pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-10-22 03:04:44 +00:00
parent 5a3f61e265
commit 9053864ec9
37 changed files with 2254 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
oval/c10f1/ALT-PU-2020-3035/definitions.json
View File

File diff suppressed because one or more lines are too long

2
oval/c10f1/ALT-PU-2020-3144/definitions.json
View File

File diff suppressed because one or more lines are too long

2
oval/c10f1/ALT-PU-2021-1876/definitions.json
View File

File diff suppressed because one or more lines are too long

2
oval/c10f1/ALT-PU-2021-1972/definitions.json
View File

File diff suppressed because one or more lines are too long

169
oval/c10f1/ALT-PU-2024-14101/definitions.json Normal file
View File

@ -0,0 +1,169 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414101",
"Version": "oval:org.altlinux.errata:def:202414101",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14101: package `mono` update to version 6.12.0.199-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14101",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14101",
"Source": "ALTPU"
}
],
"Description": "This update upgrades mono to version 6.12.0.199-alt2. \nSecurity Fix(es):\n\n * #46650: Обновление mono до версии 6.12.0.182.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-10-21"
},
"Updated": {
"Date": "2024-10-21"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "46650",
"Href": "https://bugzilla.altlinux.org/46650",
"Data": "Обновление mono до версии 6.12.0.182."
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414101001",
"Comment": "mono-core is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101002",
"Comment": "mono-data is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101003",
"Comment": "mono-data-oracle is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101004",
"Comment": "mono-data-sqlite is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101005",
"Comment": "mono-devel is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101006",
"Comment": "mono-devel-full is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101007",
"Comment": "mono-dyndata is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101008",
"Comment": "mono-extras is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101009",
"Comment": "mono-full is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101010",
"Comment": "mono-locale-extras is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101011",
"Comment": "mono-mono2-compat is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101012",
"Comment": "mono-mono2-compat-devel is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101013",
"Comment": "mono-monodoc is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101014",
"Comment": "mono-monodoc-devel is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101015",
"Comment": "mono-mvc is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101016",
"Comment": "mono-mvc-devel is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101017",
"Comment": "mono-reactive is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101018",
"Comment": "mono-reactive-devel is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101019",
"Comment": "mono-reactive-winforms is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101020",
"Comment": "mono-wcf is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101021",
"Comment": "mono-web is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101022",
"Comment": "mono-web-devel is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101023",
"Comment": "mono-winforms is earlier than 0:6.12.0.199-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414101024",
"Comment": "mono-winfx is earlier than 0:6.12.0.199-alt2"
}
]
}
]
}
}
]
}

172
oval/c10f1/ALT-PU-2024-14101/objects.json Normal file
View File

@ -0,0 +1,172 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414101001",
"Version": "1",
"Comment": "mono-core is installed",
"Name": "mono-core"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101002",
"Version": "1",
"Comment": "mono-data is installed",
"Name": "mono-data"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101003",
"Version": "1",
"Comment": "mono-data-oracle is installed",
"Name": "mono-data-oracle"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101004",
"Version": "1",
"Comment": "mono-data-sqlite is installed",
"Name": "mono-data-sqlite"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101005",
"Version": "1",
"Comment": "mono-devel is installed",
"Name": "mono-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101006",
"Version": "1",
"Comment": "mono-devel-full is installed",
"Name": "mono-devel-full"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101007",
"Version": "1",
"Comment": "mono-dyndata is installed",
"Name": "mono-dyndata"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101008",
"Version": "1",
"Comment": "mono-extras is installed",
"Name": "mono-extras"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101009",
"Version": "1",
"Comment": "mono-full is installed",
"Name": "mono-full"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101010",
"Version": "1",
"Comment": "mono-locale-extras is installed",
"Name": "mono-locale-extras"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101011",
"Version": "1",
"Comment": "mono-mono2-compat is installed",
"Name": "mono-mono2-compat"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101012",
"Version": "1",
"Comment": "mono-mono2-compat-devel is installed",
"Name": "mono-mono2-compat-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101013",
"Version": "1",
"Comment": "mono-monodoc is installed",
"Name": "mono-monodoc"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101014",
"Version": "1",
"Comment": "mono-monodoc-devel is installed",
"Name": "mono-monodoc-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101015",
"Version": "1",
"Comment": "mono-mvc is installed",
"Name": "mono-mvc"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101016",
"Version": "1",
"Comment": "mono-mvc-devel is installed",
"Name": "mono-mvc-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101017",
"Version": "1",
"Comment": "mono-reactive is installed",
"Name": "mono-reactive"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101018",
"Version": "1",
"Comment": "mono-reactive-devel is installed",
"Name": "mono-reactive-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101019",
"Version": "1",
"Comment": "mono-reactive-winforms is installed",
"Name": "mono-reactive-winforms"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101020",
"Version": "1",
"Comment": "mono-wcf is installed",
"Name": "mono-wcf"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101021",
"Version": "1",
"Comment": "mono-web is installed",
"Name": "mono-web"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101022",
"Version": "1",
"Comment": "mono-web-devel is installed",
"Name": "mono-web-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101023",
"Version": "1",
"Comment": "mono-winforms is installed",
"Name": "mono-winforms"
},
{
"ID": "oval:org.altlinux.errata:obj:202414101024",
"Version": "1",
"Comment": "mono-winfx is installed",
"Name": "mono-winfx"
}
]
}

