pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-08-29 03:05:13 +00:00
parent f06750514d
commit 715a67cf8d
32 changed files with 4987 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
oval/c10f1/ALT-PU-2024-11176/definitions.json Normal file
View File

@ -0,0 +1,116 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202411176",
"Version": "oval:org.altlinux.errata:def:202411176",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-11176: package `libgcrypt` update to version 1.10.2-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-11176",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-11176",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-00593",
"RefURL": "https://bdu.fstec.ru/vul/2022-00593",
"Source": "BDU"
},
{
"RefID": "CVE-2021-40528",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-40528",
"Source": "CVE"
}
],
"Description": "This update upgrades libgcrypt to version 1.10.2-alt2. \nSecurity Fix(es):\n\n * BDU:2022-00593: Уязвимость криптографической библиотеки Libgcrypt, связанная с использованием слабых криптографических алгоритмов, позволяющая нарушителю получить доступ к конфиденциальной информации\n\n * CVE-2021-40528: The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.\n\n * #47806: Прошу исправить версию",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-08-28"
},
"Updated": {
"Date": "2024-08-28"
},
"BDUs": [
{
"ID": "BDU:2022-00593",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-327",
"Href": "https://bdu.fstec.ru/vul/2022-00593",
"Impact": "Low",
"Public": "20210917"
}
],
"CVEs": [
{
"ID": "CVE-2021-40528",
"CVSS": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-327",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-40528",
"Impact": "Low",
"Public": "20210906"
}
],
"Bugzilla": [
{
"ID": "47806",
"Href": "https://bugzilla.altlinux.org/47806",
"Data": "Прошу исправить версию"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202411176001",
"Comment": "gcrypt-utils is earlier than 0:1.10.2-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411176002",
"Comment": "libgcrypt-devel is earlier than 0:1.10.2-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411176003",
"Comment": "libgcrypt20 is earlier than 0:1.10.2-alt2"
}
]
}
]
}
}
]
}

46
oval/c10f1/ALT-PU-2024-11176/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202411176001",
"Version": "1",
"Comment": "gcrypt-utils is installed",
"Name": "gcrypt-utils"
},
{
"ID": "oval:org.altlinux.errata:obj:202411176002",
"Version": "1",
"Comment": "libgcrypt-devel is installed",
"Name": "libgcrypt-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202411176003",
"Version": "1",
"Comment": "libgcrypt20 is installed",
"Name": "libgcrypt20"
}
]
}

23
oval/c10f1/ALT-PU-2024-11176/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202411176001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.10.2-alt2",
"Arch": {},
"EVR": {
"Text": "0:1.10.2-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/c10f1/ALT-PU-2024-11176/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202411176001",
"Version": "1",
"Check": "all",
"Comment": "gcrypt-utils is earlier than 0:1.10.2-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411176001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411176001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411176002",
"Version": "1",
"Check": "all",
"Comment": "libgcrypt-devel is earlier than 0:1.10.2-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411176002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411176001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411176003",
"Version": "1",
"Check": "all",
"Comment": "libgcrypt20 is earlier than 0:1.10.2-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411176003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411176001"
}
}
]
}

2741
oval/c10f1/ALT-PU-2024-11524/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

