diff --git a/oval/c10f1/ALT-PU-2024-14880/definitions.json b/oval/c10f1/ALT-PU-2024-14880/definitions.json new file mode 100644 index 0000000000..fcc140a44a --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-14880/definitions.json @@ -0,0 +1,194 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202414880", + "Version": "oval:org.altlinux.errata:def:202414880", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-14880: package `curl` update to version 8.10.0-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f1" + ], + "Products": [ + "ALT SP Workstation", + "ALT SP Server" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-14880", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-14880", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-05923", + "RefURL": "https://bdu.fstec.ru/vul/2024-05923", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-06023", + "RefURL": "https://bdu.fstec.ru/vul/2024-06023", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-06024", + "RefURL": "https://bdu.fstec.ru/vul/2024-06024", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-07774", + "RefURL": "https://bdu.fstec.ru/vul/2024-07774", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-6197", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-6197", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-6874", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-6874", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-7264", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-8096", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8096", + "Source": "CVE" + } + ], + "Description": "This update upgrades curl to version 8.10.0-alt1. \nSecurity Fix(es):\n\n * BDU:2024-05923: Уязвимость функции GTime2str парсера ASN1 Parser библиотеки libcurl, позволяющая нарушителю вызвать октаз в обслуживании\n\n * BDU:2024-06023: Уязвимость функции utf8asn1str() парсера ASN1 утилиты командной строки cURL, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2024-06024: Уязвимость функции curl_url_get() утилиты командной строки cURL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-07774: Уязвимость программного средства для взаимодействия с серверами curl, связанная c неправильной проверкой сертификата, позволяющая нарушителю оказывать влияние на целостность системы.\n\n * CVE-2024-6197: libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.\n\n * CVE-2024-6874: libcurl's URL API function\n[curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode\nconversions, to and from IDN. Asking to convert a name that is exactly 256\nbytes, libcurl ends up reading outside of a stack based buffer when built to\nuse the *macidn* IDN backend. The conversion function then fills up the\nprovided buffer exactly - but does not null terminate the string.\n\nThis flaw can lead to stack contents accidently getting returned as part of\nthe converted string.\n\n * CVE-2024-7264: libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.\n\n * CVE-2024-8096: When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.\n\n * #49883: curl --fail возвращает код ошибки 56 вместо 22", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-11-14" + }, + "Updated": { + "Date": "2024-11-14" + }, + "BDUs": [ + { + "ID": "BDU:2024-05923", + "CVSS": "AV:N/AC:H/Au:N/C:N/I:N/A:P", + "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", + "CWE": "CWE-125", + "Href": "https://bdu.fstec.ru/vul/2024-05923", + "Impact": "Low", + "Public": "20240731" + }, + { + "ID": "BDU:2024-06023", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-590", + "Href": "https://bdu.fstec.ru/vul/2024-06023", + "Impact": "High", + "Public": "20240619" + }, + { + "ID": "BDU:2024-06024", + "CVSS": "AV:N/AC:H/Au:S/C:P/I:N/A:N", + "CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "CWE": "CWE-126", + "Href": "https://bdu.fstec.ru/vul/2024-06024", + "Impact": "Low", + "Public": "20240417" + }, + { + "ID": "BDU:2024-07774", + "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "CWE": "CWE-295", + "Href": "https://bdu.fstec.ru/vul/2024-07774", + "Impact": "Low", + "Public": "20240911" + } + ], + "CVEs": [ + { + "ID": "CVE-2024-6197", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-Other", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-6197", + "Impact": "High", + "Public": "20240724" + }, + { + "ID": "CVE-2024-6874", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-6874", + "Impact": "Low", + "Public": "20240724" + }, + { + "ID": "CVE-2024-7264", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "Impact": "Low", + "Public": "20240731" + }, + { + "ID": "CVE-2024-8096", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8096", + "Impact": "None", + "Public": "20240911" + } + ], + "Bugzilla": [ + { + "ID": "49883", + "Href": "https://bugzilla.altlinux.org/49883", + "Data": "curl --fail возвращает код ошибки 56 вместо 22" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:4001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202414880001", + "Comment": "curl is earlier than 0:8.10.0-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414880002", + "Comment": "libcurl is earlier than 0:8.10.0-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414880003", + "Comment": "libcurl-devel is earlier than 0:8.10.0-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-14880/objects.json b/oval/c10f1/ALT-PU-2024-14880/objects.json new file mode 100644 index 0000000000..2059e54ea1 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-14880/objects.json @@ -0,0 +1,46 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:4001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202414880001", + "Version": "1", + "Comment": "curl is installed", + "Name": "curl" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414880002", + "Version": "1", + "Comment": "libcurl is installed", + "Name": "libcurl" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414880003", + "Version": "1", + "Comment": "libcurl-devel is installed", + "Name": "libcurl-devel" + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-14880/states.json b/oval/c10f1/ALT-PU-2024-14880/states.json new file mode 100644 index 0000000000..c80cf6a740 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-14880/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:4001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202414880001", + "Version": "1", + "Comment": "package EVR is earlier than 0:8.10.0-alt1", + "Arch": {}, + "EVR": { + "Text": "0:8.10.0-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-14880/tests.json b/oval/c10f1/ALT-PU-2024-14880/tests.json new file mode 100644 index 0000000000..081e5082cd --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-14880/tests.json @@ -0,0 +1,54 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:4001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f1' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:4001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:4001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202414880001", + "Version": "1", + "Check": "all", + "Comment": "curl is earlier than 0:8.10.0-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414880001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414880001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414880002", + "Version": "1", + "Check": "all", + "Comment": "libcurl is earlier than 0:8.10.0-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414880002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414880001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414880003", + "Version": "1", + "Check": "all", + "Comment": "libcurl-devel is earlier than 0:8.10.0-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414880003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414880001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-15023/definitions.json b/oval/c10f1/ALT-PU-2024-15023/definitions.json new file mode 100644 index 0000000000..1a270e764d --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-15023/definitions.json @@ -0,0 +1,109 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202415023", + "Version": "oval:org.altlinux.errata:def:202415023", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-15023: package `cmake` update to version 3.23.2-alt3", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f1" + ], + "Products": [ + "ALT SP Workstation", + "ALT SP Server" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-15023", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-15023", + "Source": "ALTPU" + } + ], + "Description": "This update upgrades cmake to version 3.23.2-alt3. \nSecurity Fix(es):\n\n * #45833: добавить макрос для ctest", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-11-14" + }, + "Updated": { + "Date": "2024-11-14" + }, + "BDUs": null, + "Bugzilla": [ + { + "ID": "45833", + "Href": "https://bugzilla.altlinux.org/45833", + "Data": "добавить макрос для ctest" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:4001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202415023001", + "Comment": "bash-completion-cmake is earlier than 0:3.23.2-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415023002", + "Comment": "ccmake is earlier than 0:3.23.2-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415023003", + "Comment": "cmake is earlier than 0:3.23.2-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415023004", + "Comment": "cmake-doc is earlier than 0:3.23.2-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415023005", + "Comment": "cmake-gui is earlier than 0:3.23.2-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415023006", + "Comment": "cmake-modules is earlier than 0:3.23.2-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415023007", + "Comment": "ctest is earlier than 0:3.23.2-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415023008", + "Comment": "rpm-macros-cmake is earlier than 0:3.23.2-alt3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415023009", + "Comment": "vim-plugin-cmake is earlier than 0:3.23.2-alt3" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-15023/objects.json b/oval/c10f1/ALT-PU-2024-15023/objects.json new file mode 100644 index 0000000000..5e9262c96d --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-15023/objects.json @@ -0,0 +1,82 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:4001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202415023001", + "Version": "1", + "Comment": "bash-completion-cmake is installed", + "Name": "bash-completion-cmake" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415023002", + "Version": "1", + "Comment": "ccmake is installed", + "Name": "ccmake" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415023003", + "Version": "1", + "Comment": "cmake is installed", + "Name": "cmake" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415023004", + "Version": "1", + "Comment": "cmake-doc is installed", + "Name": "cmake-doc" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415023005", + "Version": "1", + "Comment": "cmake-gui is installed", + "Name": "cmake-gui" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415023006", + "Version": "1", + "Comment": "cmake-modules is installed", + "Name": "cmake-modules" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415023007", + "Version": "1", + "Comment": "ctest is installed", + "Name": "ctest" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415023008", + "Version": "1", + "Comment": "rpm-macros-cmake is installed", + "Name": "rpm-macros-cmake" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415023009", + "Version": "1", + "Comment": "vim-plugin-cmake is installed", + "Name": "vim-plugin-cmake" + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-15023/states.json b/oval/c10f1/ALT-PU-2024-15023/states.json new file mode 100644 index 0000000000..b44145cfc2 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-15023/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:4001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202415023001", + "Version": "1", + "Comment": "package EVR is earlier than 0:3.23.2-alt3", + "Arch": {}, + "EVR": { + "Text": "0:3.23.2-alt3", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-15023/tests.json b/oval/c10f1/ALT-PU-2024-15023/tests.json new file mode 100644 index 0000000000..7e378d7daa --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-15023/tests.json @@ -0,0 +1,126 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:4001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f1' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:4001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:4001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202415023001", + "Version": "1", + "Check": "all", + "Comment": "bash-completion-cmake is earlier than 0:3.23.2-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415023001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415023001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415023002", + "Version": "1", + "Check": "all", + "Comment": "ccmake is earlier than 0:3.23.2-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415023002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415023001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415023003", + "Version": "1", + "Check": "all", + "Comment": "cmake is earlier than 0:3.23.2-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415023003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415023001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415023004", + "Version": "1", + "Check": "all", + "Comment": "cmake-doc is earlier than 0:3.23.2-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415023004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415023001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415023005", + "Version": "1", + "Check": "all", + "Comment": "cmake-gui is earlier than 0:3.23.2-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415023005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415023001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415023006", + "Version": "1", + "Check": "all", + "Comment": "cmake-modules is earlier than 0:3.23.2-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415023006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415023001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415023007", + "Version": "1", + "Check": "all", + "Comment": "ctest is earlier than 0:3.23.2-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415023007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415023001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415023008", + "Version": "1", + "Check": "all", + "Comment": "rpm-macros-cmake is earlier than 0:3.23.2-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415023008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415023001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415023009", + "Version": "1", + "Check": "all", + "Comment": "vim-plugin-cmake is earlier than 0:3.23.2-alt3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415023009" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415023001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-15498/definitions.json b/oval/c10f1/ALT-PU-2024-15498/definitions.json new file mode 100644 index 0000000000..24fe2c3877 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-15498/definitions.json @@ -0,0 +1,118 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202415498", + "Version": "oval:org.altlinux.errata:def:202415498", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-15498: package `consul` update to version 1.20.1-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f1" + ], + "Products": [ + "ALT SP Workstation", + "ALT SP Server" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-15498", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-15498", + "Source": "ALTPU" + }, + { + "RefID": "CVE-2024-10005", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10005", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-10006", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10006", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-10086", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10086", + "Source": "CVE" + } + ], + "Description": "This update upgrades consul to version 1.20.1-alt1. \nSecurity Fix(es):\n\n * CVE-2024-10005: A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.