pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-04-17 15:03:09 +00:00
parent 7160d0dfc4
commit 8aa9afc24e
12 changed files with 1058 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

450
oval/c10f1/ALT-PU-2024-4847/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

70
oval/c10f1/ALT-PU-2024-4847/objects.json Normal file
View File

@ -0,0 +1,70 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20244847001",
"Version": "1",
"Comment": "golang is installed",
"Name": "golang"
},
{
"ID": "oval:org.altlinux.errata:obj:20244847002",
"Version": "1",
"Comment": "golang-docs is installed",
"Name": "golang-docs"
},
{
"ID": "oval:org.altlinux.errata:obj:20244847003",
"Version": "1",
"Comment": "golang-gdb is installed",
"Name": "golang-gdb"
},
{
"ID": "oval:org.altlinux.errata:obj:20244847004",
"Version": "1",
"Comment": "golang-misc is installed",
"Name": "golang-misc"
},
{
"ID": "oval:org.altlinux.errata:obj:20244847005",
"Version": "1",
"Comment": "golang-shared is installed",
"Name": "golang-shared"
},
{
"ID": "oval:org.altlinux.errata:obj:20244847006",
"Version": "1",
"Comment": "golang-src is installed",
"Name": "golang-src"
},
{
"ID": "oval:org.altlinux.errata:obj:20244847007",
"Version": "1",
"Comment": "golang-tests is installed",
"Name": "golang-tests"
}
]
}

23
oval/c10f1/ALT-PU-2024-4847/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20244847001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.21.8-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.21.8-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

102
oval/c10f1/ALT-PU-2024-4847/tests.json Normal file
View File

@ -0,0 +1,102 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20244847001",
"Version": "1",
"Check": "all",
"Comment": "golang is earlier than 0:1.21.8-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244847001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244847001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244847002",
"Version": "1",
"Check": "all",
"Comment": "golang-docs is earlier than 0:1.21.8-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244847002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244847001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244847003",
"Version": "1",
"Check": "all",
"Comment": "golang-gdb is earlier than 0:1.21.8-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244847003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244847001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244847004",
"Version": "1",
"Check": "all",
"Comment": "golang-misc is earlier than 0:1.21.8-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244847004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244847001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244847005",
"Version": "1",
"Check": "all",
"Comment": "golang-shared is earlier than 0:1.21.8-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244847005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244847001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244847006",
"Version": "1",
"Check": "all",
"Comment": "golang-src is earlier than 0:1.21.8-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244847006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244847001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244847007",
"Version": "1",
"Check": "all",
"Comment": "golang-tests is earlier than 0:1.21.8-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244847007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244847001"
}
}
]
}

100
oval/c10f1/ALT-PU-2024-6625/definitions.json Normal file
View File

@ -0,0 +1,100 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20246625",
"Version": "oval:org.altlinux.errata:def:20246625",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-6625: package `caddy` update to version 2.7.6-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-6625",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-6625",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-06559",
"RefURL": "https://bdu.fstec.ru/vul/2023-06559",
"Source": "BDU"
},
{
"RefID": "CVE-2023-44487",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"Source": "CVE"
}
],
"Description": "This update upgrades caddy to version 2.7.6-alt1. \nSecurity Fix(es):\n\n * BDU:2023-06559: Уязвимость реализации протокола HTTP/2, связанная с возможностью формирования потока запросов в рамках уже установленного сетевого соединения, без открытия новых сетевых соединений и без подтверждения получения пакетов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-04-17"
},
"Updated": {
"Date": "2024-04-17"
},
"BDUs": [
{
"ID": "BDU:2023-06559",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2023-06559",
"Impact": "High",
"Public": "20231010"
}
],
"CVEs": [
{
"ID": "CVE-2023-44487",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"Impact": "High",
"Public": "20231010"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20246625001",
"Comment": "caddy is earlier than 0:2.7.6-alt1"
}
]
}
]
}
}
]
}

34
oval/c10f1/ALT-PU-2024-6625/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20246625001",
"Version": "1",
"Comment": "caddy is installed",
"Name": "caddy"
}
]
}

23
oval/c10f1/ALT-PU-2024-6625/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20246625001",
"Version": "1",
"Comment": "package EVR is earlier than 0:2.7.6-alt1",
"Arch": {},
"EVR": {
"Text": "0:2.7.6-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c10f1/ALT-PU-2024-6625/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20246625001",
"Version": "1",
"Check": "all",
"Comment": "caddy is earlier than 0:2.7.6-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20246625001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20246625001"
}
}
]
}

139
oval/c10f1/ALT-PU-2024-6626/definitions.json Normal file
View File

@ -0,0 +1,139 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20246626",
"Version": "oval:org.altlinux.errata:def:20246626",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-6626: package `traefik` update to version 2.10.7-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-6626",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-6626",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-06559",
"RefURL": "https://bdu.fstec.ru/vul/2023-06559",
"Source": "BDU"
},
{
"RefID": "CVE-2023-44487",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"Source": "CVE"
},
{
"RefID": "CVE-2023-47106",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-47106",
"Source": "CVE"
},
{
"RefID": "CVE-2023-47124",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-47124",
"Source": "CVE"
},
{
"RefID": "CVE-2023-47633",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-47633",
"Source": "CVE"
}
],
"Description": "This update upgrades traefik to version 2.10.7-alt1. \nSecurity Fix(es):\n\n * BDU:2023-06559: Уязвимость реализации протокола HTTP/2, связанная с возможностью формирования потока запросов в рамках уже установленного сетевого соединения, без открытия новых сетевых соединений и без подтверждения получения пакетов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.\n\n * CVE-2023-47106: Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n * CVE-2023-47124: Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the `HTTPChallenge` to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers to achieve a `slowloris attack`. This vulnerability has been patch in version 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. Users unable to upgrade should replace the `HTTPChallenge` with the `TLSChallenge` or the `DNSChallenge`.\n\n * CVE-2023-47633: Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-04-17"
},
"Updated": {
"Date": "2024-04-17"
},
"BDUs": [
{
"ID": "BDU:2023-06559",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2023-06559",
"Impact": "High",
"Public": "20231010"
}
],
"CVEs": [
{
"ID": "CVE-2023-44487",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"Impact": "High",
"Public": "20231010"
},
{
"ID": "CVE-2023-47106",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-47106",
"Impact": "Low",
"Public": "20231204"
},
{
"ID": "CVE-2023-47124",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-772",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-47124",
"Impact": "Low",
"Public": "20231204"
},
{
"ID": "CVE-2023-47633",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-47633",
"Impact": "High",
"Public": "20231204"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20246626001",
"Comment": "traefik is earlier than 0:2.10.7-alt1"
}
]
}
]
}
}
]
}

34
oval/c10f1/ALT-PU-2024-6626/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20246626001",
"Version": "1",
"Comment": "traefik is installed",
"Name": "traefik"
}
]
}

23
oval/c10f1/ALT-PU-2024-6626/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20246626001",
"Version": "1",
"Comment": "package EVR is earlier than 0:2.10.7-alt1",
"Arch": {},
"EVR": {
"Text": "0:2.10.7-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c10f1/ALT-PU-2024-6626/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20246626001",
"Version": "1",
"Check": "all",
"Comment": "traefik is earlier than 0:2.10.7-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20246626001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20246626001"
}
}
]
}