23
oval/c10f1/ALT-PU-2024-14101/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414101001",
"Version": "1",
"Comment": "package EVR is earlier than 0:6.12.0.199-alt2",
"Arch": {},
"EVR": {
"Text": "0:6.12.0.199-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

306
oval/c10f1/ALT-PU-2024-14101/tests.json Normal file
View File

@ -0,0 +1,306 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414101001",
"Version": "1",
"Check": "all",
"Comment": "mono-core is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101002",
"Version": "1",
"Check": "all",
"Comment": "mono-data is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101003",
"Version": "1",
"Check": "all",
"Comment": "mono-data-oracle is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101004",
"Version": "1",
"Check": "all",
"Comment": "mono-data-sqlite is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101005",
"Version": "1",
"Check": "all",
"Comment": "mono-devel is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101006",
"Version": "1",
"Check": "all",
"Comment": "mono-devel-full is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101007",
"Version": "1",
"Check": "all",
"Comment": "mono-dyndata is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101008",
"Version": "1",
"Check": "all",
"Comment": "mono-extras is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101009",
"Version": "1",
"Check": "all",
"Comment": "mono-full is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101010",
"Version": "1",
"Check": "all",
"Comment": "mono-locale-extras is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101011",
"Version": "1",
"Check": "all",
"Comment": "mono-mono2-compat is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101012",
"Version": "1",
"Check": "all",
"Comment": "mono-mono2-compat-devel is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101012"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101013",
"Version": "1",
"Check": "all",
"Comment": "mono-monodoc is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101013"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101014",
"Version": "1",
"Check": "all",
"Comment": "mono-monodoc-devel is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101014"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101015",
"Version": "1",
"Check": "all",
"Comment": "mono-mvc is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101015"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101016",
"Version": "1",
"Check": "all",
"Comment": "mono-mvc-devel is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101016"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101017",
"Version": "1",
"Check": "all",
"Comment": "mono-reactive is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101017"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101018",
"Version": "1",
"Check": "all",
"Comment": "mono-reactive-devel is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101018"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101019",
"Version": "1",
"Check": "all",
"Comment": "mono-reactive-winforms is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101019"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101020",
"Version": "1",
"Check": "all",
"Comment": "mono-wcf is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101020"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101021",
"Version": "1",
"Check": "all",
"Comment": "mono-web is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101021"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101022",
"Version": "1",
"Check": "all",
"Comment": "mono-web-devel is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101022"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101023",
"Version": "1",
"Check": "all",
"Comment": "mono-winforms is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101023"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414101024",
"Version": "1",
"Check": "all",
"Comment": "mono-winfx is earlier than 0:6.12.0.199-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414101024"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414101001"
}
}
]
}