\n\n * CVE-2024-10006: A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.\n\n * CVE-2024-10086: A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.\n\n * #44495: Не запускается контейнер без root", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-11-14" + }, + "Updated": { + "Date": "2024-11-14" + }, + "BDUs": null, + "CVEs": [ + { + "ID": "CVE-2024-10005", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", + "CWE": "CWE-22", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10005", + "Impact": "Low", + "Public": "20241030" + }, + { + "ID": "CVE-2024-10006", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", + "CWE": "CWE-116", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10006", + "Impact": "Low", + "Public": "20241030" + }, + { + "ID": "CVE-2024-10086", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "CWE": "CWE-79", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10086", + "Impact": "Low", + "Public": "20241030" + } + ], + "Bugzilla": [ + { + "ID": "44495", + "Href": "https://bugzilla.altlinux.org/44495", + "Data": "Не запускается контейнер без root" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:4001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202415498001", + "Comment": "consul is earlier than 0:1.20.1-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-15498/objects.json b/oval/c10f1/ALT-PU-2024-15498/objects.json new file mode 100644 index 0000000000..f6a30956d2 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-15498/objects.json @@ -0,0 +1,34 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:4001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202415498001", + "Version": "1", + "Comment": "consul is installed", + "Name": "consul" + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-15498/states.json b/oval/c10f1/ALT-PU-2024-15498/states.json new file mode 100644 index 0000000000..8550b1ffe9 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-15498/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:4001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202415498001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.20.1-alt1", + "Arch": {}, + "EVR": { + "Text": "0:1.20.1-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-15498/tests.json b/oval/c10f1/ALT-PU-2024-15498/tests.json new file mode 100644 index 0000000000..69552acf1f --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-15498/tests.json @@ -0,0 +1,30 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:4001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f1' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:4001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:4001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202415498001", + "Version": "1", + "Check": "all", + "Comment": "consul is earlier than 0:1.20.1-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415498001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415498001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-15509/definitions.json b/oval/c10f1/ALT-PU-2024-15509/definitions.json new file mode 100644 index 0000000000..813e66bab9 --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-15509/definitions.json @@ -0,0 +1,270 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202415509", + "Version": "oval:org.altlinux.errata:def:202415509", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-15509: package `mbedtls` update to version 3.6.2-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c10f1" + ], + "Products": [ + "ALT SP Workstation", + "ALT SP Server" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-15509", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-15509", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2023-06434", + "RefURL": "https://bdu.fstec.ru/vul/2023-06434", + "Source": "BDU" + }, + { + "RefID": "BDU:2023-06575", + "RefURL": "https://bdu.fstec.ru/vul/2023-06575", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-01340", + "RefURL": "https://bdu.fstec.ru/vul/2024-01340", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-01341", + "RefURL": "https://bdu.fstec.ru/vul/2024-01341", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-07428", + "RefURL": "https://bdu.fstec.ru/vul/2024-07428", + "Source": "BDU" + }, + { + "RefID": "CVE-2023-43615", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-43615", + "Source": "CVE" + }, + { + "RefID": "CVE-2023-45199", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-45199", + "Source": "CVE" + }, + { + "RefID": "CVE-2023-52353", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-52353", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-23170", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-23170", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-23744", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-23744", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-23775", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-23775", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-45157", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-45157", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-45159", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-45159", + "Source": "CVE" + } + ], + "Description": "This update upgrades mbedtls to version 3.6.2-alt1. \nSecurity Fix(es):\n\n * BDU:2023-06434: Уязвимость реализации протоколов TLS и SSL программного обеспечения Mbed TLS, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-06575: Уязвимость программного обеспечения Mbed TLS, связанная с ошибками при обработке шифрования в соединениях (D)TLS, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-01340: Уязвимость программного обеспечения Mbed TLS, существующая из-за временного бокового канала в частных операциях RSA, позволяющая нарушителю реализовать атаку Марвина (Marvin) и получить доступ к конфиденциальной информации\n\n * BDU:2024-01341: Уязвимость функции mbedtls_x509_set_extension программного обеспечения Mbed TLS, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-07428: Уязвимость программного обеспечения Mbed TLS, связанная с использованием неисправного или рискованного криптографического алгоритма, позволяющая нарушителю раскрыть защищаемую информацию\n\n * CVE-2023-43615: Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.\n\n * CVE-2023-45199: Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.\n\n * CVE-2023-52353: An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.\n\n * CVE-2024-23170: An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario.\n\n * CVE-2024-23744: An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.\n\n * CVE-2024-23775: Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().\n\n * CVE-2024-45157: An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.\n\n * CVE-2024-45159: An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication (with required authentication, the handshake would be aborted with a fatal alert).\n\n * #47976: Недоступный сайт, указанный в URL пакета", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Critical", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-11-14" + }, + "Updated": { + "Date": "2024-11-14" + }, + "BDUs": [ + { + "ID": "BDU:2023-06434", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-119, CWE-120", + "Href": "https://bdu.fstec.ru/vul/2023-06434", + "Impact": "Critical", + "Public": "20231006" + }, + { + "ID": "BDU:2023-06575", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-119, CWE-120", + "Href": "https://bdu.fstec.ru/vul/2023-06575", + "Impact": "Critical", + "Public": "20231005" + }, + { + "ID": "BDU:2024-01340", + "CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N", + "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "CWE": "CWE-200, CWE-203, CWE-208", + "Href": "https://bdu.fstec.ru/vul/2024-01340", + "Impact": "Low", + "Public": "20240110" + }, + { + "ID": "BDU:2024-01341", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-189, CWE-190", + "Href": "https://bdu.fstec.ru/vul/2024-01341", + "Impact": "High", + "Public": "20240109" + }, + { + "ID": "BDU:2024-07428", + "CVSS": "AV:L/AC:H/Au:N/C:C/I:N/A:N", + "CVSS3": "AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "CWE": "CWE-327", + "Href": "https://bdu.fstec.ru/vul/2024-07428", + "Impact": "Low", + "Public": "20240905" + } + ], + "CVEs": [ + { + "ID": "CVE-2023-43615", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "CWE": "CWE-120", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-43615", + "Impact": "High", + "Public": "20231007" + }, + { + "ID": "CVE-2023-45199", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-120", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-45199", + "Impact": "Critical", + "Public": "20231007" + }, + { + "ID": "CVE-2023-52353", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "CWE": "CWE-384", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-52353", + "Impact": "High", + "Public": "20240121" + }, + { + "ID": "CVE-2024-23170", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "CWE": "CWE-203", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-23170", + "Impact": "Low", + "Public": "20240131" + }, + { + "ID": "CVE-2024-23744", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-23744", + "Impact": "High", + "Public": "20240121" + }, + { + "ID": "CVE-2024-23775", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-190", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-23775", + "Impact": "High", + "Public": "20240131" + }, + { + "ID": "CVE-2024-45157", + "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-45157", + "Impact": "Low", + "Public": "20240905" + }, + { + "ID": "CVE-2024-45159", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-295", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-45159", + "Impact": "Critical", + "Public": "20240905" + } + ], + "Bugzilla": [ + { + "ID": "47976", + "Href": "https://bugzilla.altlinux.org/47976", + "Data": "Недоступный сайт, указанный в URL пакета" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:10", + "cpe:/o:alt:spserver:10" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:4001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202415509001", + "Comment": "libmbedcrypto16 is earlier than 0:3.6.2-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415509002", + "Comment": "libmbedtls-devel is earlier than 0:3.6.2-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415509003", + "Comment": "libmbedtls21 is earlier than 0:3.6.2-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415509004", + "Comment": "libmbedx509-7 is earlier than 0:3.6.2-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415509005", + "Comment": "mbedtls-utils is earlier than 0:3.6.2-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-15509/objects.json b/oval/c10f1/ALT-PU-2024-15509/objects.json new file mode 100644 index 0000000000..e0174c4b3e --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-15509/objects.json @@ -0,0 +1,58 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:4001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202415509001", + "Version": "1", + "Comment": "libmbedcrypto16 is installed", + "Name": "libmbedcrypto16" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415509002", + "Version": "1", + "Comment": "libmbedtls-devel is installed", + "Name": "libmbedtls-devel" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415509003", + "Version": "1", + "Comment": "libmbedtls21 is installed", + "Name": "libmbedtls21" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415509004", + "Version": "1", + "Comment": "libmbedx509-7 is installed", + "Name": "libmbedx509-7" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415509005", + "Version": "1", + "Comment": "mbedtls-utils is installed", + "Name": "mbedtls-utils" + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-15509/states.json b/oval/c10f1/ALT-PU-2024-15509/states.json new file mode 100644 index 0000000000..0ad9485d0e --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-15509/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:4001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202415509001", + "Version": "1", + "Comment": "package EVR is earlier than 0:3.6.2-alt1", + "Arch": {}, + "EVR": { + "Text": "0:3.6.2-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c10f1/ALT-PU-2024-15509/tests.json b/oval/c10f1/ALT-PU-2024-15509/tests.json new file mode 100644 index 0000000000..e036dabe8b --- /dev/null +++ b/oval/c10f1/ALT-PU-2024-15509/tests.json @@ -0,0 +1,78 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:4001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c10f1' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:4001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:4001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202415509001", + "Version": "1", + "Check": "all", + "Comment": "libmbedcrypto16 is earlier than 0:3.6.2-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415509001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415509001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415509002", + "Version": "1", + "Check": "all", + "Comment": "libmbedtls-devel is earlier than 0:3.6.2-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415509002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415509001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415509003", + "Version": "1", + "Check": "all", + "Comment": "libmbedtls21 is earlier than 0:3.6.2-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415509003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415509001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415509004", + "Version": "1", + "Check": "all", + "Comment": "libmbedx509-7 is earlier than 0:3.6.2-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415509004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415509001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415509005", + "Version": "1", + "Check": "all", + "Comment": "mbedtls-utils is earlier than 0:3.6.2-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415509005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415509001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15083/definitions.json b/oval/c9f2/ALT-PU-2024-15083/definitions.json new file mode 100644 index 0000000000..4131a9930a --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15083/definitions.json @@ -0,0 +1,94 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202415083", + "Version": "oval:org.altlinux.errata:def:202415083", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-15083: package `rpm-build-vm` update to version 1.74-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c9f2" + ], + "Products": [ + "ALT SPWorkstation", + "ALT