88
oval/c10f1/ALT-PU-2024-11524/objects.json Normal file
View File

@ -0,0 +1,88 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202411524001",
"Version": "1",
"Comment": "kernel-doc-un is installed",
"Name": "kernel-doc-un"
},
{
"ID": "oval:org.altlinux.errata:obj:202411524002",
"Version": "1",
"Comment": "kernel-headers-modules-un-def is installed",
"Name": "kernel-headers-modules-un-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202411524003",
"Version": "1",
"Comment": "kernel-headers-un-def is installed",
"Name": "kernel-headers-un-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202411524004",
"Version": "1",
"Comment": "kernel-image-domU-un-def is installed",
"Name": "kernel-image-domU-un-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202411524005",
"Version": "1",
"Comment": "kernel-image-un-def is installed",
"Name": "kernel-image-un-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202411524006",
"Version": "1",
"Comment": "kernel-image-un-def-checkinstall is installed",
"Name": "kernel-image-un-def-checkinstall"
},
{
"ID": "oval:org.altlinux.errata:obj:202411524007",
"Version": "1",
"Comment": "kernel-modules-drm-ancient-un-def is installed",
"Name": "kernel-modules-drm-ancient-un-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202411524008",
"Version": "1",
"Comment": "kernel-modules-drm-nouveau-un-def is installed",
"Name": "kernel-modules-drm-nouveau-un-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202411524009",
"Version": "1",
"Comment": "kernel-modules-drm-un-def is installed",
"Name": "kernel-modules-drm-un-def"
},
{
"ID": "oval:org.altlinux.errata:obj:202411524010",
"Version": "1",
"Comment": "kernel-modules-staging-un-def is installed",
"Name": "kernel-modules-staging-un-def"
}
]
}

23
oval/c10f1/ALT-PU-2024-11524/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202411524001",
"Version": "1",
"Comment": "package EVR is earlier than 1:6.1.105-alt0.c10f.1",
"Arch": {},
"EVR": {
"Text": "1:6.1.105-alt0.c10f.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

138
oval/c10f1/ALT-PU-2024-11524/tests.json Normal file
View File

@ -0,0 +1,138 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202411524001",
"Version": "1",
"Check": "all",
"Comment": "kernel-doc-un is earlier than 1:6.1.105-alt0.c10f.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411524001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411524001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411524002",
"Version": "1",
"Check": "all",
"Comment": "kernel-headers-modules-un-def is earlier than 1:6.1.105-alt0.c10f.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411524002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411524001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411524003",
"Version": "1",
"Check": "all",
"Comment": "kernel-headers-un-def is earlier than 1:6.1.105-alt0.c10f.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411524003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411524001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411524004",
"Version": "1",
"Check": "all",
"Comment": "kernel-image-domU-un-def is earlier than 1:6.1.105-alt0.c10f.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411524004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411524001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411524005",
"Version": "1",
"Check": "all",
"Comment": "kernel-image-un-def is earlier than 1:6.1.105-alt0.c10f.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411524005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411524001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411524006",
"Version": "1",
"Check": "all",
"Comment": "kernel-image-un-def-checkinstall is earlier than 1:6.1.105-alt0.c10f.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411524006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411524001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411524007",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-drm-ancient-un-def is earlier than 1:6.1.105-alt0.c10f.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411524007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411524001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411524008",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-drm-nouveau-un-def is earlier than 1:6.1.105-alt0.c10f.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411524008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411524001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411524009",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-drm-un-def is earlier than 1:6.1.105-alt0.c10f.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411524009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411524001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411524010",
"Version": "1",
"Check": "all",
"Comment": "kernel-modules-staging-un-def is earlier than 1:6.1.105-alt0.c10f.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411524010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411524001"
}
}
]
}

94
oval/c10f1/ALT-PU-2024-11634/definitions.json Normal file
View File

@ -0,0 +1,94 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202411634",
"Version": "oval:org.altlinux.errata:def:202411634",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-11634: package `admesh` update to version 0.98.5-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-11634",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-11634",
"Source": "ALTPU"
},
{
"RefID": "CVE-2018-25033",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-25033",
"Source": "CVE"
}
],
"Description": "This update upgrades admesh to version 0.98.5-alt1. \nSecurity Fix(es):\n\n * CVE-2018-25033: ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from stl_remove_degenerate) in connect.c in libadmesh.a.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-08-28"
},
"Updated": {
"Date": "2024-08-28"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2018-25033",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-25033",
"Impact": "High",
"Public": "20220508"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202411634001",
"Comment": "admesh is earlier than 0:0.98.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411634002",
"Comment": "libadmesh is earlier than 0:0.98.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411634003",
"Comment": "libadmesh-devel is earlier than 0:0.98.5-alt1"
}
]
}
]
}
}
]
}