165
oval/c10f1/ALT-PU-2024-14219/definitions.json Normal file
View File

@ -0,0 +1,165 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414219",
"Version": "oval:org.altlinux.errata:def:202414219",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14219: package `libfreetype` update to version 2.13.2-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14219",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14219",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-06905",
"RefURL": "https://bdu.fstec.ru/vul/2022-06905",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06908",
"RefURL": "https://bdu.fstec.ru/vul/2022-06908",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06917",
"RefURL": "https://bdu.fstec.ru/vul/2022-06917",
"Source": "BDU"
},
{
"RefID": "CVE-2022-27404",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-27404",
"Source": "CVE"
},
{
"RefID": "CVE-2022-27405",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-27405",
"Source": "CVE"
},
{
"RefID": "CVE-2022-27406",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-27406",
"Source": "CVE"
}
],
"Description": "This update upgrades libfreetype to version 2.13.2-alt1. \nSecurity Fix(es):\n\n * BDU:2022-06905: Уязвимость функции FT_Request_Size библиотеки FreeType, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-06908: Уязвимость функции sfnt_init_face библиотеки FreeType, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-06917: Уязвимость функции FNT_Size_Request библиотеки FreeType, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2022-27404: FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.\n\n * CVE-2022-27405: FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.\n\n * CVE-2022-27406: FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-10-21"
},
"Updated": {
"Date": "2024-10-21"
},
"BDUs": [
{
"ID": "BDU:2022-06905",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2022-06905",
"Impact": "High",
"Public": "20220319"
},
{
"ID": "BDU:2022-06908",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-06908",
"Impact": "Critical",
"Public": "20220317"
},
{
"ID": "BDU:2022-06917",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2022-06917",
"Impact": "High",
"Public": "20220318"
}
],
"CVEs": [
{
"ID": "CVE-2022-27404",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-27404",
"Impact": "Critical",
"Public": "20220422"
},
{
"ID": "CVE-2022-27405",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-27405",
"Impact": "High",
"Public": "20220422"
},
{
"ID": "CVE-2022-27406",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-27406",
"Impact": "High",
"Public": "20220422"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414219001",
"Comment": "libfreetype is earlier than 0:2.13.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414219002",
"Comment": "libfreetype-demos is earlier than 0:2.13.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414219003",
"Comment": "libfreetype-devel is earlier than 0:2.13.2-alt1"
}
]
}
]
}
}
]
}

46
oval/c10f1/ALT-PU-2024-14219/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414219001",
"Version": "1",
"Comment": "libfreetype is installed",
"Name": "libfreetype"
},
{
"ID": "oval:org.altlinux.errata:obj:202414219002",
"Version": "1",
"Comment": "libfreetype-demos is installed",
"Name": "libfreetype-demos"
},
{
"ID": "oval:org.altlinux.errata:obj:202414219003",
"Version": "1",
"Comment": "libfreetype-devel is installed",
"Name": "libfreetype-devel"
}
]
}

23
oval/c10f1/ALT-PU-2024-14219/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414219001",
"Version": "1",
"Comment": "package EVR is earlier than 0:2.13.2-alt1",
"Arch": {},
"EVR": {
"Text": "0:2.13.2-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/c10f1/ALT-PU-2024-14219/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414219001",
"Version": "1",
"Check": "all",
"Comment": "libfreetype is earlier than 0:2.13.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414219001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414219001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414219002",
"Version": "1",
"Check": "all",
"Comment": "libfreetype-demos is earlier than 0:2.13.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414219002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414219001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414219003",
"Version": "1",
"Check": "all",
"Comment": "libfreetype-devel is earlier than 0:2.13.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414219003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414219001"
}
}
]
}

2
oval/c10f1/ALT-PU-2024-8236/definitions.json
View File

@ -35,7 +35,7 @@
"Source": "CVE" "Source": "CVE"
} }
], ],
"Description": "This update upgrades mongo4.4 to version 4.4.29-alt0.c10.1. \nSecurity Fix(es):\n\n * BDU:2024-01947: Уязвимость системы управления базами данных MongoDB, связанная с ошибками процедуры подтверждения подлинности TLS сертификата, позволяющая нарушителю устанавить несанкционированное соединение к серверу MongoDB\n\n * CVE-2024-1351: Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28.\n\nRequired Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.\n\n", "Description": "This update upgrades mongo4.4 to version 4.4.29-alt0.c10.1. \nSecurity Fix(es):\n\n * BDU:2024-01947: Уязвимость системы управления базами данных MongoDB, связанная с ошибками процедуры подтверждения подлинности TLS сертификата, позволяющая нарушителю установить несанкционированное соединение к серверу MongoDB\n\n * CVE-2024-1351: Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28.\n\nRequired Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.\n\n",
"Advisory": { "Advisory": {
"From": "errata.altlinux.org", "From": "errata.altlinux.org",
"Severity": "High", "Severity": "High",