SPServer" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-15083", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-15083", + "Source": "ALTPU" + } + ], + "Description": "This update upgrades rpm-build-vm to version 1.74-alt1. \nSecurity Fix(es):\n\n * #44337: Не определено значение MAXCPU для платформы x86_64\n\n * #47599: \"expected to fail\" tests fail on unsupported architecture", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-11-14" + }, + "Updated": { + "Date": "2024-11-14" + }, + "BDUs": null, + "Bugzilla": [ + { + "ID": "44337", + "Href": "https://bugzilla.altlinux.org/44337", + "Data": "Не определено значение MAXCPU для платформы x86_64" + }, + { + "ID": "47599", + "Href": "https://bugzilla.altlinux.org/47599", + "Data": "\"expected to fail\" tests fail on unsupported architecture" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:8.4", + "cpe:/o:alt:spserver:8.4" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:3001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202415083001", + "Comment": "rpm-build-vm is earlier than 0:1.74-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415083002", + "Comment": "rpm-build-vm-checkinstall is earlier than 0:1.74-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415083003", + "Comment": "rpm-build-vm-createimage is earlier than 0:1.74-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415083004", + "Comment": "rpm-build-vm-run is earlier than 0:1.74-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15083/objects.json b/oval/c9f2/ALT-PU-2024-15083/objects.json new file mode 100644 index 0000000000..2d74eefc55 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15083/objects.json @@ -0,0 +1,52 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:3001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202415083001", + "Version": "1", + "Comment": "rpm-build-vm is installed", + "Name": "rpm-build-vm" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415083002", + "Version": "1", + "Comment": "rpm-build-vm-checkinstall is installed", + "Name": "rpm-build-vm-checkinstall" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415083003", + "Version": "1", + "Comment": "rpm-build-vm-createimage is installed", + "Name": "rpm-build-vm-createimage" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415083004", + "Version": "1", + "Comment": "rpm-build-vm-run is installed", + "Name": "rpm-build-vm-run" + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15083/states.json b/oval/c9f2/ALT-PU-2024-15083/states.json new file mode 100644 index 0000000000..05a966b8a6 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15083/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:3001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202415083001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.74-alt1", + "Arch": {}, + "EVR": { + "Text": "0:1.74-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15083/tests.json b/oval/c9f2/ALT-PU-2024-15083/tests.json new file mode 100644 index 0000000000..e7c0e1f4cc --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15083/tests.json @@ -0,0 +1,66 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:3001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c9f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:3001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:3001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202415083001", + "Version": "1", + "Check": "all", + "Comment": "rpm-build-vm is earlier than 0:1.74-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415083001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415083001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415083002", + "Version": "1", + "Check": "all", + "Comment": "rpm-build-vm-checkinstall is earlier than 0:1.74-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415083002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415083001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415083003", + "Version": "1", + "Check": "all", + "Comment": "rpm-build-vm-createimage is earlier than 0:1.74-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415083003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415083001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415083004", + "Version": "1", + "Check": "all", + "Comment": "rpm-build-vm-run is earlier than 0:1.74-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415083004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415083001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15493/definitions.json b/oval/c9f2/ALT-PU-2024-15493/definitions.json new file mode 100644 index 0000000000..5509b756dc --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15493/definitions.json @@ -0,0 +1,89 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202415493", + "Version": "oval:org.altlinux.errata:def:202415493", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-15493: package `libzen` update to version 0.4.41-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c9f2" + ], + "Products": [ + "ALT SPWorkstation", + "ALT SPServer" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-15493", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-15493", + "Source": "ALTPU" + }, + { + "RefID": "CVE-2020-36646", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-36646", + "Source": "CVE" + } + ], + "Description": "This update upgrades libzen to version 0.4.41-alt1. \nSecurity Fix(es):\n\n * CVE-2020-36646: A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The identifier of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-11-14" + }, + "Updated": { + "Date": "2024-11-14" + }, + "BDUs": null, + "CVEs": [ + { + "ID": "CVE-2020-36646", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-36646", + "Impact": "High", + "Public": "20230107" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:8.4", + "cpe:/o:alt:spserver:8.4" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:3001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202415493001", + "Comment": "libzen is earlier than 0:0.4.41-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415493002", + "Comment": "libzen-devel is earlier than 0:0.4.41-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15493/objects.json b/oval/c9f2/ALT-PU-2024-15493/objects.json new file mode 100644 index 0000000000..bf8c3f8191 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15493/objects.json @@ -0,0 +1,40 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:3001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202415493001", + "Version": "1", + "Comment": "libzen is installed", + "Name": "libzen" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415493002", + "Version": "1", + "Comment": "libzen-devel is installed", + "Name": "libzen-devel" + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15493/states.json b/oval/c9f2/ALT-PU-2024-15493/states.json new file mode 100644 index 0000000000..3dc6b53a3f --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15493/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:3001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202415493001", + "Version": "1", + "Comment": "package EVR is earlier than 0:0.4.41-alt1", + "Arch": {}, + "EVR": { + "Text": "0:0.4.41-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15493/tests.json b/oval/c9f2/ALT-PU-2024-15493/tests.json new file mode 100644 index 0000000000..381bbc97d3 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15493/tests.json @@ -0,0 +1,42 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:3001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c9f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:3001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:3001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202415493001", + "Version": "1", + "Check": "all", + "Comment": "libzen is earlier than 0:0.4.41-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415493001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415493001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415493002", + "Version": "1", + "Check": "all", + "Comment": "libzen-devel is earlier than 0:0.4.41-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415493002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415493001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-14937/definitions.json b/oval/p10/ALT-PU-2024-14937/definitions.json new file mode 100644 index 0000000000..9dc5578221 --- /dev/null +++ b/oval/p10/ALT-PU-2024-14937/definitions.json @@ -0,0 +1,287 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202414937", + "Version": "oval:org.altlinux.errata:def:202414937", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-14937: package `LibreOffice-still` update to version 24.2.6.2-alt0.p10.1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-14937", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-14937", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-04136", + "RefURL": "https://bdu.fstec.ru/vul/2024-04136", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-04913", + "RefURL": "https://bdu.fstec.ru/vul/2024-04913", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-06443", + "RefURL": "https://bdu.fstec.ru/vul/2024-06443", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-07260", + "RefURL": "https://bdu.fstec.ru/vul/2024-07260", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-3044", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3044", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-5261", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5261", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-6472", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-6472", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-7788", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-7788", + "Source": "CVE" + } + ], + "Description": "This update upgrades LibreOffice-still to version 24.2.6.2-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2024-04136: Уязвимость пакета офисных программ LibreOffice, связанная с возможностью внедрения кода или данных, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-04913: Уязвимость компонента LibreOfficeKit пакета офисных программ LibreOffice, позволяющая уязвимости может позволить нарушителю выполнить произвольный код\n\n * BDU:2024-06443: Уязвимость пользовательского интерфейса проверки сертификата пакета офисных программ LibreOffice, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-07260: Уязвимость пакета офисных программ LibreOffice, связанная с некорректной проверкой криптографической подписи, позволяющая нарушителю создать специально сформированный документ, который после восстановления сообщал о действительном статусе электронной подписи\n\n * CVE-2024-3044: Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.\n\n * CVE-2024-5261: Improper Certificate Validation vulnerability in LibreOffice \"LibreOfficeKit\" mode disables TLS certification verification\n\nLibreOfficeKit can be used for accessing LibreOffice functionality \nthrough C/C++. Typically this is used by third party components to reuse\n LibreOffice as a library to convert, view or otherwise interact with \ndocuments.\n\nLibreOffice internally makes use of \"curl\" to fetch remote resources such as images hosted on webservers.\n\nIn\n affected versions of LibreOffice, when used in LibreOfficeKit mode \nonly, then curl's TLS certification verification was disabled \n(CURLOPT_SSL_VERIFYPEER of false)\n\nIn the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true.\n\nThis issue affects LibreOffice before version 24.2.4.\n\n * CVE-2024-6472: Certificate Validation user interface in LibreOffice allows potential vulnerability.\n\n\n\n\nSigned macros are scripts that have been digitally signed by the \ndeveloper using a cryptographic signature. When a document with a signed\n macro is opened a warning is displayed by LibreOffice before the macro \nis executed.\n\nPreviously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.\n\n\nThis issue affects LibreOffice: from 24.2 before 24.2.5.\n\n * CVE-2024-7788: Improper Digital Signature Invalidation  vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before \u003c 24.2.5.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Critical", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-11-14" + }, + "Updated": { + "Date": "2024-11-14" + }, + "BDUs": [ + { + "ID": "BDU:2024-04136", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "CWE": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-04136", + "Impact": "High", + "Public": "20240514" + }, + { + "ID": "BDU:2024-04913", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-295", + "Href": "https://bdu.fstec.ru/vul/2024-04913", + "Impact": "Critical", + "Public": "20240625" + }, + { + "ID": "BDU:2024-06443", + "CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "CWE": "CWE-295", + "Href": "https://bdu.fstec.ru/vul/2024-06443", + "Impact": "High", + "Public": "20240805" + }, + { + "ID": "BDU:2024-07260", + "CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "CWE": "CWE-347", + "Href": "https://bdu.fstec.ru/vul/2024-07260", + "Impact": "High", + "Public": "20240917" + } + ], + "CVEs": [ + { + "ID": "CVE-2024-3044", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3044", + "Impact": "None", + "Public": "20240514" + }, + { + "ID": "CVE-2024-5261", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5261", + "Impact": "None", + "Public": "20240625" + }, + { + "ID": "CVE-2024-6472", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-6472", + "Impact": "None", + "Public": "20240805" + }, + { + "ID": "CVE-2024-7788", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "CWE": "CWE-347", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-7788", + "Impact": "High", + "Public": "20240917" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202414937001", + "Comment": "LibreOffice-still is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937002", + "Comment": "LibreOffice-still-common is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937003", + "Comment": "LibreOffice-still-extensions is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937004", + "Comment": "LibreOffice-still-gtk3 is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937005", + "Comment": "LibreOffice-still-integrated is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937006", + "Comment": "LibreOffice-still-kde5 is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937007", + "Comment": "LibreOffice-still-langpack-be is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937008", + "Comment": "LibreOffice-still-langpack-de is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937009", + "Comment": "LibreOffice-still-langpack-el is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937010", + "Comment": "LibreOffice-still-langpack-es is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937011", + "Comment": "LibreOffice-still-langpack-fr is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937012", + "Comment": "LibreOffice-still-langpack-kk is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937013", + "Comment": "LibreOffice-still-langpack-ky is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937014", + "Comment": "LibreOffice-still-langpack-pt-BR is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937015", + "Comment": "LibreOffice-still-langpack-ru is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937016", + "Comment": "LibreOffice-still-langpack-tt is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937017", + "Comment": "LibreOffice-still-langpack-uk