs"
},
{
"ID": "oval:org.altlinux.errata:obj:20247762010",
"Version": "1",
"Comment": "libijs-devel is installed",
"Name": "libijs-devel"
}
]
}

35
oval/c10f1/ALT-PU-2024-7762/states.json Normal file
View File

@ -0,0 +1,35 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20247762001",
"Version": "1",
"Comment": "package EVR is earlier than 0:10.01.1-alt2",
"Arch": {},
"EVR": {
"Text": "0:10.01.1-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
},
{
"ID": "oval:org.altlinux.errata:ste:20247762002",
"Version": "1",
"Comment": "package EVR is earlier than 0:0.35_10.01.1-alt2",
"Arch": {},
"EVR": {
"Text": "0:0.35_10.01.1-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

138
oval/c10f1/ALT-PU-2024-7762/tests.json Normal file
View File

@ -0,0 +1,138 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20247762001",
"Version": "1",
"Check": "all",
"Comment": "ghostscript is earlier than 0:10.01.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20247762001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20247762001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20247762002",
"Version": "1",
"Check": "all",
"Comment": "ghostscript-classic is earlier than 0:10.01.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20247762002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20247762001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20247762003",
"Version": "1",
"Check": "all",
"Comment": "ghostscript-common is earlier than 0:10.01.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20247762003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20247762001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20247762004",
"Version": "1",
"Check": "all",
"Comment": "ghostscript-gtk is earlier than 0:10.01.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20247762004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20247762001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20247762005",
"Version": "1",
"Check": "all",
"Comment": "ghostscript-module-X is earlier than 0:10.01.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20247762005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20247762001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20247762006",
"Version": "1",
"Check": "all",
"Comment": "ghostscript-utils is earlier than 0:10.01.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20247762006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20247762001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20247762007",
"Version": "1",
"Check": "all",
"Comment": "libgs is earlier than 0:10.01.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20247762007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20247762001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20247762008",
"Version": "1",
"Check": "all",
"Comment": "libgs-devel is earlier than 0:10.01.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20247762008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20247762001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20247762009",
"Version": "1",
"Check": "all",
"Comment": "libijs is earlier than 0:0.35_10.01.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20247762009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20247762002"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20247762010",
"Version": "1",
"Check": "all",
"Comment": "libijs-devel is earlier than 0:10.01.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20247762010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20247762001"
}
}
]
}

102
oval/c10f2/ALT-PU-2024-8121/definitions.json Normal file
View File

@ -0,0 +1,102 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20248121",
"Version": "oval:org.altlinux.errata:def:20248121",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-8121: package `mongo4.4` update to version 4.4.29-alt0.c10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-8121",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-8121",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-01947",
"RefURL": "https://bdu.fstec.ru/vul/2024-01947",
"Source": "BDU"
},
{
"RefID": "CVE-2024-1351",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-1351",
"Source": "CVE"
}
],
"Description": "This update upgrades mongo4.4 to version 4.4.29-alt0.c10.1. \nSecurity Fix(es):\n\n * BDU:2024-01947: Уязвимость системы управления базами данных MongoDB, связанная с ошибками процедуры подтверждения подлинности TLS сертификата, позволяющая нарушителю устанавить несанкционированное соединение к серверу MongoDB\n\n * CVE-2024-1351: Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28.\n\nRequired Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.\n\n",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-05-23"
},
"Updated": {
"Date": "2024-05-23"
},
"BDUs": [
{
"ID": "BDU:2024-01947",
"CVSS": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2024-01947",
"Impact": "High",
"Public": "20240307"
}
],
"CVEs": [
{
"ID": "CVE-2024-1351",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-1351",
"Impact": "None",
"Public": "20240307"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20248121001",
"Comment": "mongo4.4 is earlier than 0:4.4.29-alt0.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248121002",
"Comment": "mongo4.4-server-mongod is earlier than 0:4.4.29-alt0.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248121003",
"Comment": "mongo4.4-server-mongos is earlier than 0:4.4.29-alt0.c10.1"
}
]
}
]
}
}
]
}

46
oval/c10f2/ALT-PU-2024-8121/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20248121001",
"Version": "1",
"Comment": "mongo4.4 is installed",
"Name": "mongo4.4"
},
{
"ID": "oval:org.altlinux.errata:obj:20248121002",
"Version": "1",
"Comment": "mongo4.4-server-mongod is installed",
"Name": "mongo4.4-server-mongod"
},
{
"ID": "oval:org.altlinux.errata:obj:20248121003",
"Version": "1",
"Comment": "mongo4.4-server-mongos is installed",
"Name": "mongo4.4-server-mongos"
}
]
}