46
oval/c10f1/ALT-PU-2024-11634/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202411634001",
"Version": "1",
"Comment": "admesh is installed",
"Name": "admesh"
},
{
"ID": "oval:org.altlinux.errata:obj:202411634002",
"Version": "1",
"Comment": "libadmesh is installed",
"Name": "libadmesh"
},
{
"ID": "oval:org.altlinux.errata:obj:202411634003",
"Version": "1",
"Comment": "libadmesh-devel is installed",
"Name": "libadmesh-devel"
}
]
}

23
oval/c10f1/ALT-PU-2024-11634/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202411634001",
"Version": "1",
"Comment": "package EVR is earlier than 0:0.98.5-alt1",
"Arch": {},
"EVR": {
"Text": "0:0.98.5-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/c10f1/ALT-PU-2024-11634/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202411634001",
"Version": "1",
"Check": "all",
"Comment": "admesh is earlier than 0:0.98.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411634001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411634001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411634002",
"Version": "1",
"Check": "all",
"Comment": "libadmesh is earlier than 0:0.98.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411634002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411634001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411634003",
"Version": "1",
"Check": "all",
"Comment": "libadmesh-devel is earlier than 0:0.98.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411634003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411634001"
}
}
]
}

98
oval/c9f2/ALT-PU-2024-11513/definitions.json Normal file
View File

@ -0,0 +1,98 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202411513",
"Version": "oval:org.altlinux.errata:def:202411513",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-11513: package `gifsicle` update to version 1.95-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-11513",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-11513",
"Source": "ALTPU"
},
{
"RefID": "CVE-2023-36193",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-36193",
"Source": "CVE"
},
{
"RefID": "CVE-2023-44821",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-44821",
"Source": "CVE"
}
],
"Description": "This update upgrades gifsicle to version 1.95-alt2. \nSecurity Fix(es):\n\n * CVE-2023-36193: Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c.\n\n * CVE-2023-44821: Gifsicle through 1.94, if deployed in a way that allows untrusted input to affect Gif_Realloc calls, might allow a denial of service (memory consumption). NOTE: this has been disputed by multiple parties because the Gifsicle code is not commonly used for unattended operation in which new input arrives for a long-running process, does not ship with functionality to link it into another application as a library, and does not have realistic use cases in which an adversary controls the entire command line.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-08-28"
},
"Updated": {
"Date": "2024-08-28"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2023-36193",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-36193",
"Impact": "High",
"Public": "20230623"
},
{
"ID": "CVE-2023-44821",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-44821",
"Impact": "Low",
"Public": "20231009"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202411513001",
"Comment": "gifsicle is earlier than 0:1.95-alt2"
}
]
}
]
}
}
]
}

34
oval/c9f2/ALT-PU-2024-11513/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202411513001",
"Version": "1",
"Comment": "gifsicle is installed",
"Name": "gifsicle"
}
]
}

23
oval/c9f2/ALT-PU-2024-11513/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202411513001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.95-alt2",
"Arch": {},
"EVR": {
"Text": "0:1.95-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c9f2/ALT-PU-2024-11513/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202411513001",
"Version": "1",
"Check": "all",
"Comment": "gifsicle is earlier than 0:1.95-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411513001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411513001"
}
}
]
}