is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937018", + "Comment": "LibreOffice-still-langpack-uz is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937019", + "Comment": "LibreOffice-still-mimetypes is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937020", + "Comment": "LibreOffice-still-qt5 is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937021", + "Comment": "LibreOffice-still-sdk is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937022", + "Comment": "libreofficekit-still is earlier than 0:24.2.6.2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202414937023", + "Comment": "libreofficekit-still-devel is earlier than 0:24.2.6.2-alt0.p10.1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-14937/objects.json b/oval/p10/ALT-PU-2024-14937/objects.json new file mode 100644 index 0000000000..dbf1d2608e --- /dev/null +++ b/oval/p10/ALT-PU-2024-14937/objects.json @@ -0,0 +1,166 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202414937001", + "Version": "1", + "Comment": "LibreOffice-still is installed", + "Name": "LibreOffice-still" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937002", + "Version": "1", + "Comment": "LibreOffice-still-common is installed", + "Name": "LibreOffice-still-common" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937003", + "Version": "1", + "Comment": "LibreOffice-still-extensions is installed", + "Name": "LibreOffice-still-extensions" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937004", + "Version": "1", + "Comment": "LibreOffice-still-gtk3 is installed", + "Name": "LibreOffice-still-gtk3" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937005", + "Version": "1", + "Comment": "LibreOffice-still-integrated is installed", + "Name": "LibreOffice-still-integrated" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937006", + "Version": "1", + "Comment": "LibreOffice-still-kde5 is installed", + "Name": "LibreOffice-still-kde5" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937007", + "Version": "1", + "Comment": "LibreOffice-still-langpack-be is installed", + "Name": "LibreOffice-still-langpack-be" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937008", + "Version": "1", + "Comment": "LibreOffice-still-langpack-de is installed", + "Name": "LibreOffice-still-langpack-de" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937009", + "Version": "1", + "Comment": "LibreOffice-still-langpack-el is installed", + "Name": "LibreOffice-still-langpack-el" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937010", + "Version": "1", + "Comment": "LibreOffice-still-langpack-es is installed", + "Name": "LibreOffice-still-langpack-es" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937011", + "Version": "1", + "Comment": "LibreOffice-still-langpack-fr is installed", + "Name": "LibreOffice-still-langpack-fr" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937012", + "Version": "1", + "Comment": "LibreOffice-still-langpack-kk is installed", + "Name": "LibreOffice-still-langpack-kk" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937013", + "Version": "1", + "Comment": "LibreOffice-still-langpack-ky is installed", + "Name": "LibreOffice-still-langpack-ky" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937014", + "Version": "1", + "Comment": "LibreOffice-still-langpack-pt-BR is installed", + "Name": "LibreOffice-still-langpack-pt-BR" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937015", + "Version": "1", + "Comment": "LibreOffice-still-langpack-ru is installed", + "Name": "LibreOffice-still-langpack-ru" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937016", + "Version": "1", + "Comment": "LibreOffice-still-langpack-tt is installed", + "Name": "LibreOffice-still-langpack-tt" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937017", + "Version": "1", + "Comment": "LibreOffice-still-langpack-uk is installed", + "Name": "LibreOffice-still-langpack-uk" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937018", + "Version": "1", + "Comment": "LibreOffice-still-langpack-uz is installed", + "Name": "LibreOffice-still-langpack-uz" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937019", + "Version": "1", + "Comment": "LibreOffice-still-mimetypes is installed", + "Name": "LibreOffice-still-mimetypes" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937020", + "Version": "1", + "Comment": "LibreOffice-still-qt5 is installed", + "Name": "LibreOffice-still-qt5" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937021", + "Version": "1", + "Comment": "LibreOffice-still-sdk is installed", + "Name": "LibreOffice-still-sdk" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937022", + "Version": "1", + "Comment": "libreofficekit-still is installed", + "Name": "libreofficekit-still" + }, + { + "ID": "oval:org.altlinux.errata:obj:202414937023", + "Version": "1", + "Comment": "libreofficekit-still-devel is installed", + "Name": "libreofficekit-still-devel" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-14937/states.json b/oval/p10/ALT-PU-2024-14937/states.json new file mode 100644 index 0000000000..8227ae1e1d --- /dev/null +++ b/oval/p10/ALT-PU-2024-14937/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202414937001", + "Version": "1", + "Comment": "package EVR is earlier than 0:24.2.6.2-alt0.p10.1", + "Arch": {}, + "EVR": { + "Text": "0:24.2.6.2-alt0.p10.1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-14937/tests.json b/oval/p10/ALT-PU-2024-14937/tests.json new file mode 100644 index 0000000000..b58630df67 --- /dev/null +++ b/oval/p10/ALT-PU-2024-14937/tests.json @@ -0,0 +1,294 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202414937001", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937002", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-common is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937003", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-extensions is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937004", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-gtk3 is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937005", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-integrated is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937006", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-kde5 is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937007", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-langpack-be is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937008", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-langpack-de is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937009", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-langpack-el is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937009" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937010", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-langpack-es is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937010" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937011", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-langpack-fr is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937011" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937012", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-langpack-kk is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937012" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937013", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-langpack-ky is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937013" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937014", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-langpack-pt-BR is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937014" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937015", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-langpack-ru is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937015" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937016", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-langpack-tt is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937016" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937017", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-langpack-uk is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937017" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937018", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-langpack-uz is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937018" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937019", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-mimetypes is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937019" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937020", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-qt5 is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937020" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937021", + "Version": "1", + "Check": "all", + "Comment": "LibreOffice-still-sdk is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937021" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937022", + "Version": "1", + "Check": "all", + "Comment": "libreofficekit-still is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937022" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202414937023", + "Version": "1", + "Check": "all", + "Comment": "libreofficekit-still-devel is earlier than 0:24.2.6.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202414937023" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202414937001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-15136/definitions.json b/oval/p10/ALT-PU-2024-15136/definitions.json new file mode 100644 index 0000000000..3bf5d31a38 --- /dev/null +++ b/oval/p10/ALT-PU-2024-15136/definitions.json @@ -0,0 +1,165 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202415136", + "Version": "oval:org.altlinux.errata:def:202415136", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-15136: package `libxslt` update to version 1.1.37-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-15136", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-15136", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2021-03941", + "RefURL": "https://bdu.fstec.ru/vul/2021-03941", + "Source": "BDU" + }, + { + "RefID": "BDU:2022-03033", + "RefURL": "https://bdu.fstec.ru/vul/2022-03033", + "Source": "BDU" + }, + { + "RefID": "CVE-2021-30560", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-30560", + "Source": "CVE" + }, + { + "RefID": "CVE-2022-29824", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-29824", + "Source": "CVE" + } + ], + "Description": "This update upgrades libxslt to version 1.1.37-alt1. \nSecurity Fix(es):\n\n * BDU:2021-03941: Уязвимость реализации технологии XSLT (eXtensible Stylesheet Language Transformations) модуля отображения Blink браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03033: Уязвимость компонентов buf.c и tree.c библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * CVE-2021-30560: Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2022-29824: In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-11-14" + }, + "Updated": { + "Date": "2024-11-14" + }, + "BDUs": [ + { + "ID": "BDU:2021-03941", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://bdu.fstec.ru/vul/2021-03941", + "Impact": "High", + "Public": "20210612" + }, + { + "ID": "BDU:2022-03033", + "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "CWE": "CWE-190, CWE-787", + "Href": "https://bdu.fstec.ru/vul/2022-03033", + "Impact": "Low", + "Public": "20220308" + } + ], + "CVEs": [ + { + "ID": "CVE-2021-30560", + "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-30560", + "Impact": "High", + "Public": "20210803" + }, + { + "ID": "CVE-2022-29824", + "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "CWE": "CWE-190", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-29824", + "Impact": "Low", + "Public": "20220503" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202415136001", + "Comment": "libxslt is earlier than 0:1.1.37-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415136002", + "Comment": "libxslt-devel is earlier than 0:1.1.37-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415136003", + "Comment": "libxslt-devel-doc is earlier than 0:1.1.37-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415136004", + "Comment": "xsltproc is earlier than 0:1.1.37-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-15136/objects.json b/oval/p10/ALT-PU-2024-15136/objects.json new file mode 100644 index 0000000000..777dc7a107 --- /dev/null +++ b/oval/p10/ALT-PU-2024-15136/objects.json @@ -0,0 +1,52 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202415136001", + "Version": "1", + "Comment": "libxslt is installed", + "Name": "libxslt" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415136002", + "Version": "1", + "Comment": "libxslt-devel is installed", + "Name": "libxslt-devel" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415136003", + "Version": "1", + "Comment": "libxslt-devel-doc is installed", + "Name": "libxslt-devel-doc" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415136004", + "Version": "1", + "Comment": "xsltproc is installed", + "Name": "xsltproc" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-15136/states.json b/oval/p10/ALT-PU-2024-15136/states.json new file mode 100644 index 0000000000..e92d571f5a --- /dev/null +++ b/oval/p10/ALT-PU-2024-15136/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202415136001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.1.37-alt1", + "Arch": {}, + "EVR": { + "Text": "0:1.1.37-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-15136/tests.json b/oval/p10/ALT-PU-2024-15136/tests.json new file mode 100644 index 0000000000..1dda271f0f --- /dev/null +++ b/oval/p10/ALT-PU-2024-15136/tests.json @@ -0,0 +1,66 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202415136001", + "Version": "1", + "Check": "all", + "Comment": "libxslt is earlier than 0:1.1.37-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415136001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415136001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415136002", + "Version": "1", + "Check": "all", + "Comment": "libxslt-devel is earlier than 0:1.1.37-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415136002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415136001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415136003", + "Version": "1", + "Check": "all", + "Comment": "libxslt-devel-doc is earlier than 0:1.1.37-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415136003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415136001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415136004", + "Version": "1", + "Check": "all", + "Comment": "xsltproc is earlier than 0:1.1.37-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415136004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415136001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-15200/definitions.json b/oval/p10/ALT-PU-2024-15200/definitions.json new file mode 100644 index 0000000000..76d8848eaa --- /dev/null +++ b/oval/p10/ALT-PU-2024-15200/definitions.json @@ -0,0 +1,157 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202415200", + "Version": "oval:org.altlinux.errata:def:202415200", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-15200: package `bitcoin` update to version 27.2-alt0.p10.1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-15200", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-15200", + "Source": "ALTPU" + }, + { + "RefID": "CVE-2023-33297", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-33297", + "Source": "CVE" + }, + { + "RefID": "CVE-2023-37192", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37192", + "Source": "CVE" + }, + { + "RefID": "CVE-2023-50428", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-50428", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-34149", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-34149", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-35202", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-35202", + "Source": "CVE" + } + ], + "Description": "This update upgrades bitcoin to version 27.2-alt0.p10.1. \nSecurity Fix(es):\n\n * CVE-2023-33297: Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.