pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-12-19 03:06:33 +00:00
parent a538f1e924
commit 90575208ea
36 changed files with 8741 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2143
oval/p10/ALT-PU-2024-16172/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

52
oval/p10/ALT-PU-2024-16172/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416172001",
"Version": "1",
"Comment": "kernel-headers-modules-rt is installed",
"Name": "kernel-headers-modules-rt"
},
{
"ID": "oval:org.altlinux.errata:obj:202416172002",
"Version": "1",
"Comment": "kernel-headers-rt is installed",
"Name": "kernel-headers-rt"
},
{
"ID": "oval:org.altlinux.errata:obj:202416172003",
"Version": "1",
"Comment": "kernel-image-rt is installed",
"Name": "kernel-image-rt"
},
{
"ID": "oval:org.altlinux.errata:obj:202416172004",
"Version": "1",
"Comment": "kernel-image-rt-checkinstall is installed",
"Name": "kernel-image-rt-checkinstall"
}
]
}

23
oval/p10/ALT-PU-2024-16172/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416172001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.10.229-alt1.rt121",
"Arch": {},
"EVR": {
"Text": "0:5.10.229-alt1.rt121",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/p10/ALT-PU-2024-16172/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416172001",
"Version": "1",
"Check": "all",
"Comment": "kernel-headers-modules-rt is earlier than 0:5.10.229-alt1.rt121",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416172001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416172001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416172002",
"Version": "1",
"Check": "all",
"Comment": "kernel-headers-rt is earlier than 0:5.10.229-alt1.rt121",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416172002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416172001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416172003",
"Version": "1",
"Check": "all",
"Comment": "kernel-image-rt is earlier than 0:5.10.229-alt1.rt121",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416172003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416172001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416172004",
"Version": "1",
"Check": "all",
"Comment": "kernel-image-rt-checkinstall is earlier than 0:5.10.229-alt1.rt121",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416172004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416172001"
}
}
]
}

111
oval/p10/ALT-PU-2024-16866/definitions.json Normal file
View File

@ -0,0 +1,111 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416866",
"Version": "oval:org.altlinux.errata:def:202416866",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16866: package `minio` update to version 2024.11.07-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit",
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16866",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16866",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-06172",
"RefURL": "https://bdu.fstec.ru/vul/2024-06172",
"Source": "BDU"
},
{
"RefID": "CVE-2024-36107",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-36107",
"Source": "CVE"
}
],
"Description": "This update upgrades minio to version 2024.11.07-alt1. \nSecurity Fix(es):\n\n * BDU:2024-06172: Уязвимость сервера хранения объектов MinIO, связанная с раскрытием конфиденциальной информации неавторизованному лицу, позволяющая нарушителю раскрыть конфиденциальную информацию\n\n * CVE-2024-36107: MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. `If-Modified-Since` and `If-Unmodified-Since` headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a specific bucket and also gain access to some amount of\ninformation such as `Last-Modified (of the latest version)`, `Etag (of the latest version)`, `x-amz-version-id (of the latest version)`, `Expires (metadata value of the latest version)`, `Cache-Control (metadata value of the latest version)`. This conditional check was being honored before validating if the anonymous access is indeed allowed on the metadata of an object. This issue has been addressed in commit `e0fe7cc3917`. Users must upgrade to RELEASE.2024-05-27T19-17-46Z for the fix. There are no known workarounds for this issue.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-18"
},
"Updated": {
"Date": "2024-12-18"
},
"BDUs": [
{
"ID": "BDU:2024-06172",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2024-06172",
"Impact": "Low",
"Public": "20240528"
}
],
"CVEs": [
{
"ID": "CVE-2024-36107",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-36107",
"Impact": "None",
"Public": "20240528"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:container:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416866001",
"Comment": "minio is earlier than 0:2024.11.07-alt1"
}
]
}
]
}
}
]
}

34
oval/p10/ALT-PU-2024-16866/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416866001",
"Version": "1",
"Comment": "minio is installed",
"Name": "minio"
}
]
}

23
oval/p10/ALT-PU-2024-16866/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416866001",
"Version": "1",
"Comment": "package EVR is earlier than 0:2024.11.07-alt1",
"Arch": {},
"EVR": {
"Text": "0:2024.11.07-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p10/ALT-PU-2024-16866/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416866001",
"Version": "1",
"Check": "all",
"Comment": "minio is earlier than 0:2024.11.07-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416866001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416866001"
}
}
]
}

