diff --git a/oval/c9f2/ALT-PU-2024-3556/definitions.json b/oval/c9f2/ALT-PU-2024-3556/definitions.json new file mode 100644 index 0000000000..324625535f --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-3556/definitions.json @@ -0,0 +1,89 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20243556", + "Version": "oval:org.altlinux.errata:def:20243556", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-3556: package `libuv` update to version 1.48.0-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c9f2" + ], + "Products": [ + "ALT SPWorkstation", + "ALT SPServer" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-3556", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-3556", + "Source": "ALTPU" + }, + { + "RefID": "CVE-2024-24806", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-24806", + "Source": "CVE" + } + ], + "Description": "This update upgrades libuv to version 1.48.0-alt1. \nSecurity Fix(es):\n\n * CVE-2024-24806: libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-03-11" + }, + "Updated": { + "Date": "2024-03-11" + }, + "bdu": null, + "Cves": [ + { + "Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "Cwe": "CWE-918", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-24806", + "Impact": "High", + "Public": "20240207", + "CveID": "CVE-2024-24806" + } + ], + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:spworkstation:8.4", + "cpe:/o:alt:spserver:8.4" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:3001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20243556001", + "Comment": "libuv is earlier than 0:1.48.0-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20243556002", + "Comment": "libuv-devel is earlier than 0:1.48.0-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-3556/objects.json b/oval/c9f2/ALT-PU-2024-3556/objects.json new file mode 100644 index 0000000000..59e5f22cee --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-3556/objects.json @@ -0,0 +1,40 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:3001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20243556001", + "Version": "1", + "comment": "libuv is installed", + "Name": "libuv" + }, + { + "ID": "oval:org.altlinux.errata:obj:20243556002", + "Version": "1", + "comment": "libuv-devel is installed", + "Name": "libuv-devel" + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-3556/states.json b/oval/c9f2/ALT-PU-2024-3556/states.json new file mode 100644 index 0000000000..ad89a771d6 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-3556/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:3001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20243556001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.48.0-alt1", + "Arch": {}, + "Evr": { + "Text": "0:1.48.0-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-3556/tests.json b/oval/c9f2/ALT-PU-2024-3556/tests.json new file mode 100644 index 0000000000..55ed5f073d --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-3556/tests.json @@ -0,0 +1,42 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:3001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c9f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:3001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:3001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20243556001", + "Version": "1", + "Check": "all", + "Comment": "libuv is earlier than 0:1.48.0-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243556001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243556001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20243556002", + "Version": "1", + "Check": "all", + "Comment": "libuv-devel is earlier than 0:1.48.0-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243556002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243556001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-3457/definitions.json b/oval/p10/ALT-PU-2024-3457/definitions.json new file mode 100644 index 0000000000..d59a249383 --- /dev/null +++ b/oval/p10/ALT-PU-2024-3457/definitions.json @@ -0,0 +1,153 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20243457", + "Version": "oval:org.altlinux.errata:def:20243457", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-3457: package `kernel-image-std-def` update to version 5.10.211-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-3457", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-3457", + "Source": "ALTPU" + }, + { + "RefID": "CVE-2023-52429", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-52429", + "Source": "CVE" + } + ], + "Description": "This update upgrades kernel-image-std-def to version 5.10.211-alt1. \nSecurity Fix(es):\n\n * CVE-2023-52429: dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-03-11" + }, + "Updated": { + "Date": "2024-03-11" + }, + "bdu": null, + "Cves": [ + { + "Cvss3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "Cwe": "CWE-754", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-52429", + "Impact": "Low", + "Public": "20240212", + "CveID": "CVE-2023-52429" + } + ], + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20243457001", + "Comment": "kernel-doc-std is earlier than 2:5.10.211-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20243457002", + "Comment": "kernel-headers-modules-std-def is earlier than 2:5.10.211-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20243457003", + "Comment": "kernel-headers-std-def is earlier than 2:5.10.211-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20243457004", + "Comment": "kernel-image-domU-std-def is earlier than 2:5.10.211-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20243457005", + "Comment": "kernel-image-std-def is earlier than 2:5.10.211-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20243457006", + "Comment": "kernel-image-std-def-checkinstall is earlier than 2:5.10.211-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20243457007", + "Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.10.211-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20243457008", + "Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.10.211-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20243457009", + "Comment": "kernel-modules-drm-std-def is earlier than 2:5.10.211-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20243457010", + "Comment": "kernel-modules-ide-std-def is earlier than 2:5.10.211-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20243457011", + "Comment": "kernel-modules-midgard-be-m1000-std-def is earlier than 