\n\n * CVE-2023-37192: Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing.\n\n * CVE-2023-50428: In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. NOTE: although this is a vulnerability from the perspective of the Bitcoin Knots project, some others consider it \"not a bug.\"\n\n * CVE-2024-34149: In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy size limit check, a different issue than CVE-2023-50428. NOTE: some parties oppose this new limit check (for example, because they agree with the objective but disagree with the technical mechanism, or because they have a different objective).\n\n * CVE-2024-35202: Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-11-14" + }, + "Updated": { + "Date": "2024-11-14" + }, + "BDUs": null, + "CVEs": [ + { + "ID": "CVE-2023-33297", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-400", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-33297", + "Impact": "High", + "Public": "20230522" + }, + { + "ID": "CVE-2023-37192", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "CWE": "CWE-311", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37192", + "Impact": "High", + "Public": "20230707" + }, + { + "ID": "CVE-2023-50428", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-50428", + "Impact": "Low", + "Public": "20231209" + }, + { + "ID": "CVE-2024-34149", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-34149", + "Impact": "None", + "Public": "20240430" + }, + { + "ID": "CVE-2024-35202", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-35202", + "Impact": "None", + "Public": "20241010" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202415200001", + "Comment": "bitcoin is earlier than 0:27.2-alt0.p10.1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-15200/objects.json b/oval/p10/ALT-PU-2024-15200/objects.json new file mode 100644 index 0000000000..b26be2487b --- /dev/null +++ b/oval/p10/ALT-PU-2024-15200/objects.json @@ -0,0 +1,34 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202415200001", + "Version": "1", + "Comment": "bitcoin is installed", + "Name": "bitcoin" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-15200/states.json b/oval/p10/ALT-PU-2024-15200/states.json new file mode 100644 index 0000000000..7a5d089d98 --- /dev/null +++ b/oval/p10/ALT-PU-2024-15200/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202415200001", + "Version": "1", + "Comment": "package EVR is earlier than 0:27.2-alt0.p10.1", + "Arch": {}, + "EVR": { + "Text": "0:27.2-alt0.p10.1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-15200/tests.json b/oval/p10/ALT-PU-2024-15200/tests.json new file mode 100644 index 0000000000..b28ad50bfd --- /dev/null +++ b/oval/p10/ALT-PU-2024-15200/tests.json @@ -0,0 +1,30 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202415200001", + "Version": "1", + "Check": "all", + "Comment": "bitcoin is earlier than 0:27.2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415200001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415200001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-15251/definitions.json b/oval/p10/ALT-PU-2024-15251/definitions.json new file mode 100644 index 0000000000..121ae6a970 --- /dev/null +++ b/oval/p10/ALT-PU-2024-15251/definitions.json @@ -0,0 +1,620 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202415251", + "Version": "oval:org.altlinux.errata:def:202415251", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-15251: package `kernel-image-un-def` update to version 6.1.115-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-15251", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-15251", + "Source": "ALTPU" + }, + { + "RefID": "CVE-2024-50032", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50032", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50069", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50069", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50073", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50073", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50074", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50074", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50077", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50077", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50078", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50078", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50082", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50082", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50083", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50083", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50085", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50085", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50086", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50086", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50087", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50087", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50088", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50088", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50098", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50098", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50099", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50099", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50101", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50101", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50103", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50103", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50108", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50108", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50110", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50110", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50115", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50115", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50116", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50116", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50117", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50117", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50124", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50124", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50125", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50125", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50127", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50127", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50128", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50128", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50131", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50131", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50133", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50133", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50134", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50134", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50136", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50136", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50138", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50138", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50153", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50153", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50154", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50154", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50160", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50160", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50167", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50167", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50168", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50168", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50171", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50171", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-50205", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-50205", + "Source": "CVE" + } + ], + "Description": "This update upgrades kernel-image-un-def to version 6.1.115-alt1. \nSecurity Fix(es):\n\n * CVE-2024-50032: In the Linux kernel, the following vulnerability has been resolved:\n\nrcu/nocb: Fix rcuog wake-up from offline softirq\n\nAfter a CPU has set itself offline and before it eventually calls\nrcutree_report_cpu_dead(), there are still opportunities for callbacks\nto be enqueued, for example from a softirq. When that happens on NOCB,\nthe rcuog wake-up is deferred through an IPI to an online CPU in order\nnot to call into the scheduler and risk arming the RT-bandwidth after\nhrtimers have been migrated out and disabled.\n\nBut performing a synchronized IPI from a softirq is buggy as reported in\nthe following scenario:\n\n WARNING: CPU: 1 PID: 26 at kernel/smp.c:633 smp_call_function_single\n Modules linked in: rcutorture torture\n CPU: 1 UID: 0 PID: 26 Comm: migration/1 Not tainted 6.11.0-rc1-00012-g9139f93209d1 #1\n Stopper: multi_cpu_stop+0x0/0x320 \u003c- __stop_cpus+0xd0/0x120\n RIP: 0010:smp_call_function_single\n \u003cIRQ\u003e\n swake_up_one_online\n __call_rcu_nocb_wake\n __call_rcu_common\n ? rcu_torture_one_read\n call_timer_fn\n __run_timers\n run_timer_softirq\n handle_softirqs\n irq_exit_rcu\n ? tick_handle_periodic\n sysvec_apic_timer_interrupt\n \u003c/IRQ\u003e\n\nFix this with forcing deferred rcuog wake up through the NOCB timer when\nthe CPU is offline. The actual wake up will happen from\nrcutree_report_cpu_dead().\n\n * CVE-2024-50069: In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: apple: check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this returned\nvalue is not checked. Fix this lack and check the returned value.\n\nFound by code review.\n\n * CVE-2024-50073: In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.\n\n * CVE-2024-50074: In the Linux kernel, the following vulnerability has been resolved:\n\nparport: Proper fix for array out-of-bounds access\n\nThe recent fix for array out-of-bounds accesses replaced sprintf()\ncalls blindly with snprintf(). However, since snprintf() returns the\nwould-be-printed size, not the actually output size, the length\ncalculation can still go over the given limit.\n\nUse scnprintf() instead of snprintf(), which returns the actually\noutput letters, for addressing the potential out-of-bounds access\nproperly.\n\n * CVE-2024-50077: In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Fix multiple init when debugfs is disabled\n\nIf bt_debugfs is not created successfully, which happens if either\nCONFIG_DEBUG_FS or CONFIG_DEBUG_FS_ALLOW_ALL is unset, then iso_init()\nreturns early and does not set iso_inited to true. This means that a\nsubsequent call to iso_init() will result in duplicate calls to\nproto_register(), bt_sock_register(), etc.\n\nWith CONFIG_LIST_HARDENED and CONFIG_BUG_ON_DATA_CORRUPTION enabled, the\nduplicate call to proto_register() triggers this BUG():\n\n list_add double add: new=ffffffffc0b280d0, prev=ffffffffbab56250,\n next=ffffffffc0b280d0.\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:35!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 2 PID: 887 Comm: bluetoothd Not tainted 6.10.11-1-ao-desktop #1\n RIP: 0010:__list_add_valid_or_report+0x9a/0xa0\n ...\n __list_add_valid_or_report+0x9a/0xa0\n proto_register+0x2b5/0x340\n iso_init+0x23/0x150 [bluetooth]\n set_iso_socket_func+0x68/0x1b0 [bluetooth]\n kmem_cache_free+0x308/0x330\n hci_sock_sendmsg+0x990/0x9e0 [bluetooth]\n __sock_sendmsg+0x7b/0x80\n sock_write_iter+0x9a/0x110\n do_iter_readv_writev+0x11d/0x220\n vfs_writev+0x180/0x3e0\n do_writev+0xca/0x100\n ...\n\nThis change removes the early return. The check for iso_debugfs being\nNULL was unnecessary, it is always NULL when iso_inited is false.\n\n * CVE-2024-50078: In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Call iso_exit() on module unload\n\nIf iso_init() has been called, iso_exit() must be called on module\nunload. Without that, the struct proto that iso_init() registered with\nproto_register() becomes invalid, which could cause unpredictable\nproblems later. In my case, with CONFIG_LIST_HARDENED and\nCONFIG_BUG_ON_DATA_CORRUPTION enabled, loading the module again usually\ntriggers this BUG():\n\n list_add corruption. next-\u003eprev should be prev (ffffffffb5355fd0),\n but was 0000000000000068. (next=ffffffffc0a010d0).\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:29!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 4159 Comm: modprobe Not tainted 6.10.11-4+bt2-ao-desktop #1\n RIP: 0010:__list_add_valid_or_report+0x61/0xa0\n ...\n __list_add_valid_or_report+0x61/0xa0\n proto_register+0x299/0x320\n hci_sock_init+0x16/0xc0 [bluetooth]\n bt_init+0x68/0xd0 [bluetooth]\n __pfx_bt_init+0x10/0x10 [bluetooth]\n do_one_initcall+0x80/0x2f0\n do_init_module+0x8b/0x230\n __do_sys_init_module+0x15f/0x190\n do_syscall_64+0x68/0x110\n ...\n\n * CVE-2024-50082: In the Linux kernel, the following vulnerability has been resolved:\n\nblk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race\n\nWe're seeing crashes from rq_qos_wake_function that look like this:\n\n BUG: unable to handle page fault for address: ffffafe180a40084\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 100000067 P4D 100000067 PUD 10027c067 PMD 10115d067 PTE 0\n Oops: Oops: 0002 [#1] PREEMPT SMP PTI\n CPU: 17 UID: 0 PID: 0 Comm: swapper/17 Not tainted 6.12.0-rc3-00013-geca631b8fe80 #11\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n RIP: 0010:_raw_spin_lock_irqsave+0x1d/0x40\n Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 9c 41 5c fa 65 ff 05 62 97 30 4c 31 c0 ba 01 00 00 00 \u003cf0\u003e 0f b1 17 75 0a 4c 89 e0 41 5c c3 cc cc cc cc 89 c6 e8 2c 0b 00\n RSP: 0018:ffffafe180580ca0 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: ffffafe180a3f7a8 RCX: 0000000000000011\n RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffffafe180a40084\n RBP: 0000000000000000 R08: 00000000001e7240 R09: 0000000000000011\n R10: 0000000000000028 R11: 0000000000000888 R12: 0000000000000002\n R13: ffffafe180a40084 R14: 0000000000000000 R15: 0000000000000003\n FS: 0000000000000000(0000) GS:ffff9aaf1f280000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffafe180a40084 CR3: 000000010e428002 CR4: 0000000000770ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n try_to_wake_up+0x5a/0x6a0\n rq_qos_wake_function+0x71/0x80\n __wake_up_common+0x75/0xa0\n __wake_up+0x36/0x60\n scale_up.part.0+0x50/0x110\n wb_timer_fn+0x227/0x450\n ...\n\nSo rq_qos_wake_function() calls wake_up_process(data-\u003etask), which calls\ntry_to_wake_up(), which faults in raw_spin_lock_irqsave(\u0026p-\u003epi_lock).