207
oval/c9f2/ALT-PU-2024-11571/definitions.json Normal file
View File

@ -0,0 +1,207 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202411571",
"Version": "oval:org.altlinux.errata:def:202411571",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-11571: package `zabbix` update to version 5.0.43-alt0.c9f2.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-11571",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-11571",
"Source": "ALTPU"
},
{
"RefID": "CVE-2024-22114",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-22114",
"Source": "CVE"
},
{
"RefID": "CVE-2024-22121",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-22121",
"Source": "CVE"
},
{
"RefID": "CVE-2024-22122",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-22122",
"Source": "CVE"
},
{
"RefID": "CVE-2024-22123",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-22123",
"Source": "CVE"
},
{
"RefID": "CVE-2024-36460",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-36460",
"Source": "CVE"
}
],
"Description": "This update upgrades zabbix to version 5.0.43-alt0.c9f2.1. \nSecurity Fix(es):\n\n * CVE-2024-22114: User with no permission to any of the Hosts can access and view host count \u0026 other statistics through System Information Widget in Global View Dashboard.\n\n * CVE-2024-22121: A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.\n\n * CVE-2024-22122: Zabbix allows to configure SMS notifications. AT command injection occurs on \"Zabbix Server\" because there is no validation of \"Number\" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.\n\n * CVE-2024-22123: Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI.\n\n * CVE-2024-36460: The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-08-28"
},
"Updated": {
"Date": "2024-08-28"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2024-22114",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-22114",
"Impact": "None",
"Public": "20240812"
},
{
"ID": "CVE-2024-22121",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-22121",
"Impact": "None",
"Public": "20240812"
},
{
"ID": "CVE-2024-22122",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-22122",
"Impact": "None",
"Public": "20240812"
},
{
"ID": "CVE-2024-22123",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-22123",
"Impact": "None",
"Public": "20240812"
},
{
"ID": "CVE-2024-36460",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-36460",
"Impact": "None",
"Public": "20240812"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202411571001",
"Comment": "zabbix-agent is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571002",
"Comment": "zabbix-agent-sudo is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571003",
"Comment": "zabbix-agent2 is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571004",
"Comment": "zabbix-common is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571005",
"Comment": "zabbix-common-database-mysql is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571006",
"Comment": "zabbix-common-database-pgsql is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571007",
"Comment": "zabbix-common-database-sqlite3 is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571008",
"Comment": "zabbix-contrib is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571009",
"Comment": "zabbix-doc is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571010",
"Comment": "zabbix-java-gateway is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571011",
"Comment": "zabbix-phpfrontend-apache2 is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571012",
"Comment": "zabbix-phpfrontend-apache2-mod_php7 is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571013",
"Comment": "zabbix-phpfrontend-engine is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571014",
"Comment": "zabbix-phpfrontend-php7 is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571015",
"Comment": "zabbix-proxy is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571016",
"Comment": "zabbix-proxy-common is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571017",
"Comment": "zabbix-proxy-pgsql is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571018",
"Comment": "zabbix-server-common is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571019",
"Comment": "zabbix-server-mysql is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571020",
"Comment": "zabbix-server-pgsql is earlier than 1:5.0.43-alt0.c9f2.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411571021",
"Comment": "zabbix-source is earlier than 1:5.0.43-alt0.c9f2.1"
}
]
}
]
}
}
]
}