2:5.10.211-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20243457012", + "Comment": "kernel-modules-staging-std-def is earlier than 2:5.10.211-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-3457/objects.json b/oval/p10/ALT-PU-2024-3457/objects.json new file mode 100644 index 0000000000..bea35ed975 --- /dev/null +++ b/oval/p10/ALT-PU-2024-3457/objects.json @@ -0,0 +1,100 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20243457001", + "Version": "1", + "comment": "kernel-doc-std is installed", + "Name": "kernel-doc-std" + }, + { + "ID": "oval:org.altlinux.errata:obj:20243457002", + "Version": "1", + "comment": "kernel-headers-modules-std-def is installed", + "Name": "kernel-headers-modules-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:20243457003", + "Version": "1", + "comment": "kernel-headers-std-def is installed", + "Name": "kernel-headers-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:20243457004", + "Version": "1", + "comment": "kernel-image-domU-std-def is installed", + "Name": "kernel-image-domU-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:20243457005", + "Version": "1", + "comment": "kernel-image-std-def is installed", + "Name": "kernel-image-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:20243457006", + "Version": "1", + "comment": "kernel-image-std-def-checkinstall is installed", + "Name": "kernel-image-std-def-checkinstall" + }, + { + "ID": "oval:org.altlinux.errata:obj:20243457007", + "Version": "1", + "comment": "kernel-modules-drm-ancient-std-def is installed", + "Name": "kernel-modules-drm-ancient-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:20243457008", + "Version": "1", + "comment": "kernel-modules-drm-nouveau-std-def is installed", + "Name": "kernel-modules-drm-nouveau-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:20243457009", + "Version": "1", + "comment": "kernel-modules-drm-std-def is installed", + "Name": "kernel-modules-drm-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:20243457010", + "Version": "1", + "comment": "kernel-modules-ide-std-def is installed", + "Name": "kernel-modules-ide-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:20243457011", + "Version": "1", + "comment": "kernel-modules-midgard-be-m1000-std-def is installed", + "Name": "kernel-modules-midgard-be-m1000-std-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:20243457012", + "Version": "1", + "comment": "kernel-modules-staging-std-def is installed", + "Name": "kernel-modules-staging-std-def" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-3457/states.json b/oval/p10/ALT-PU-2024-3457/states.json new file mode 100644 index 0000000000..f7eb6bdb00 --- /dev/null +++ b/oval/p10/ALT-PU-2024-3457/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20243457001", + "Version": "1", + "Comment": "package EVR is earlier than 2:5.10.211-alt1", + "Arch": {}, + "Evr": { + "Text": "2:5.10.211-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-3457/tests.json b/oval/p10/ALT-PU-2024-3457/tests.json new file mode 100644 index 0000000000..51a988ff4c --- /dev/null +++ b/oval/p10/ALT-PU-2024-3457/tests.json @@ -0,0 +1,162 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20243457001", + "Version": "1", + "Check": "all", + "Comment": "kernel-doc-std is earlier than 2:5.10.211-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243457001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243457001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20243457002", + "Version": "1", + "Check": "all", + "Comment": "kernel-headers-modules-std-def is earlier than 2:5.10.211-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243457002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243457001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20243457003", + "Version": "1", + "Check": "all", + "Comment": "kernel-headers-std-def is earlier than 2:5.10.211-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243457003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243457001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20243457004", + "Version": "1", + "Check": "all", + "Comment": "kernel-image-domU-std-def is earlier than 2:5.10.211-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243457004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243457001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20243457005", + "Version": "1", + "Check": "all", + "Comment": "kernel-image-std-def is earlier than 2:5.10.211-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243457005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243457001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20243457006", + "Version": "1", + "Check": "all", + "Comment": "kernel-image-std-def-checkinstall is earlier than 2:5.10.211-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243457006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243457001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20243457007", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.10.211-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243457007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243457001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20243457008", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.10.211-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243457008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243457001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20243457009", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-drm-std-def is earlier than 2:5.10.211-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243457009" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243457001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20243457010", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-ide-std-def is earlier than 2:5.10.211-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243457010" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243457001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20243457011", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-midgard-be-m1000-std-def is earlier than 2:5.10.211-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243457011" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243457001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20243457012", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-staging-std-def is earlier than 2:5.10.211-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243457012" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243457001" + } + } + ] +} \ No newline at end of file