2
oval/c10f1/ALT-PU-2024-8238/definitions.json
View File

@ -45,7 +45,7 @@
"Source": "CVE" "Source": "CVE"
} }
], ],
"Description": "This update upgrades mongo6.0 to version 6.0.14-alt0.c10.1. \nSecurity Fix(es):\n\n * BDU:2024-01947: Уязвимость системы управления базами данных MongoDB, связанная с ошибками процедуры подтверждения подлинности TLS сертификата, позволяющая нарушителю устанавить несанкционированное соединение к серверу MongoDB\n\n * CVE-2024-1351: Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28.\n\nRequired Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.\n\n\n\n * CVE-2024-3372: Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.\n\n\n * CVE-2024-3374: An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.\n", "Description": "This update upgrades mongo6.0 to version 6.0.14-alt0.c10.1. \nSecurity Fix(es):\n\n * BDU:2024-01947: Уязвимость системы управления базами данных MongoDB, связанная с ошибками процедуры подтверждения подлинности TLS сертификата, позволяющая нарушителю установить несанкционированное соединение к серверу MongoDB\n\n * CVE-2024-1351: Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28.\n\nRequired Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.\n\n\n\n * CVE-2024-3372: Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.\n\n\n * CVE-2024-3374: An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.\n",
"Advisory": { "Advisory": {
"From": "errata.altlinux.org", "From": "errata.altlinux.org",
"Severity": "High", "Severity": "High",

2
oval/c10f1/ALT-PU-2024-8258/definitions.json
View File

@ -45,7 +45,7 @@
"Source": "CVE" "Source": "CVE"
} }
], ],
"Description": "This update upgrades mongo5.0 to version 5.0.25-alt0.c10.1. \nSecurity Fix(es):\n\n * BDU:2024-01947: Уязвимость системы управления базами данных MongoDB, связанная с ошибками процедуры подтверждения подлинности TLS сертификата, позволяющая нарушителю устанавить несанкционированное соединение к серверу MongoDB\n\n * CVE-2024-1351: Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28.\n\nRequired Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.\n\n\n\n * CVE-2024-3372: Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.\n\n\n * CVE-2024-3374: An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.\n", "Description": "This update upgrades mongo5.0 to version 5.0.25-alt0.c10.1. \nSecurity Fix(es):\n\n * BDU:2024-01947: Уязвимость системы управления базами данных MongoDB, связанная с ошибками процедуры подтверждения подлинности TLS сертификата, позволяющая нарушителю установить несанкционированное соединение к серверу MongoDB\n\n * CVE-2024-1351: Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28.\n\nRequired Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured.\n\n\n\n * CVE-2024-3372: Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.\n\n\n * CVE-2024-3374: An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.\n",
"Advisory": { "Advisory": {
"From": "errata.altlinux.org", "From": "errata.altlinux.org",
"Severity": "High", "Severity": "High",

2
oval/c9f2/ALT-PU-2021-1379/definitions.json
View File

File diff suppressed because one or more lines are too long

2
oval/c9f2/ALT-PU-2021-2141/definitions.json
View File

File diff suppressed because one or more lines are too long

2
oval/p10/ALT-PU-2020-3035/definitions.json
View File

File diff suppressed because one or more lines are too long

2
oval/p10/ALT-PU-2020-3144/definitions.json
View File

File diff suppressed because one or more lines are too long

2
oval/p10/ALT-PU-2021-1876/definitions.json
View File

File diff suppressed because one or more lines are too long

2
oval/p10/ALT-PU-2021-1972/definitions.json
View File

File diff suppressed because one or more lines are too long

462
oval/p10/ALT-PU-2024-13687/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

52
oval/p10/ALT-PU-2024-13687/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202413687001",
"Version": "1",
"Comment": "pve-qemu is installed",
"Name": "pve-qemu"
},
{
"ID": "oval:org.altlinux.errata:obj:202413687002",
"Version": "1",
"Comment": "pve-qemu-common is installed",
"Name": "pve-qemu-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202413687003",
"Version": "1",
"Comment": "pve-qemu-img is installed",
"Name": "pve-qemu-img"
},
{
"ID": "oval:org.altlinux.errata:obj:202413687004",
"Version": "1",
"Comment": "pve-qemu-system is installed",
"Name": "pve-qemu-system"
}
]
}

23
oval/p10/ALT-PU-2024-13687/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202413687001",
"Version": "1",
"Comment": "package EVR is earlier than 1:7.2.10-alt1",
"Arch": {},
"EVR": {
"Text": "1:7.2.10-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/p10/ALT-PU-2024-13687/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202413687001",
"Version": "1",
"Check": "all",
"Comment": "pve-qemu is earlier than 1:7.2.10-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413687001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413687001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202413687002",
"Version": "1",
"Check": "all",
"Comment": "pve-qemu-common is earlier than 1:7.2.10-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413687002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413687001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202413687003",
"Version": "1",
"Check": "all",
"Comment": "pve-qemu-img is earlier than 1:7.2.10-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413687003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413687001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202413687004",
"Version": "1",
"Check": "all",
"Comment": "pve-qemu-system is earlier than 1:7.2.10-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413687004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413687001"
}
}
]
}