23
oval/c10f2/ALT-PU-2024-8121/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20248121001",
"Version": "1",
"Comment": "package EVR is earlier than 0:4.4.29-alt0.c10.1",
"Arch": {},
"EVR": {
"Text": "0:4.4.29-alt0.c10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/c10f2/ALT-PU-2024-8121/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20248121001",
"Version": "1",
"Check": "all",
"Comment": "mongo4.4 is earlier than 0:4.4.29-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20248121001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20248121001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20248121002",
"Version": "1",
"Check": "all",
"Comment": "mongo4.4-server-mongod is earlier than 0:4.4.29-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20248121002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20248121001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20248121003",
"Version": "1",
"Check": "all",
"Comment": "mongo4.4-server-mongos is earlier than 0:4.4.29-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20248121003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20248121001"
}
}
]
}

124
oval/c10f2/ALT-PU-2024-8129/definitions.json Normal file
View File

@ -0,0 +1,124 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20248129",
"Version": "oval:org.altlinux.errata:def:20248129",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-8129: package `mongo5.0` update to version 5.0.25-alt0.c10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-8129",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-8129",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-01947",
"RefURL": "https://bdu.fstec.ru/vul/2024-01947",
"Source": "BDU"
},
{
"RefID": "CVE-2024-1351",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-1351",
"Source": "CVE"
},
{
"RefID": "CVE-2024-3372",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3372",
"Source": "CVE"
},
{
"RefID": "CVE-2024-3374",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3374",
"Source": "CVE"
}
],
"Description": "This update upgrades mongo5.0 to version 5.0.25-alt0.c10.1. \nSecurity Fix(es):\n\n * BDU:2024-01947: Уязвимость системы управления базами данных MongoDB, связанная с ошибками процедуры подтверждения подлинности TLS сертификата, позволяющая нарушителю устанавить несанкционированное соединение к серверу MongoDB\n\n * CVE-2024-1351: Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28.\n\nRequired Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.\n\n\n\n * CVE-2024-3372: Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.\n\n\n * CVE-2024-3374: An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.\n",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-05-23"
},
"Updated": {
"Date": "2024-05-23"
},
"BDUs": [
{
"ID": "BDU:2024-01947",
"CVSS": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2024-01947",
"Impact": "High",
"Public": "20240307"
}
],
"CVEs": [
{
"ID": "CVE-2024-1351",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-1351",
"Impact": "None",
"Public": "20240307"
},
{
"ID": "CVE-2024-3372",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3372",
"Impact": "None",
"Public": "20240514"
},
{
"ID": "CVE-2024-3374",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3374",
"Impact": "None",
"Public": "20240514"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20248129001",
"Comment": "mongo5.0 is earlier than 0:5.0.25-alt0.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248129002",
"Comment": "mongo5.0-server-mongod is earlier than 0:5.0.25-alt0.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248129003",
"Comment": "mongo5.0-server-mongos is earlier than 0:5.0.25-alt0.c10.1"
}
]
}
]
}
}
]
}

46
oval/c10f2/ALT-PU-2024-8129/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20248129001",
"Version": "1",
"Comment": "mongo5.0 is installed",
"Name": "mongo5.0"
},
{
"ID": "oval:org.altlinux.errata:obj:20248129002",
"Version": "1",
"Comment": "mongo5.0-server-mongod is installed",
"Name": "mongo5.0-server-mongod"
},
{
"ID": "oval:org.altlinux.errata:obj:20248129003",
"Version": "1",
"Comment": "mongo5.0-server-mongos is installed",
"Name": "mongo5.0-server-mongos"
}
]
}

23
oval/c10f2/ALT-PU-2024-8129/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20248129001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.0.25-alt0.c10.1",
"Arch": {},
"EVR": {
"Text": "0:5.0.25-alt0.c10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/c10f2/ALT-PU-2024-8129/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20248129001",
"Version": "1",
"Check": "all",
"Comment": "mongo5.0 is earlier than 0:5.0.25-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20248129001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20248129001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20248129002",
"Version": "1",
"Check": "all",
"Comment": "mongo5.0-server-mongod is earlier than 0:5.0.25-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20248129002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20248129001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20248129003",
"Version": "1",
"Check": "all",
"Comment": "mongo5.0-server-mongos is earlier than 0:5.0.25-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20248129003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20248129001"
}
}
]
}