\n\np comes from data-\u003etask, and data comes from the waitqueue entry, which\nis stored on the waiter's stack in rq_qos_wait(). Analyzing the core\ndump with drgn, I found that the waiter had already woken up and moved\non to a completely unrelated code path, clobbering what was previously\ndata-\u003etask. Meanwhile, the waker was passing the clobbered garbage in\ndata-\u003etask to wake_up_process(), leading to the crash.\n\nWhat's happening is that in between rq_qos_wake_function() deleting the\nwaitqueue entry and calling wake_up_process(), rq_qos_wait() is finding\nthat it already got a token and returning. The race looks like this:\n\nrq_qos_wait() rq_qos_wake_function()\n==============================================================\nprepare_to_wait_exclusive()\n data-\u003egot_token = true;\n list_del_init(\u0026curr-\u003eentry);\nif (data.got_token)\n break;\nfinish_wait(\u0026rqw-\u003ewait, \u0026data.wq);\n ^- returns immediately because\n list_empty_careful(\u0026wq_entry-\u003eentry)\n is true\n... return, go do something else ...\n wake_up_process(data-\u003etask)\n (NO LONGER VALID!)-^\n\nNormally, finish_wait() is supposed to synchronize against the waker.\nBut, as noted above, it is returning immediately because the waitqueue\nentry has already been removed from the waitqueue.\n\nThe bug is that rq_qos_wake_function() is accessing the waitqueue entry\nAFTER deleting it. Note that autoremove_wake_function() wakes the waiter\nand THEN deletes the waitqueue entry, which is the proper order.\n\nFix it by swapping the order. We also need to use\nlist_del_init_careful() to match the list_empty_careful() in\nfinish_wait().\n\n * CVE-2024-50083: In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: fix mptcp DSS corruption due to large pmtu xmit\n\nSyzkaller was able to trigger a DSS corruption:\n\n TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 5227 at net/mptcp/protocol.c:695 __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695\n Modules linked in:\n CPU: 0 UID: 0 PID: 5227 Comm: syz-executor350 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\n RIP: 0010:__mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695\n Code: 0f b6 dc 31 ff 89 de e8 b5 dd ea f5 89 d8 48 81 c4 50 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 98 da ea f5 90 \u003c0f\u003e 0b 90 e9 47 ff ff ff e8 8a da ea f5 90 0f 0b 90 e9 99 e0 ff ff\n RSP: 0018:ffffc90000006db8 EFLAGS: 00010246\n RAX: ffffffff8ba9df18 RBX: 00000000000055f0 RCX: ffff888030023c00\n RDX: 0000000000000100 RSI: 00000000000081e5 RDI: 00000000000055f0\n RBP: 1ffff110062bf1ae R08: ffffffff8ba9cf12 R09: 1ffff110062bf1b8\n R10: dffffc0000000000 R11: ffffed10062bf1b9 R12: 0000000000000000\n R13: dffffc0000000000 R14: 00000000700cec61 R15: 00000000000081e5\n FS: 000055556679c380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000020287000 CR3: 0000000077892000 CR4: 00000000003506f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cIRQ\u003e\n move_skbs_to_msk net/mptcp/protocol.c:811 [inline]\n mptcp_data_ready+0x29c/0xa90 net/mptcp/protocol.c:854\n subflow_data_ready+0x34a/0x920 net/mptcp/subflow.c:1490\n tcp_data_queue+0x20fd/0x76c0 net/ipv4/tcp_input.c:5283\n tcp_rcv_established+0xfba/0x2020 net/ipv4/tcp_input.c:6237\n tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915\n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2350\n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n __netif_receive_skb_one_core net/core/dev.c:5662 [inline]\n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6107\n __napi_poll+0xcb/0x490 net/core/dev.c:6771\n napi_poll net/core/dev.c:6840 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6962\n handle_softirqs+0x2c5/0x980 kernel/softirq.c:554\n do_softirq+0x11b/0x1e0 kernel/softirq.c:455\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x1764/0x3e80 net/core/dev.c:4451\n dev_queue_xmit include/linux/netdevice.h:3094 [inline]\n neigh_hh_output include/net/neighbour.h:526 [inline]\n neigh_output include/net/neighbour.h:540 [inline]\n ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236\n ip_local_out net/ipv4/ip_output.c:130 [inline]\n __ip_queue_xmit+0x118c/0x1b80 net/ipv4/ip_output.c:536\n __tcp_transmit_skb+0x2544/0x3b30 net/ipv4/tcp_output.c:1466\n tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]\n tcp_mtu_probe net/ipv4/tcp_output.c:2547 [inline]\n tcp_write_xmit+0x641d/0x6bf0 net/ipv4/tcp_output.c:2752\n __tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3015\n tcp_push_pending_frames include/net/tcp.h:2107 [inline]\n tcp_data_snd_check net/ipv4/tcp_input.c:5714 [inline]\n tcp_rcv_established+0x1026/0x2020 net/ipv4/tcp_input.c:6239\n tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915\n sk_backlog_rcv include/net/sock.h:1113 [inline]\n __release_sock+0x214/0x350 net/core/sock.c:3072\n release_sock+0x61/0x1f0 net/core/sock.c:3626\n mptcp_push_\n---truncated---\n\n * CVE-2024-50085: In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow\n\nSyzkaller reported this splat:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662\n\n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline]\n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572\n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg net/socket.c:744 [inline]\n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661\n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n RIP: 0023:0xf7fe4579\n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 \u003c5d\u003e 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00\n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\n Allocated by task 5387:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:878 [inline]\n kzalloc_noprof include/linux/slab.h:1014 [inline]\n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803\n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956\n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline]\n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167\n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764\n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592\n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642\n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline]\n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943\n mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777\n process_one_work+0x958/0x1b30 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/ke\n---truncated---\n\n * CVE-2024-50086: In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix user-after-free from session log off\n\nThere is racy issue between smb2 session log off and smb2 session setup.\nIt will cause user-after-free from session log off.\nThis add session_lock when setting SMB2_SESSION_EXPIRED and referece\ncount to session struct not to free session while it is being used.\n\n * CVE-2024-50087: In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix uninitialized pointer free on read_alloc_one_name() error\n\nThe function read_alloc_one_name() does not initialize the name field of\nthe passed fscrypt_str struct if kmalloc fails to allocate the\ncorresponding buffer. Thus, it is not guaranteed that\nfscrypt_str.name is initialized when freeing it.\n\nThis is a follow-up to the linked patch that fixes the remaining\ninstances of the bug introduced by commit e43eec81c516 (\"btrfs: use\nstruct qstr instead of name and namelen pairs\").\n\n * CVE-2024-50088: In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix uninitialized pointer free in add_inode_ref()\n\nThe add_inode_ref() function does not initialize the \"name\" struct when\nit is declared. If any of the following calls to \"read_one_inode()\nreturns NULL,\n\n\tdir = read_one_inode(root, parent_objectid);\n\tif (!dir) {\n\t\tret = -ENOENT;\n\t\tgoto out;\n\t}\n\n\tinode = read_one_inode(root, inode_objectid);\n\tif (!inode) {\n\t\tret = -EIO;\n\t\tgoto out;\n\t}\n\nthen \"name.name\" would be freed on \"out\" before being initialized.\n\nout:\n\t...\n\tkfree(name.name);\n\nThis issue was reported by Coverity with CID 1526744.\n\n * CVE-2024-50098: In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down\n\nThere is a history of deadlock if reboot is performed at the beginning\nof booting. SDEV_QUIESCE was set for all LU's scsi_devices by UFS\nshutdown, and at that time the audio driver was waiting on\nblk_mq_submit_bio() holding a mutex_lock while reading the fw binary.\nAfter that, a deadlock issue occurred while audio driver shutdown was\nwaiting for mutex_unlock of blk_mq_submit_bio(). To solve this, set\nSDEV_OFFLINE for all LUs except WLUN, so that any I/O that comes down\nafter a UFS shutdown will return an error.\n\n[ 31.907781]I[0: swapper/0: 0] 1 130705007 1651079834 11289729804 0 D( 2) 3 ffffff882e208000 * init [device_shutdown]\n[ 31.907793]I[0: swapper/0: 0] Mutex: 0xffffff8849a2b8b0: owner[0xffffff882e28cb00 kworker/6:0 :49]\n[ 31.907806]I[0: swapper/0: 0] Call trace:\n[ 31.907810]I[0: swapper/0: 0] __switch_to+0x174/0x338\n[ 31.907819]I[0: swapper/0: 0] __schedule+0x5ec/0x9cc\n[ 31.907826]I[0: swapper/0: 0] schedule+0x7c/0xe8\n[ 31.907834]I[0: swapper/0: 0] schedule_preempt_disabled+0x24/0x40\n[ 31.907842]I[0: swapper/0: 0] __mutex_lock+0x408/0xdac\n[ 31.907849]I[0: swapper/0: 0] __mutex_lock_slowpath+0x14/0x24\n[ 31.907858]I[0: swapper/0: 0] mutex_lock+0x40/0xec\n[ 31.907866]I[0: swapper/0: 0] device_shutdown+0x108/0x280\n[ 31.907875]I[0: swapper/0: 0] kernel_restart+0x4c/0x11c\n[ 31.907883]I[0: swapper/0: 0] __arm64_sys_reboot+0x15c/0x280\n[ 31.907890]I[0: swapper/0: 0] invoke_syscall+0x70/0x158\n[ 31.907899]I[0: swapper/0: 0] el0_svc_common+0xb4/0xf4\n[ 31.907909]I[0: swapper/0: 0] do_el0_svc+0x2c/0xb0\n[ 31.907918]I[0: swapper/0: 0] el0_svc+0x34/0xe0\n[ 31.907928]I[0: swapper/0: 0] el0t_64_sync_handler+0x68/0xb4\n[ 31.907937]I[0: swapper/0: 0] el0t_64_sync+0x1a0/0x1a4\n\n[ 31.908774]I[0: swapper/0: 0] 49 0 11960702 11236868007 0 D( 2) 6 ffffff882e28cb00 * kworker/6:0 [__bio_queue_enter]\n[ 31.908783]I[0: swapper/0: 0] Call trace:\n[ 31.908788]I[0: swapper/0: 0] __switch_to+0x174/0x338\n[ 31.908796]I[0: swapper/0: 0] __schedule+0x5ec/0x9cc\n[ 31.908803]I[0: swapper/0: 0] schedule+0x7c/0xe8\n[ 31.908811]I[0: swapper/0: 0] __bio_queue_enter+0xb8/0x178\n[ 31.908818]I[0: swapper/0: 0] blk_mq_submit_bio+0x194/0x67c\n[ 31.908827]I[0: swapper/0: 0] __submit_bio+0xb8/0x19c\n\n * CVE-2024-50099: In the Linux kernel, the following vulnerability has been resolved:\n\narm64: probes: Remove broken LDR (literal) uprobe support\n\nThe simulate_ldr_literal() and simulate_ldrsw_literal() functions are\nunsafe to use for uprobes. Both functions were originally written for\nuse with kprobes, and access memory with plain C accesses. When uprobes\nwas added, these were reused unmodified even though they cannot safely\naccess user memory.\n\nThere are three key problems:\n\n1) The plain C accesses do not have corresponding extable entries, and\n thus if they encounter a fault the kernel will treat these as\n unintentional accesses to user memory, resulting in a BUG() which\n will kill the kernel thread, and likely lead to further issues (e.g.\n lockup or panic()).\n\n2) The plain C accesses are subject to HW PAN and SW PAN, and so when\n either is in use, any attempt to simulate an access to user memory\n will fault. Thus neither simulate_ldr_literal() nor\n simulate_ldrsw_literal() can do anything useful when simulating a\n user instruction on any system with HW PAN or SW PAN.\n\n3) The plain C accesses are privileged, as they run in kernel context,\n and in practice can access a small range of kernel virtual addresses.\n The instructions they simulate have a range of +/-1MiB, and since the\n simulated instructions must itself be a user instructions in the\n TTBR0 address range, these can address the final 1MiB of the TTBR1\n acddress range by wrapping downwards from an address in the first\n 1MiB of the TTBR0 address range.\n\n In contemporary kernels the last 8MiB of TTBR1 address range is\n reserved, and accesses to this will always fault, meaning this is no\n worse than (1).\n\n Historically, it was theoretically possible for the linear map or\n vmemmap to spill into the final 8MiB of the TTBR1 address range, but\n in practice this is extremely unlikely to occur as this would\n require either:\n\n * Having enough physical memory to fill the entire linear map all the\n way to the final 1MiB of the TTBR1 address range.\n\n * Getting unlucky with KASLR randomization of the linear map such\n that the populated region happens to overlap with the last 1MiB of\n the TTBR address range.\n\n ... and in either case if we were to spill into the final page there\n would be larger problems as the final page would alias with error\n pointers.\n\nPractically speaking, (1) and (2) are the big issues. Given there have\nbeen no reports of problems since the broken code was introduced, it\nappears that no-one is relying on probing these instructions with\nuprobes.\n\nAvoid these issues by not allowing uprobes on LDR (literal) and LDRSW\n(literal), limiting the use of simulate_ldr_literal() and\nsimulate_ldrsw_literal() to kprobes. Attempts to place uprobes on LDR\n(literal) and LDRSW (literal) will be rejected as\narm_probe_decode_insn() will return INSN_REJECTED. In future we can\nconsider introducing working uprobes support for these instructions, but\nthis will require more significant work.\n\n * CVE-2024-50101: In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices\n\nPreviously, the domain_context_clear() function incorrectly called\npci_for_each_dma_alias() to set up context entries for non-PCI devices.\nThis could lead to kernel hangs or other unexpected behavior.\n\nAdd a check to only call pci_for_each_dma_alias() for PCI devices. For\nnon-PCI devices, domain_context_clear_one() is called directly.\n\n * CVE-2024-50103: In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()\n\nA devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() could\npossibly return NULL pointer. NULL Pointer Dereference may be\ntriggerred without addtional check.\nAdd a NULL check for the returned pointer.\n\n * CVE-2024-50108: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable PSR-SU on Parade 08-01 TCON too\n\nStuart Hayhurst has found that both at bootup and fullscreen VA-API video\nis leading to black screens for around 1 second and kernel WARNING [1] traces\nwhen calling dmub_psr_enable() with Parade 08-01 TCON.\n\nThese symptoms all go away with PSR-SU disabled for this TCON, so disable\nit for now while DMUB traces [2] from the failure can be analyzed and the failure\nstate properly root caused.\n\n(cherry picked from commit afb634a6823d8d9db23c5fb04f79c5549349628b)\n\n * CVE-2024-50110: In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: fix one more kernel-infoleak in algo dumping\n\nDuring fuzz testing, the following issue was discovered:\n\nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30\n _copy_to_iter+0x598/0x2a30\n __skb_datagram_iter+0x168/0x1060\n skb_copy_datagram_iter+0x5b/0x220\n netlink_recvmsg+0x362/0x1700\n sock_recvmsg+0x2dc/0x390\n __sys_recvfrom+0x381/0x6d0\n __x64_sys_recvfrom+0x130/0x200\n x64_sys_call+0x32c8/0x3cc0\n do_syscall_64+0xd8/0x1c0\n entry_SYSCALL_64_after_hwframe+0x79/0x81\n\nUninit was stored to memory at:\n copy_to_user_state_extra+0xcc1/0x1e00\n dump_one_state+0x28c/0x5f0\n xfrm_state_walk+0x548/0x11e0\n xfrm_dump_sa+0x1e0/0x840\n netlink_dump+0x943/0x1c40\n __netlink_dump_start+0x746/0xdb0\n xfrm_user_rcv_msg+0x429/0xc00\n netlink_rcv_skb+0x613/0x780\n xfrm_netlink_rcv+0x77/0xc0\n netlink_unicast+0xe90/0x1280\n netlink_sendmsg+0x126d/0x1490\n __sock_sendmsg+0x332/0x3d0\n ____sys_sendmsg+0x863/0xc30\n ___sys_sendmsg+0x285/0x3e0\n __x64_sys_sendmsg+0x2d6/0x560\n x64_sys_call+0x1316/0x3cc0\n do_syscall_64+0xd8/0x1c0\n entry_SYSCALL_64_after_hwframe+0x79/0x81\n\nUninit was created at:\n __kmalloc+0x571/0xd30\n attach_auth+0x106/0x3e0\n xfrm_add_sa+0x2aa0/0x4230\n xfrm_user_rcv_msg+0x832/0xc00\n netlink_rcv_skb+0x613/0x780\n xfrm_netlink_rcv+0x77/0xc0\n netlink_unicast+0xe90/0x1280\n netlink_sendmsg+0x126d/0x1490\n __sock_sendmsg+0x332/0x3d0\n ____sys_sendmsg+0x863/0xc30\n ___sys_sendmsg+0x285/0x3e0\n __x64_sys_sendmsg+0x2d6/0x560\n x64_sys_call+0x1316/0x3cc0\n do_syscall_64+0xd8/0x1c0\n entry_SYSCALL_64_after_hwframe+0x79/0x81\n\nBytes 328-379 of 732 are uninitialized\nMemory access of size 732 starts at ffff88800e18e000\nData copied to user address 00007ff30f48aff0\n\nCPU: 2 PID: 18167 Comm: syz-executor.0 Not tainted 6.8.11 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n\nFixes copying of xfrm algorithms where some random\ndata of the structure fields can end up in userspace.