147
oval/p10/ALT-PU-2024-13881/definitions.json Normal file
View File

@ -0,0 +1,147 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202413881",
"Version": "oval:org.altlinux.errata:def:202413881",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-13881: package `etcd` update to version 3.5.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-13881",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-13881",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-02688",
"RefURL": "https://bdu.fstec.ru/vul/2024-02688",
"Source": "BDU"
},
{
"RefID": "BDU:2024-04111",
"RefURL": "https://bdu.fstec.ru/vul/2024-04111",
"Source": "BDU"
},
{
"RefID": "CVE-2023-45288",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"Source": "CVE"
},
{
"RefID": "CVE-2024-24786",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786",
"Source": "CVE"
}
],
"Description": "This update upgrades etcd to version 3.5.15-alt1. \nSecurity Fix(es):\n\n * BDU:2024-02688: Уязвимость библиотек net/http и net/http2 языка программирования Go, связана с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-04111: Уязвимость функции protojson.Unmarshal() пакета golang-google-protobuf языка программирования Golang, связанная с циклом с недостижимым условием выхода, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-45288: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.\n\n * CVE-2024-24786: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-10-21"
},
"Updated": {
"Date": "2024-10-21"
},
"BDUs": [
{
"ID": "BDU:2024-02688",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2024-02688",
"Impact": "Low",
"Public": "20240404"
},
{
"ID": "BDU:2024-04111",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2024-04111",
"Impact": "Low",
"Public": "20240305"
}
],
"CVEs": [
{
"ID": "CVE-2023-45288",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"Impact": "None",
"Public": "20240404"
},
{
"ID": "CVE-2024-24786",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786",
"Impact": "None",
"Public": "20240305"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202413881001",
"Comment": "etcd is earlier than 0:3.5.15-alt1"
}
]
}
]
}
}
]
}

34
oval/p10/ALT-PU-2024-13881/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202413881001",
"Version": "1",
"Comment": "etcd is installed",
"Name": "etcd"
}
]
}

23
oval/p10/ALT-PU-2024-13881/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202413881001",
"Version": "1",
"Comment": "package EVR is earlier than 0:3.5.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:3.5.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p10/ALT-PU-2024-13881/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202413881001",
"Version": "1",
"Check": "all",
"Comment": "etcd is earlier than 0:3.5.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413881001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413881001"
}
}
]
}

319
oval/p10/ALT-PU-2024-14169/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

46
oval/p10/ALT-PU-2024-14169/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414169001",
"Version": "1",
"Comment": "nextcloud is installed",
"Name": "nextcloud"
},
{
"ID": "oval:org.altlinux.errata:obj:202414169002",
"Version": "1",
"Comment": "nextcloud-apache2 is installed",
"Name": "nextcloud-apache2"
},
{
"ID": "oval:org.altlinux.errata:obj:202414169003",
"Version": "1",
"Comment": "nextcloud-nginx is installed",
"Name": "nextcloud-nginx"
}
]
}

23
oval/p10/ALT-PU-2024-14169/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414169001",
"Version": "1",
"Comment": "package EVR is earlier than 0:30.0.0-alt1",
"Arch": {},
"EVR": {
"Text": "0:30.0.0-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/p10/ALT-PU-2024-14169/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414169001",
"Version": "1",
"Check": "all",
"Comment": "nextcloud is earlier than 0:30.0.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414169001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414169001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414169002",
"Version": "1",
"Check": "all",
"Comment": "nextcloud-apache2 is earlier than 0:30.0.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414169002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414169001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414169003",
"Version": "1",
"Check": "all",
"Comment": "nextcloud-nginx is earlier than 0:30.0.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414169003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414169001"
}
}
]
}

2
oval/p9/ALT-PU-2021-1157/definitions.json
View File

File diff suppressed because one or more lines are too long

2
oval/p9/ALT-PU-2021-1210/definitions.json
View File

File diff suppressed because one or more lines are too long

2
oval/p9/ALT-PU-2021-2007/definitions.json
View File

File diff suppressed because one or more lines are too long

2
oval/p9/ALT-PU-2021-2009/definitions.json
View File

File diff suppressed because one or more lines are too long