120
oval/c10f2/ALT-PU-2024-8182/definitions.json Normal file
View File

@ -0,0 +1,120 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20248182",
"Version": "oval:org.altlinux.errata:def:20248182",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-8182: package `mongo6.0` update to version 6.0.14-alt0.c10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-8182",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-8182",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-01947",
"RefURL": "https://bdu.fstec.ru/vul/2024-01947",
"Source": "BDU"
},
{
"RefID": "CVE-2024-1351",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-1351",
"Source": "CVE"
},
{
"RefID": "CVE-2024-3372",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3372",
"Source": "CVE"
},
{
"RefID": "CVE-2024-3374",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3374",
"Source": "CVE"
}
],
"Description": "This update upgrades mongo6.0 to version 6.0.14-alt0.c10.1. \nSecurity Fix(es):\n\n * BDU:2024-01947: Уязвимость системы управления базами данных MongoDB, связанная с ошибками процедуры подтверждения подлинности TLS сертификата, позволяющая нарушителю устанавить несанкционированное соединение к серверу MongoDB\n\n * CVE-2024-1351: Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28.\n\nRequired Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.\n\n\n\n * CVE-2024-3372: Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.\n\n\n * CVE-2024-3374: An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.\n",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-05-23"
},
"Updated": {
"Date": "2024-05-23"
},
"BDUs": [
{
"ID": "BDU:2024-01947",
"CVSS": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2024-01947",
"Impact": "High",
"Public": "20240307"
}
],
"CVEs": [
{
"ID": "CVE-2024-1351",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-1351",
"Impact": "None",
"Public": "20240307"
},
{
"ID": "CVE-2024-3372",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3372",
"Impact": "None",
"Public": "20240514"
},
{
"ID": "CVE-2024-3374",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3374",
"Impact": "None",
"Public": "20240514"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20248182001",
"Comment": "mongo6.0-server-mongod is earlier than 0:6.0.14-alt0.c10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248182002",
"Comment": "mongo6.0-server-mongos is earlier than 0:6.0.14-alt0.c10.1"
}
]
}
]
}
}
]
}

40
oval/c10f2/ALT-PU-2024-8182/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20248182001",
"Version": "1",
"Comment": "mongo6.0-server-mongod is installed",
"Name": "mongo6.0-server-mongod"
},
{
"ID": "oval:org.altlinux.errata:obj:20248182002",
"Version": "1",
"Comment": "mongo6.0-server-mongos is installed",
"Name": "mongo6.0-server-mongos"
}
]
}

23
oval/c10f2/ALT-PU-2024-8182/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20248182001",
"Version": "1",
"Comment": "package EVR is earlier than 0:6.0.14-alt0.c10.1",
"Arch": {},
"EVR": {
"Text": "0:6.0.14-alt0.c10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/c10f2/ALT-PU-2024-8182/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20248182001",
"Version": "1",
"Check": "all",
"Comment": "mongo6.0-server-mongod is earlier than 0:6.0.14-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20248182001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20248182001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20248182002",
"Version": "1",
"Check": "all",
"Comment": "mongo6.0-server-mongos is earlier than 0:6.0.14-alt0.c10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20248182002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20248182001"
}
}
]
}