160
oval/p10/ALT-PU-2024-17050/definitions.json Normal file
View File

@ -0,0 +1,160 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202417050",
"Version": "oval:org.altlinux.errata:def:202417050",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-17050: package `evms` update to version 2.5.5-alt84",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit",
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-17050",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-17050",
"Source": "ALTPU"
}
],
"Description": "This update upgrades evms to version 2.5.5-alt84. \nSecurity Fix(es):\n\n * #43210: Для полностью размеченного диска доступна кнопка \"Создать раздел\"/\"Создать том\"\n\n * #46133: Сообщение \"Поздравляю! Вы обнаружили секретный уровень!\" при попытке создать раздел 1 Мб\n\n * #46134: Аварийная перезагрузка системы при установке\n\n * #47580: Добавить пользовательское сообщение (warning) с описанием причины невозможности создания RAID5 из 2х дисков\n\n * #48961: [FR] Сделать ошибку о некорректных символах в имени lvm-тома информативнее\n\n * #48962: [FR] Сделать ошибку об уже существующем имени lvm-тома информативнее\n\n * #49438: Предоставить возможность создавать RAID с суперблоком версии 1.0\n\n * #49868: Нельзя создать раздел xfs объемом меньше 2GB\n\n * #50989: Allow showing user messages to front-end\n\n * #51890: Захардкожен устаревший шифр aes-cbc-essiv:sha256\n\n * #51897: Критическая ошибка Недопустимый аргумент при двойном нажатии на кнопку на шаге \"4/13 Подготовка диска\"",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-18"
},
"Updated": {
"Date": "2024-12-18"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "43210",
"Href": "https://bugzilla.altlinux.org/43210",
"Data": "Для полностью размеченного диска доступна кнопка \"Создать раздел\"/\"Создать том\""
},
{
"ID": "46133",
"Href": "https://bugzilla.altlinux.org/46133",
"Data": "Сообщение \"Поздравляю! Вы обнаружили секретный уровень!\" при попытке создать раздел 1 Мб"
},
{
"ID": "46134",
"Href": "https://bugzilla.altlinux.org/46134",
"Data": "Аварийная перезагрузка системы при установке"
},
{
"ID": "47580",
"Href": "https://bugzilla.altlinux.org/47580",
"Data": "Добавить пользовательское сообщение (warning) с описанием причины невозможности создания RAID5 из 2х дисков"
},
{
"ID": "48961",
"Href": "https://bugzilla.altlinux.org/48961",
"Data": "[FR] Сделать ошибку о некорректных символах в имени lvm-тома информативнее"
},
{
"ID": "48962",
"Href": "https://bugzilla.altlinux.org/48962",
"Data": "[FR] Сделать ошибку об уже существующем имени lvm-тома информативнее"
},
{
"ID": "49438",
"Href": "https://bugzilla.altlinux.org/49438",
"Data": "Предоставить возможность создавать RAID с суперблоком версии 1.0"
},
{
"ID": "49868",
"Href": "https://bugzilla.altlinux.org/49868",
"Data": "Нельзя создать раздел xfs объемом меньше 2GB"
},
{
"ID": "50989",
"Href": "https://bugzilla.altlinux.org/50989",
"Data": "Allow showing user messages to front-end"
},
{
"ID": "51890",
"Href": "https://bugzilla.altlinux.org/51890",
"Data": "Захардкожен устаревший шифр aes-cbc-essiv:sha256"
},
{
"ID": "51897",
"Href": "https://bugzilla.altlinux.org/51897",
"Data": "Критическая ошибка Недопустимый аргумент при двойном нажатии на кнопку на шаге \"4/13 Подготовка диска\""
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:container:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202417050001",
"Comment": "evms is earlier than 0:2.5.5-alt84"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417050002",
"Comment": "evms-cli is earlier than 0:2.5.5-alt84"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417050003",
"Comment": "evms-ncurses is earlier than 0:2.5.5-alt84"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417050004",
"Comment": "evms-test is earlier than 0:2.5.5-alt84"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417050005",
"Comment": "libevms is earlier than 0:2.5.5-alt84"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417050006",
"Comment": "libevms-devel is earlier than 0:2.5.5-alt84"
}
]
}
]
}
}
]
}