154
oval/c9f2/ALT-PU-2024-11571/objects.json Normal file
View File

@ -0,0 +1,154 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202411571001",
"Version": "1",
"Comment": "zabbix-agent is installed",
"Name": "zabbix-agent"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571002",
"Version": "1",
"Comment": "zabbix-agent-sudo is installed",
"Name": "zabbix-agent-sudo"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571003",
"Version": "1",
"Comment": "zabbix-agent2 is installed",
"Name": "zabbix-agent2"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571004",
"Version": "1",
"Comment": "zabbix-common is installed",
"Name": "zabbix-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571005",
"Version": "1",
"Comment": "zabbix-common-database-mysql is installed",
"Name": "zabbix-common-database-mysql"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571006",
"Version": "1",
"Comment": "zabbix-common-database-pgsql is installed",
"Name": "zabbix-common-database-pgsql"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571007",
"Version": "1",
"Comment": "zabbix-common-database-sqlite3 is installed",
"Name": "zabbix-common-database-sqlite3"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571008",
"Version": "1",
"Comment": "zabbix-contrib is installed",
"Name": "zabbix-contrib"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571009",
"Version": "1",
"Comment": "zabbix-doc is installed",
"Name": "zabbix-doc"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571010",
"Version": "1",
"Comment": "zabbix-java-gateway is installed",
"Name": "zabbix-java-gateway"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571011",
"Version": "1",
"Comment": "zabbix-phpfrontend-apache2 is installed",
"Name": "zabbix-phpfrontend-apache2"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571012",
"Version": "1",
"Comment": "zabbix-phpfrontend-apache2-mod_php7 is installed",
"Name": "zabbix-phpfrontend-apache2-mod_php7"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571013",
"Version": "1",
"Comment": "zabbix-phpfrontend-engine is installed",
"Name": "zabbix-phpfrontend-engine"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571014",
"Version": "1",
"Comment": "zabbix-phpfrontend-php7 is installed",
"Name": "zabbix-phpfrontend-php7"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571015",
"Version": "1",
"Comment": "zabbix-proxy is installed",
"Name": "zabbix-proxy"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571016",
"Version": "1",
"Comment": "zabbix-proxy-common is installed",
"Name": "zabbix-proxy-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571017",
"Version": "1",
"Comment": "zabbix-proxy-pgsql is installed",
"Name": "zabbix-proxy-pgsql"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571018",
"Version": "1",
"Comment": "zabbix-server-common is installed",
"Name": "zabbix-server-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571019",
"Version": "1",
"Comment": "zabbix-server-mysql is installed",
"Name": "zabbix-server-mysql"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571020",
"Version": "1",
"Comment": "zabbix-server-pgsql is installed",
"Name": "zabbix-server-pgsql"
},
{
"ID": "oval:org.altlinux.errata:obj:202411571021",
"Version": "1",
"Comment": "zabbix-source is installed",
"Name": "zabbix-source"
}
]
}

23
oval/c9f2/ALT-PU-2024-11571/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202411571001",
"Version": "1",
"Comment": "package EVR is earlier than 1:5.0.43-alt0.c9f2.1",
"Arch": {},
"EVR": {
"Text": "1:5.0.43-alt0.c9f2.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

270
oval/c9f2/ALT-PU-2024-11571/tests.json Normal file
View File

@ -0,0 +1,270 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202411571001",
"Version": "1",
"Check": "all",
"Comment": "zabbix-agent is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571002",
"Version": "1",
"Check": "all",
"Comment": "zabbix-agent-sudo is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571003",
"Version": "1",
"Check": "all",
"Comment": "zabbix-agent2 is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571004",
"Version": "1",
"Check": "all",
"Comment": "zabbix-common is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571005",
"Version": "1",
"Check": "all",
"Comment": "zabbix-common-database-mysql is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571006",
"Version": "1",
"Check": "all",
"Comment": "zabbix-common-database-pgsql is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571007",
"Version": "1",
"Check": "all",
"Comment": "zabbix-common-database-sqlite3 is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571008",
"Version": "1",
"Check": "all",
"Comment": "zabbix-contrib is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571009",
"Version": "1",
"Check": "all",
"Comment": "zabbix-doc is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571010",
"Version": "1",
"Check": "all",
"Comment": "zabbix-java-gateway is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571011",
"Version": "1",
"Check": "all",
"Comment": "zabbix-phpfrontend-apache2 is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571012",
"Version": "1",
"Check": "all",
"Comment": "zabbix-phpfrontend-apache2-mod_php7 is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571012"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571013",
"Version": "1",
"Check": "all",
"Comment": "zabbix-phpfrontend-engine is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571013"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571014",
"Version": "1",
"Check": "all",
"Comment": "zabbix-phpfrontend-php7 is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571014"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571015",
"Version": "1",
"Check": "all",
"Comment": "zabbix-proxy is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571015"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571016",
"Version": "1",
"Check": "all",
"Comment": "zabbix-proxy-common is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571016"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571017",
"Version": "1",
"Check": "all",
"Comment": "zabbix-proxy-pgsql is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571017"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571018",
"Version": "1",
"Check": "all",
"Comment": "zabbix-server-common is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571018"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571019",
"Version": "1",
"Check": "all",
"Comment": "zabbix-server-mysql is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571019"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571020",
"Version": "1",
"Check": "all",
"Comment": "zabbix-server-pgsql is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571020"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411571021",
"Version": "1",
"Check": "all",
"Comment": "zabbix-source is earlier than 1:5.0.43-alt0.c9f2.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411571021"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411571001"
}
}
]
}