157
oval/c9f2/ALT-PU-2024-8133/definitions.json Normal file
View File

@ -0,0 +1,157 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20248133",
"Version": "oval:org.altlinux.errata:def:20248133",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-8133: package `suricata` update to version 6.0.10-alt0.c9f2.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-8133",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-8133",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-01686",
"RefURL": "https://bdu.fstec.ru/vul/2022-01686",
"Source": "BDU"
},
{
"RefID": "BDU:2023-06804",
"RefURL": "https://bdu.fstec.ru/vul/2023-06804",
"Source": "BDU"
},
{
"RefID": "BDU:2023-06805",
"RefURL": "https://bdu.fstec.ru/vul/2023-06805",
"Source": "BDU"
},
{
"RefID": "CVE-2021-35063",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-35063",
"Source": "CVE"
},
{
"RefID": "CVE-2021-37592",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37592",
"Source": "CVE"
},
{
"RefID": "CVE-2021-45098",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-45098",
"Source": "CVE"
}
],
"Description": "This update upgrades suricata to version 6.0.10-alt0.c9f2.1. \nSecurity Fix(es):\n\n * BDU:2022-01686: Уязвимость системы обнаружения и предотвращения вторжений Suricata, связанная с недостатками разграничения доступа, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-06804: Уязвимость системы обнаружения и предотвращения вторжений Suricata, связанная с недостаточной проверкой хэш-функции, позволяющая нарушителю реализовать атаку TCP Reset\n\n * BDU:2023-06805: Уязвимость системы обнаружения и предотвращения вторжений Suricata, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю обойти ограничения безопасности и реализовать атаку TCP Reset\n\n * CVE-2021-35063: Suricata before 5.0.7 and 6.x before 6.0.3 has a \"critical evasion.\"\n\n * CVE-2021-37592: Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.\n\n * CVE-2021-45098: An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client's request. These packets will not trigger a Suricata reject action.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-05-23"
},
"Updated": {
"Date": "2024-05-23"
},
"BDUs": [
{
"ID": "BDU:2022-01686",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2022-01686",
"Impact": "High",
"Public": "20210630"
},
{
"ID": "BDU:2023-06804",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-284, CWE-327",
"Href": "https://bdu.fstec.ru/vul/2023-06804",
"Impact": "High",
"Public": "20210926"
},
{
"ID": "BDU:2023-06805",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-121, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2023-06805",
"Impact": "Critical",
"Public": "20210727"
}
],
"CVEs": [
{
"ID": "CVE-2021-35063",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-35063",
"Impact": "High",
"Public": "20210722"
},
{
"ID": "CVE-2021-37592",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37592",
"Impact": "Critical",
"Public": "20211119"
},
{
"ID": "CVE-2021-45098",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-45098",
"Impact": "High",
"Public": "20211216"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20248133001",
"Comment": "suricata is earlier than 0:6.0.10-alt0.c9f2.1"
}
]
}
]
}
}
]
}

34
oval/c9f2/ALT-PU-2024-8133/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20248133001",
"Version": "1",
"Comment": "suricata is installed",
"Name": "suricata"
}
]
}

23
oval/c9f2/ALT-PU-2024-8133/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20248133001",
"Version": "1",
"Comment": "package EVR is earlier than 0:6.0.10-alt0.c9f2.1",
"Arch": {},
"EVR": {
"Text": "0:6.0.10-alt0.c9f2.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c9f2/ALT-PU-2024-8133/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20248133001",
"Version": "1",
"Check": "all",
"Comment": "suricata is earlier than 0:6.0.10-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20248133001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20248133001"
}
}
]
}

111
oval/p9/ALT-PU-2024-8131/definitions.json Normal file
View File

@ -0,0 +1,111 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20248131",
"Version": "oval:org.altlinux.errata:def:20248131",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-8131: package `unbound` update to version 1.20.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-8131",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-8131",
"Source": "ALTPU"
},
{
"RefID": "CVE-2024-33655",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-33655",
"Source": "CVE"
}
],
"Description": "This update upgrades unbound to version 1.20.0-alt1. \nSecurity Fix(es):\n\n * CVE-2024-33655: description unavailable",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-05-23"
},
"Updated": {
"Date": "2024-05-23"
},
"BDUs": null,
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20248131001",
"Comment": "libunbound is earlier than 0:1.20.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248131002",
"Comment": "libunbound-devel is earlier than 0:1.20.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248131003",
"Comment": "unbound is earlier than 0:1.20.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20248131004",
"Comment": "unbound-control is earlier than 0:1.20.0-alt1"
}
]
}
]
}
}
]
}

52
oval/p9/ALT-PU-2024-8131/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:1001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20248131001",
"Version": "1",
"Comment": "libunbound is installed",
"Name": "libunbound"
},
{
"ID": "oval:org.altlinux.errata:obj:20248131002",
"Version": "1",
"Comment": "libunbound-devel is installed",
"Name": "libunbound-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20248131003",
"Version": "1",
"Comment": "unbound is installed",
"Name": "unbound"
},
{
"ID": "oval:org.altlinux.errata:obj:20248131004",
"Version": "1",
"Comment": "unbound-control is installed",
"Name": "unbound-control"
}
]
}

23
oval/p9/ALT-PU-2024-8131/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:1001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20248131001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.20.0-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.20.0-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/p9/ALT-PU-2024-8131/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:1001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p9' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:1001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:1001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20248131001",
"Version": "1",
"Check": "all",
"Comment": "libunbound is earlier than 0:1.20.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20248131001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20248131001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20248131002",
"Version": "1",
"Check": "all",
"Comment": "libunbound-devel is earlier than 0:1.20.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20248131002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20248131001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20248131003",
"Version": "1",
"Check": "all",
"Comment": "unbound is earlier than 0:1.20.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20248131003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20248131001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20248131004",
"Version": "1",
"Check": "all",
"Comment": "unbound-control is earlier than 0:1.20.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20248131004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20248131001"
}
}
]
}