\nPadding in structures may be filled with random (possibly sensitve)\ndata and should never be given directly to user-space.\n\nA similar issue was resolved in the commit\n8222d5910dae (\"xfrm: Zero padding when dumping algos and encap\")\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.\n\n * CVE-2024-50115: In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn't using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM's much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it's only the nSVM flow\nthat is broken.\n\n * CVE-2024-50116: In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug due to missing clearing of buffer delay flag\n\nSyzbot reported that after nilfs2 reads a corrupted file system image\nand degrades to read-only, the BUG_ON check for the buffer delay flag\nin submit_bh_wbc() may fail, causing a kernel bug.\n\nThis is because the buffer delay flag is not cleared when clearing the\nbuffer state flags to discard a page/folio or a buffer head. So, fix\nthis.\n\nThis became necessary when the use of nilfs2's own page clear routine\nwas expanded. This state inconsistency does not occur if the buffer\nis written normally by log writing.\n\n * CVE-2024-50117: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Guard against bad data for ATIF ACPI method\n\nIf a BIOS provides bad data in response to an ATIF method call\nthis causes a NULL pointer dereference in the caller.\n\n```\n? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1))\n? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434)\n? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2))\n? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminator 1) arch/x86/mm/fault.c:1232 (discriminator 1))\n? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642)\n? exc_page_fault (arch/x86/mm/fault.c:1542)\n? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623)\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminator 2)) amdgpu\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminator 1)) amdgpu\n```\n\nIt has been encountered on at least one system, so guard for it.\n\n(cherry picked from commit c9b7c809b89f24e9372a4e7f02d64c950b07fdee)\n\n * CVE-2024-50124: In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Fix UAF on iso_sock_timeout\n\nconn-\u003esk maybe have been unlinked/freed while waiting for iso_conn_lock\nso this checks if the conn-\u003esk is still valid by checking if it part of\niso_sk_list.\n\n * CVE-2024-50125: In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix UAF on sco_sock_timeout\n\nconn-\u003esk maybe have been unlinked/freed while waiting for sco_conn_lock\nso this checks if the conn-\u003esk is still valid by checking if it part of\nsco_sk_list.\n\n * CVE-2024-50127: In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix use-after-free in taprio_change()\n\nIn 'taprio_change()', 'admin' pointer may become dangling due to sched\nswitch / removal caused by 'advance_sched()', and critical section\nprotected by 'q-\u003ecurrent_entry_lock' is too small to prevent from such\na scenario (which causes use-after-free detected by KASAN). Fix this\nby prefer 'rcu_replace_pointer()' over 'rcu_assign_pointer()' to update\n'admin' immediately before an attempt to schedule freeing.\n\n * CVE-2024-50128: In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: fix global oob in wwan_rtnl_policy\n\nThe variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to\na global out-of-bounds read when parsing the netlink attributes. Exactly\nsame bug cause as the oob fixed in commit b33fb5b801c6 (\"net: qualcomm:\nrmnet: fix global oob in rmnet_policy\").\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:388 [inline]\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603\nRead of size 1 at addr ffffffff8b09cb60 by task syz.1.66276/323862\n\nCPU: 0 PID: 323862 Comm: syz.1.66276 Not tainted 6.1.70 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x177/0x231 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x14f/0x750 mm/kasan/report.c:395\n kasan_report+0x139/0x170 mm/kasan/report.c:495\n validate_nla lib/nlattr.c:388 [inline]\n __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603\n __nla_parse+0x3c/0x50 lib/nlattr.c:700\n nla_parse_nested_deprecated include/net/netlink.h:1269 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3514 [inline]\n rtnl_newlink+0x7bc/0x1fd0 net/core/rtnetlink.c:3623\n rtnetlink_rcv_msg+0x794/0xef0 net/core/rtnetlink.c:6122\n netlink_rcv_skb+0x1de/0x420 net/netlink/af_netlink.c:2508\n netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]\n netlink_unicast+0x74b/0x8c0 net/netlink/af_netlink.c:1352\n netlink_sendmsg+0x882/0xb90 net/netlink/af_netlink.c:1874\n sock_sendmsg_nosec net/socket.c:716 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x5cc/0x8f0 net/socket.c:2499\n ___sys_sendmsg+0x21c/0x290 net/socket.c:2553\n __sys_sendmsg net/socket.c:2582 [inline]\n __do_sys_sendmsg net/socket.c:2591 [inline]\n __se_sys_sendmsg+0x19e/0x270 net/socket.c:2589\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x45/0x90 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f67b19a24ad\nRSP: 002b:00007f67b17febb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f67b1b45f80 RCX: 00007f67b19a24ad\nRDX: 0000000000000000 RSI: 0000000020005e40 RDI: 0000000000000004\nRBP: 00007f67b1a1e01d R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007ffd2513764f R14: 00007ffd251376e0 R15: 00007f67b17fed40\n \u003c/TASK\u003e\n\nThe buggy address belongs to the variable:\n wwan_rtnl_policy+0x20/0x40\n\nThe buggy address belongs to the physical page:\npage:ffffea00002c2700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb09c\nflags: 0xfff00000001000(reserved|node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000001000 ffffea00002c2708 ffffea00002c2708 0000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner info is not present (never set?)\n\nMemory state around the buggy address:\n ffffffff8b09ca00: 05 f9 f9 f9 05 f9 f9 f9 00 01 f9 f9 00 01 f9 f9\n ffffffff8b09ca80: 00 00 00 05 f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9\n\u003effffffff8b09cb00: 00 00 00 00 05 f9 f9 f9 00 00 00 00 f9 f9 f9 f9\n ^\n ffffffff8b09cb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n==================================================================\n\nAccording to the comment of `nla_parse_nested_deprecated`, use correct size\n`IFLA_WWAN_MAX` here to fix this issue.\n\n * CVE-2024-50131: In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Consider the NULL character when validating the event length\n\nstrlen() returns a string length excluding the null byte. If the string\nlength equals to the maximum buffer length, the buffer will have no\nspace for the NULL terminating character.\n\nThis commit checks this condition and returns failure for it.\n\n * CVE-2024-50133: In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Don't crash in stack_top() for tasks without vDSO\n\nNot all tasks have a vDSO mapped, for example kthreads never do. If such\na task ever ends up calling stack_top(), it will derefence the NULL vdso\npointer and crash.\n\nThis can for example happen when using kunit:\n\n\t[\u003c9000000000203874\u003e] stack_top+0x58/0xa8\n\t[\u003c90000000002956cc\u003e] arch_pick_mmap_layout+0x164/0x220\n\t[\u003c90000000003c284c\u003e] kunit_vm_mmap_init+0x108/0x12c\n\t[\u003c90000000003c1fbc\u003e] __kunit_add_resource+0x38/0x8c\n\t[\u003c90000000003c2704\u003e] kunit_vm_mmap+0x88/0xc8\n\t[\u003c9000000000410b14\u003e] usercopy_test_init+0xbc/0x25c\n\t[\u003c90000000003c1db4\u003e] kunit_try_run_case+0x5c/0x184\n\t[\u003c90000000003c3d54\u003e] kunit_generic_run_threadfn_adapter+0x24/0x48\n\t[\u003c900000000022e4bc\u003e] kthread+0xc8/0xd4\n\t[\u003c9000000000200ce8\u003e] ret_from_kernel_thread+0xc/0xa4\n\n * CVE-2024-50134: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA\n\nReplace the fake VLA at end of the vbva_mouse_pointer_shape shape with\na real VLA to fix a \"memcpy: detected field-spanning write error\" warning:\n\n[ 13.319813] memcpy: detected field-spanning write (size 16896) of single field \"p-\u003edata\" at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 (size 4)\n[ 13.319841] WARNING: CPU: 0 PID: 1105 at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 hgsmi_update_pointer_shape+0x192/0x1c0 [vboxvideo]\n[ 13.320038] Call Trace:\n[ 13.320173] hgsmi_update_pointer_shape [vboxvideo]\n[ 13.320184] vbox_cursor_atomic_update [vboxvideo]\n\nNote as mentioned in the added comment it seems the original length\ncalculation for the allocated and send hgsmi buffer is 4 bytes too large.\nChanging this is not the goal of this patch, so this behavior is kept.\n\n * CVE-2024-50136: In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Unregister notifier on eswitch init failure\n\nIt otherwise remains registered and a subsequent attempt at eswitch\nenabling might trigger warnings of the sort:\n\n[ 682.589148] ------------[ cut here ]------------\n[ 682.590204] notifier callback eswitch_vport_event [mlx5_core] already registered\n[ 682.590256] WARNING: CPU: 13 PID: 2660 at kernel/notifier.c:31 notifier_chain_register+0x3e/0x90\n[...snipped]\n[ 682.610052] Call Trace:\n[ 682.610369] \u003cTASK\u003e\n[ 682.610663] ? __warn+0x7c/0x110\n[ 682.611050] ? notifier_chain_register+0x3e/0x90\n[ 682.611556] ? report_bug+0x148/0x170\n[ 682.611977] ? handle_bug+0x36/0x70\n[ 682.612384] ? exc_invalid_op+0x13/0x60\n[ 682.612817] ? asm_exc_invalid_op+0x16/0x20\n[ 682.613284] ? notifier_chain_register+0x3e/0x90\n[ 682.613789] atomic_notifier_chain_register+0x25/0x40\n[ 682.614322] mlx5_eswitch_enable_locked+0x1d4/0x3b0 [mlx5_core]\n[ 682.614965] mlx5_eswitch_enable+0xc9/0x100 [mlx5_core]\n[ 682.615551] mlx5_device_enable_sriov+0x25/0x340 [mlx5_core]\n[ 682.616170] mlx5_core_sriov_configure+0x50/0x170 [mlx5_core]\n[ 682.616789] sriov_numvfs_store+0xb0/0x1b0\n[ 682.617248] kernfs_fop_write_iter+0x117/0x1a0\n[ 682.617734] vfs_write+0x231/0x3f0\n[ 682.618138] ksys_write+0x63/0xe0\n[ 682.618536] do_syscall_64+0x4c/0x100\n[ 682.618958] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n * CVE-2024-50138: In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Use raw_spinlock_t in ringbuf\n\nThe function __bpf_ringbuf_reserve is invoked from a tracepoint, which\ndisables preemption. Using spinlock_t in this context can lead to a\n\"sleep in atomic\" warning in the RT variant. This issue is illustrated\nin the example below:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 556208, name: test_progs\npreempt_count: 1, expected: 0\nRCU nest depth: 1, expected: 1\nINFO: lockdep is turned off.\nPreemption disabled at:\n[\u003cffffd33a5c88ea44\u003e] migrate_enable+0xc0/0x39c\nCPU: 7 PID: 556208 Comm: test_progs Tainted: G\nHardware name: Qualcomm SA8775P Ride (DT)\nCall trace:\n dump_backtrace+0xac/0x130\n show_stack+0x1c/0x30\n dump_stack_lvl+0xac/0xe8\n dump_stack+0x18/0x30\n __might_resched+0x3bc/0x4fc\n rt_spin_lock+0x8c/0x1a4\n __bpf_ringbuf_reserve+0xc4/0x254\n bpf_ringbuf_reserve_dynptr+0x5c/0xdc\n bpf_prog_ac3d15160d62622a_test_read_write+0x104/0x238\n trace_call_bpf+0x238/0x774\n perf_call_bpf_enter.isra.0+0x104/0x194\n perf_syscall_enter+0x2f8/0x510\n trace_sys_enter+0x39c/0x564\n syscall_trace_enter+0x220/0x3c0\n do_el0_svc+0x138/0x1dc\n el0_svc+0x54/0x130\n el0t_64_sync_handler+0x134/0x150\n el0t_64_sync+0x17c/0x180\n\nSwitch the spinlock to raw_spinlock_t to avoid this error.\n\n * CVE-2024-50153: In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Fix null-ptr-deref in target_alloc_device()\n\nThere is a null-ptr-deref issue reported by KASAN:\n\nBUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod]\n...\n kasan_report+0xb9/0xf0\n target_alloc_device+0xbc4/0xbe0 [target_core_mod]\n core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod]\n target_core_init_configfs+0x205/0x420 [target_core_mod]\n do_one_initcall+0xdd/0x4e0\n...\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nIn target_alloc_device(), if allocing memory for dev queues fails, then\ndev will be freed by dev-\u003etransport-\u003efree_device(), but dev-\u003etransport\nis not initialized at that time, which will lead to a null pointer\nreference problem.\n\nFixing this bug by freeing dev with hba-\u003ebackend-\u003eops-\u003efree_device().\n\n * CVE-2024-50154: In the Linux kernel, the following vulnerability has been resolved:\n\ntcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().\n\nMartin KaFai Lau reported use-after-free [0] in reqsk_timer_handler().\n\n \"\"\"\n We are seeing a use-after-free from a bpf prog attached to\n trace_tcp_retransmit_synack. The program passes the req-\u003esk to the\n bpf_sk_storage_get_tracing kernel helper which does check for null\n before using it.\n \"\"\"\n\nThe commit 83fccfc3940c (\"inet: fix potential deadlock in\nreqsk_queue_unlink()\") added timer_pending() in reqsk_queue_unlink() not\nto call del_timer_sync() from reqsk_timer_handler(), but it introduced a\nsmall race window.\n\nBefore the timer is called, expire_timers() calls detach_timer(timer, true)\nto clear timer-\u003eentry.pprev and marks it as not pending.\n\nIf reqsk_queue_unlink() checks timer_pending() just after expire_timers()\ncalls detach_timer(), TCP will miss del_timer_sync(); the reqsk timer will\ncontinue running and send multiple SYN+ACKs until it expires.\n\nThe reported UAF could happen if req-\u003esk is close()d earlier than the timer\nexpiration, which is 63s by default.\n\nThe scenario would be\n\n 1. inet_csk_complete_hashdance() calls inet_csk_reqsk_queue_drop(),\n but del_timer_sync() is missed\n\n 2. reqsk timer is executed and scheduled again\n\n 3. req-\u003esk is accept()ed and reqsk_put() decrements rsk_refcnt, but\n reqsk timer still has another one, and inet_csk_accept() does not\n clear req-\u003esk for non-TFO sockets\n\n 4. sk is close()d\n\n 5. reqsk timer is executed again, and BPF touches req-\u003esk\n\nLet's not use timer_pending() by passing the caller context to\n__inet_csk_reqsk_queue_drop().