121
oval/p10/ALT-PU-2024-11080/definitions.json Normal file
View File

@ -0,0 +1,121 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202411080",
"Version": "oval:org.altlinux.errata:def:202411080",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-11080: package `evms` update to version 2.5.5-alt80",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-11080",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-11080",
"Source": "ALTPU"
}
],
"Description": "This update upgrades evms to version 2.5.5-alt80. \nSecurity Fix(es):\n\n * #48723: После создания raid1 на nvme разделе остается device-mapper устройство раздела",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-08-28"
},
"Updated": {
"Date": "2024-08-28"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "48723",
"Href": "https://bugzilla.altlinux.org/48723",
"Data": "После создания raid1 на nvme разделе остается device-mapper устройство раздела"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202411080001",
"Comment": "evms is earlier than 0:2.5.5-alt80"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411080002",
"Comment": "evms-cli is earlier than 0:2.5.5-alt80"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411080003",
"Comment": "evms-ncurses is earlier than 0:2.5.5-alt80"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411080004",
"Comment": "evms-test is earlier than 0:2.5.5-alt80"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411080005",
"Comment": "libevms is earlier than 0:2.5.5-alt80"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411080006",
"Comment": "libevms-devel is earlier than 0:2.5.5-alt80"
}
]
}
]
}
}
]
}

64
oval/p10/ALT-PU-2024-11080/objects.json Normal file
View File

@ -0,0 +1,64 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202411080001",
"Version": "1",
"Comment": "evms is installed",
"Name": "evms"
},
{
"ID": "oval:org.altlinux.errata:obj:202411080002",
"Version": "1",
"Comment": "evms-cli is installed",
"Name": "evms-cli"
},
{
"ID": "oval:org.altlinux.errata:obj:202411080003",
"Version": "1",
"Comment": "evms-ncurses is installed",
"Name": "evms-ncurses"
},
{
"ID": "oval:org.altlinux.errata:obj:202411080004",
"Version": "1",
"Comment": "evms-test is installed",
"Name": "evms-test"
},
{
"ID": "oval:org.altlinux.errata:obj:202411080005",
"Version": "1",
"Comment": "libevms is installed",
"Name": "libevms"
},
{
"ID": "oval:org.altlinux.errata:obj:202411080006",
"Version": "1",
"Comment": "libevms-devel is installed",
"Name": "libevms-devel"
}
]
}

23
oval/p10/ALT-PU-2024-11080/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202411080001",
"Version": "1",
"Comment": "package EVR is earlier than 0:2.5.5-alt80",
"Arch": {},
"EVR": {
"Text": "0:2.5.5-alt80",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

90
oval/p10/ALT-PU-2024-11080/tests.json Normal file
View File

@ -0,0 +1,90 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202411080001",
"Version": "1",
"Check": "all",
"Comment": "evms is earlier than 0:2.5.5-alt80",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411080001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411080001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411080002",
"Version": "1",
"Check": "all",
"Comment": "evms-cli is earlier than 0:2.5.5-alt80",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411080002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411080001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411080003",
"Version": "1",
"Check": "all",
"Comment": "evms-ncurses is earlier than 0:2.5.5-alt80",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411080003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411080001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411080004",
"Version": "1",
"Check": "all",
"Comment": "evms-test is earlier than 0:2.5.5-alt80",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411080004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411080001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411080005",
"Version": "1",
"Check": "all",
"Comment": "libevms is earlier than 0:2.5.5-alt80",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411080005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411080001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411080006",
"Version": "1",
"Check": "all",
"Comment": "libevms-devel is earlier than 0:2.5.5-alt80",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411080006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411080001"
}
}
]
}

101
oval/p10/ALT-PU-2024-11082/definitions.json Normal file
View File

@ -0,0 +1,101 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202411082",
"Version": "oval:org.altlinux.errata:def:202411082",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-11082: package `guile-evms` update to version 0.6.6-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-11082",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-11082",
"Source": "ALTPU"
}
],
"Description": "This update upgrades guile-evms to version 0.6.6-alt1. \nSecurity Fix(es):\n\n * #49698: Расширение поддержки LVM (/boot LV внутри LVM, RAID LV)",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-08-28"
},
"Updated": {
"Date": "2024-08-28"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "49698",
"Href": "https://bugzilla.altlinux.org/49698",
"Data": "Расширение поддержки LVM (/boot LV внутри LVM, RAID LV)"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202411082001",
"Comment": "guile-evms is earlier than 0:0.6.6-alt1"
}
]
}
]
}
}
]
}

34
oval/p10/ALT-PU-2024-11082/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202411082001",
"Version": "1",
"Comment": "guile-evms is installed",
"Name": "guile-evms"
}
]
}

23
oval/p10/ALT-PU-2024-11082/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202411082001",
"Version": "1",
"Comment": "package EVR is earlier than 0:0.6.6-alt1",
"Arch": {},
"EVR": {
"Text": "0:0.6.6-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p10/ALT-PU-2024-11082/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202411082001",
"Version": "1",
"Check": "all",
"Comment": "guile-evms is earlier than 0:0.6.6-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411082001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411082001"
}
}
]
}

111
oval/p10/ALT-PU-2024-11706/definitions.json Normal file
View File

@ -0,0 +1,111 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202411706",
"Version": "oval:org.altlinux.errata:def:202411706",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-11706: package `mongo6.0` update to version 6.0.17-alt0.p10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-11706",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-11706",
"Source": "ALTPU"
},
{
"RefID": "CVE-2024-7553",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-7553",
"Source": "CVE"
}
],
"Description": "This update upgrades mongo6.0 to version 6.0.17-alt0.p10.1. \nSecurity Fix(es):\n\n * CVE-2024-7553: Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1.\n\nRequired Configuration:\n\nOnly environments with Windows as the underlying operating system is affected by this issue",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-08-28"
},
"Updated": {
"Date": "2024-08-28"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2024-7553",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-7553",
"Impact": "None",
"Public": "20240807"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202411706001",
"Comment": "mongo6.0-server-mongod is earlier than 0:6.0.17-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202411706002",
"Comment": "mongo6.0-server-mongos is earlier than 0:6.0.17-alt0.p10.1"
}
]
}
]
}
}
]
}

40
oval/p10/ALT-PU-2024-11706/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202411706001",
"Version": "1",
"Comment": "mongo6.0-server-mongod is installed",
"Name": "mongo6.0-server-mongod"
},
{
"ID": "oval:org.altlinux.errata:obj:202411706002",
"Version": "1",
"Comment": "mongo6.0-server-mongos is installed",
"Name": "mongo6.0-server-mongos"
}
]
}

23
oval/p10/ALT-PU-2024-11706/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202411706001",
"Version": "1",
"Comment": "package EVR is earlier than 0:6.0.17-alt0.p10.1",
"Arch": {},
"EVR": {
"Text": "0:6.0.17-alt0.p10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/p10/ALT-PU-2024-11706/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202411706001",
"Version": "1",
"Check": "all",
"Comment": "mongo6.0-server-mongod is earlier than 0:6.0.17-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411706001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411706001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202411706002",
"Version": "1",
"Check": "all",
"Comment": "mongo6.0-server-mongos is earlier than 0:6.0.17-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202411706002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202411706001"
}
}
]
}