\n\nNote that reqsk timer is pinned, so the issue does not happen in most\nuse cases. [1]\n\n[0]\nBUG: KFENCE: use-after-free read in bpf_sk_storage_get_tracing+0x2e/0x1b0\n\nUse-after-free read at 0x00000000a891fb3a (in kfence-#1):\nbpf_sk_storage_get_tracing+0x2e/0x1b0\nbpf_prog_5ea3e95db6da0438_tcp_retransmit_synack+0x1d20/0x1dda\nbpf_trace_run2+0x4c/0xc0\ntcp_rtx_synack+0xf9/0x100\nreqsk_timer_handler+0xda/0x3d0\nrun_timer_softirq+0x292/0x8a0\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\nintel_idle_irq+0x5a/0xa0\ncpuidle_enter_state+0x94/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nkfence-#1: 0x00000000a72cc7b6-0x00000000d97616d9, size=2376, cache=TCPv6\n\nallocated by task 0 on cpu 9 at 260507.901592s:\nsk_prot_alloc+0x35/0x140\nsk_clone_lock+0x1f/0x3f0\ninet_csk_clone_lock+0x15/0x160\ntcp_create_openreq_child+0x1f/0x410\ntcp_v6_syn_recv_sock+0x1da/0x700\ntcp_check_req+0x1fb/0x510\ntcp_v6_rcv+0x98b/0x1420\nipv6_list_rcv+0x2258/0x26e0\nnapi_complete_done+0x5b1/0x2990\nmlx5e_napi_poll+0x2ae/0x8d0\nnet_rx_action+0x13e/0x590\nirq_exit_rcu+0xf5/0x320\ncommon_interrupt+0x80/0x90\nasm_common_interrupt+0x22/0x40\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nfreed by task 0 on cpu 9 at 260507.927527s:\nrcu_core_si+0x4ff/0xf10\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\n * CVE-2024-50160: In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda/cs8409: Fix possible NULL dereference\n\nIf snd_hda_gen_add_kctl fails to allocate memory and returns NULL, then\nNULL pointer dereference will occur in the next line.\n\nSince dolphin_fixups function is a hda_fixup function which is not supposed\nto return any errors, add simple check before dereference, ignore the fail.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n * CVE-2024-50167: In the Linux kernel, the following vulnerability has been resolved:\n\nbe2net: fix potential memory leak in be_xmit()\n\nThe be_xmit() returns NETDEV_TX_OK without freeing skb\nin case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it.\n\n * CVE-2024-50168: In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sun3_82586: fix potential memory leak in sun3_82586_send_packet()\n\nThe sun3_82586_send_packet() returns NETDEV_TX_OK without freeing skb\nin case of skb-\u003elen being too long, add dev_kfree_skb() to fix it.\n\n * CVE-2024-50171: In the Linux kernel, the following vulnerability has been resolved:\n\nnet: systemport: fix potential memory leak in bcm_sysport_xmit()\n\nThe bcm_sysport_xmit() returns NETDEV_TX_OK without freeing skb\nin case of dma_map_single() fails, add dev_kfree_skb() to fix it.\n\n * CVE-2024-50205: In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()\n\nThe step variable is initialized to zero. It is changed in the loop,\nbut if it's not changed it will remain zero. Add a variable check\nbefore the division.\n\nThe observed behavior was introduced by commit 826b5de90c0b\n(\"ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size\"),\nand it is difficult to show that any of the interval parameters will\nsatisfy the snd_interval_test() condition with data from the\namdtp_rate_table[] table.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n * #51728: Запрос на добавление модуля ядра Broadcom eHBA 9600-24i Tri-Mode Storage Adapter", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-11-14" + }, + "Updated": { + "Date": "2024-11-14" + }, + "BDUs": null, + "CVEs": [ + { + "ID": "CVE-2024-50032", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50032", + "Impact": "Low", + "Public": "20241021" + }, + { + "ID": "CVE-2024-50069", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50069", + "Impact": "Low", + "Public": "20241029" + }, + { + "ID": "CVE-2024-50073", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50073", + "Impact": "High", + "Public": "20241029" + }, + { + "ID": "CVE-2024-50074", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50074", + "Impact": "High", + "Public": "20241029" + }, + { + "ID": "CVE-2024-50077", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50077", + "Impact": "Low", + "Public": "20241029" + }, + { + "ID": "CVE-2024-50078", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50078", + "Impact": "Low", + "Public": "20241029" + }, + { + "ID": "CVE-2024-50082", + "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50082", + "Impact": "Low", + "Public": "20241029" + }, + { + "ID": "CVE-2024-50083", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50083", + "Impact": "High", + "Public": "20241029" + }, + { + "ID": "CVE-2024-50085", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50085", + "Impact": "Low", + "Public": "20241029" + }, + { + "ID": "CVE-2024-50086", + "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50086", + "Impact": "High", + "Public": "20241029" + }, + { + "ID": "CVE-2024-50087", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-824", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50087", + "Impact": "Low", + "Public": "20241029" + }, + { + "ID": "CVE-2024-50088", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-824", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50088", + "Impact": "High", + "Public": "20241029" + }, + { + "ID": "CVE-2024-50098", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50098", + "Impact": "Low", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50099", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50099", + "Impact": "Low", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50101", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50101", + "Impact": "Low", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50103", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50103", + "Impact": "Low", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50108", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50108", + "Impact": "Low", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50110", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "CWE": "CWE-908", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50110", + "Impact": "Low", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50115", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50115", + "Impact": "High", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50116", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50116", + "Impact": "Low", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50117", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50117", + "Impact": "Low", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50124", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50124", + "Impact": "High", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50125", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50125", + "Impact": "High", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50127", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50127", + "Impact": "High", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50128", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50128", + "Impact": "High", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50131", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-120", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50131", + "Impact": "High", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50133", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50133", + "Impact": "Low", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50134", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50134", + "Impact": "Low", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50136", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50136", + "Impact": "Low", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50138", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "NVD-CWE-noinfo", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50138", + "Impact": "Low", + "Public": "20241105" + }, + { + "ID": "CVE-2024-50153", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50153", + "Impact": "Low", + "Public": "20241107" + }, + { + "ID": "CVE-2024-50154", + "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50154", + "Impact": "High", + "Public": "20241107" + }, + { + "ID": "CVE-2024-50160", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50160", + "Impact": "Low", + "Public": "20241107" + }, + { + "ID": "CVE-2024-50167", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-401", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50167", + "Impact": "Low", + "Public": "20241107" + }, + { + "ID": "CVE-2024-50168", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-401", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50168", + "Impact": "Low", + "Public": "20241107" + }, + { + "ID": "CVE-2024-50171", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-401", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50171", + "Impact": "Low", + "Public": "20241107" + }, + { + "ID": "CVE-2024-50205", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-369", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-50205", + "Impact": "Low", + "Public": "20241108" + } + ], + "Bugzilla": [ + { + "ID": "51728", + "Href": "https://bugzilla.altlinux.org/51728", + "Data": "Запрос на добавление модуля ядра Broadcom eHBA 9600-24i Tri-Mode Storage Adapter" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202415251001", + "Comment": "kernel-doc-un is earlier than 1:6.1.115-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415251002", + "Comment": "kernel-headers-modules-un-def is earlier than 1:6.1.115-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415251003", + "Comment": "kernel-headers-un-def is earlier than 1:6.1.115-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415251004", + "Comment": "kernel-image-domU-un-def is earlier than 1:6.1.115-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415251005", + "Comment": "kernel-image-un-def is earlier than 1:6.1.115-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415251006", + "Comment": "kernel-image-un-def-checkinstall is earlier than 1:6.1.115-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415251007", + "Comment": "kernel-modules-drm-ancient-un-def is earlier than 1:6.1.115-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415251008", + "Comment": "kernel-modules-drm-nouveau-un-def is earlier than 1:6.1.115-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415251009", + "Comment": "kernel-modules-drm-un-def is earlier than 1:6.1.115-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415251010", + "Comment": "kernel-modules-staging-un-def is earlier than 1:6.1.115-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-15251/objects.json b/oval/p10/ALT-PU-2024-15251/objects.json new file mode 100644 index 0000000000..2bb9eac5fa --- /dev/null +++ b/oval/p10/ALT-PU-2024-15251/objects.json @@ -0,0 +1,88 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202415251001", + "Version": "1", + "Comment": "kernel-doc-un is installed", + "Name": "kernel-doc-un" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415251002", + "Version": "1", + "Comment": "kernel-headers-modules-un-def is installed", + "Name": "kernel-headers-modules-un-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415251003", + "Version": "1", + "Comment": "kernel-headers-un-def is installed", + "Name": "kernel-headers-un-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415251004", + "Version": "1", + "Comment": "kernel-image-domU-un-def is installed", + "Name": "kernel-image-domU-un-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415251005", + "Version": "1", + "Comment": "kernel-image-un-def is installed", + "Name": "kernel-image-un-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415251006", + "Version": "1", + "Comment": "kernel-image-un-def-checkinstall is installed", + "Name": "kernel-image-un-def-checkinstall" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415251007", + "Version": "1", + "Comment": "kernel-modules-drm-ancient-un-def is installed", + "Name": "kernel-modules-drm-ancient-un-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415251008", + "Version": "1", + "Comment": "kernel-modules-drm-nouveau-un-def is installed", + "Name": "kernel-modules-drm-nouveau-un-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415251009", + "Version": "1", + "Comment": "kernel-modules-drm-un-def is installed", + "Name": "kernel-modules-drm-un-def" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415251010", + "Version": "1", + "Comment": "kernel-modules-staging-un-def is installed", + "Name": "kernel-modules-staging-un-def" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-15251/states.json b/oval/p10/ALT-PU-2024-15251/states.json new file mode 100644 index 0000000000..ce9a62dbdc --- /dev/null +++ b/oval/p10/ALT-PU-2024-15251/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202415251001", + "Version": "1", + "Comment": "package EVR is earlier than 1:6.1.115-alt1", + "Arch": {}, + "EVR": { + "Text": "1:6.1.115-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-15251/tests.json b/oval/p10/ALT-PU-2024-15251/tests.json new file mode 100644 index 0000000000..f9185d0ea8 --- /dev/null +++ b/oval/p10/ALT-PU-2024-15251/tests.json @@ -0,0 +1,138 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202415251001", + "Version": "1", + "Check": "all", + "Comment": "kernel-doc-un is earlier than 1:6.1.115-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415251001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415251001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415251002", + "Version": "1", + "Check": "all", + "Comment": "kernel-headers-modules-un-def is earlier than 1:6.1.115-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415251002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415251001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415251003", + "Version": "1", + "Check": "all", + "Comment": "kernel-headers-un-def is earlier than 1:6.1.115-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415251003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415251001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415251004", + "Version": "1", + "Check": "all", + "Comment": "kernel-image-domU-un-def is earlier than 1:6.1.115-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415251004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415251001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415251005", + "Version": "1", + "Check": "all", + "Comment": "kernel-image-un-def is earlier than 1:6.1.115-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415251005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415251001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415251006", + "Version": "1", + "Check": "all", + "Comment": "kernel-image-un-def-checkinstall is earlier than 1:6.1.115-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415251006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415251001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415251007", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-drm-ancient-un-def is earlier than 1:6.1.115-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415251007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415251001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415251008", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-drm-nouveau-un-def is earlier than 1:6.1.115-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415251008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415251001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415251009", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-drm-un-def is earlier than 1:6.1.115-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415251009" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415251001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415251010", + "Version": "1", + "Check": "all", + "Comment": "kernel-modules-staging-un-def is earlier than 1:6.1.115-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415251010" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415251001" + } + } + ] +} \ No newline at end of file