64
oval/p10/ALT-PU-2024-17050/objects.json Normal file
View File

@ -0,0 +1,64 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202417050001",
"Version": "1",
"Comment": "evms is installed",
"Name": "evms"
},
{
"ID": "oval:org.altlinux.errata:obj:202417050002",
"Version": "1",
"Comment": "evms-cli is installed",
"Name": "evms-cli"
},
{
"ID": "oval:org.altlinux.errata:obj:202417050003",
"Version": "1",
"Comment": "evms-ncurses is installed",
"Name": "evms-ncurses"
},
{
"ID": "oval:org.altlinux.errata:obj:202417050004",
"Version": "1",
"Comment": "evms-test is installed",
"Name": "evms-test"
},
{
"ID": "oval:org.altlinux.errata:obj:202417050005",
"Version": "1",
"Comment": "libevms is installed",
"Name": "libevms"
},
{
"ID": "oval:org.altlinux.errata:obj:202417050006",
"Version": "1",
"Comment": "libevms-devel is installed",
"Name": "libevms-devel"
}
]
}

23
oval/p10/ALT-PU-2024-17050/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202417050001",
"Version": "1",
"Comment": "package EVR is earlier than 0:2.5.5-alt84",
"Arch": {},
"EVR": {
"Text": "0:2.5.5-alt84",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

90
oval/p10/ALT-PU-2024-17050/tests.json Normal file
View File

@ -0,0 +1,90 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202417050001",
"Version": "1",
"Check": "all",
"Comment": "evms is earlier than 0:2.5.5-alt84",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417050001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417050001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417050002",
"Version": "1",
"Check": "all",
"Comment": "evms-cli is earlier than 0:2.5.5-alt84",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417050002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417050001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417050003",
"Version": "1",
"Check": "all",
"Comment": "evms-ncurses is earlier than 0:2.5.5-alt84",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417050003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417050001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417050004",
"Version": "1",
"Check": "all",
"Comment": "evms-test is earlier than 0:2.5.5-alt84",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417050004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417050001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417050005",
"Version": "1",
"Check": "all",
"Comment": "libevms is earlier than 0:2.5.5-alt84",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417050005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417050001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417050006",
"Version": "1",
"Check": "all",
"Comment": "libevms-devel is earlier than 0:2.5.5-alt84",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417050006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417050001"
}
}
]
}

95
oval/p10/ALT-PU-2024-17052/definitions.json Normal file
View File

@ -0,0 +1,95 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202417052",
"Version": "oval:org.altlinux.errata:def:202417052",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-17052: package `alterator-vm` update to version 0.4.45-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit",
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-17052",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-17052",
"Source": "ALTPU"
}
],
"Description": "This update upgrades alterator-vm to version 0.4.45-alt1. \nSecurity Fix(es):\n\n * #49438: Предоставить возможность создавать RAID с суперблоком версии 1.0\n\n * #49479: Падение установщика системы при двойном нажатии на кнопку на шаге \"4/13 Подготовка диска\"",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-18"
},
"Updated": {
"Date": "2024-12-18"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "49438",
"Href": "https://bugzilla.altlinux.org/49438",
"Data": "Предоставить возможность создавать RAID с суперблоком версии 1.0"
},
{
"ID": "49479",
"Href": "https://bugzilla.altlinux.org/49479",
"Data": "Падение установщика системы при двойном нажатии на кнопку на шаге \"4/13 Подготовка диска\""
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:container:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202417052001",
"Comment": "alterator-vm is earlier than 0:0.4.45-alt1"
}
]
}
]
}
}
]
}

34
oval/p10/ALT-PU-2024-17052/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202417052001",
"Version": "1",
"Comment": "alterator-vm is installed",
"Name": "alterator-vm"
}
]
}

23
oval/p10/ALT-PU-2024-17052/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202417052001",
"Version": "1",
"Comment": "package EVR is earlier than 0:0.4.45-alt1",
"Arch": {},
"EVR": {
"Text": "0:0.4.45-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p10/ALT-PU-2024-17052/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202417052001",
"Version": "1",
"Check": "all",
"Comment": "alterator-vm is earlier than 0:0.4.45-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417052001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417052001"
}
}
]
}

83
oval/p11/ALT-PU-2024-17152/definitions.json Normal file
View File

@ -0,0 +1,83 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202417152",
"Version": "oval:org.altlinux.errata:def:202417152",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-17152: package `libaccounts-glib` update to version 1.27-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-17152",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-17152",
"Source": "ALTPU"
}
],
"Description": "This update upgrades libaccounts-glib to version 1.27-alt1. \nSecurity Fix(es):\n\n * #50602: Устарел, есть 1.27",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-18"
},
"Updated": {
"Date": "2024-12-18"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "50602",
"Href": "https://bugzilla.altlinux.org/50602",
"Data": "Устарел, есть 1.27"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202417152001",
"Comment": "libaccounts-glib is earlier than 0:1.27-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417152002",
"Comment": "libaccounts-glib-devel is earlier than 0:1.27-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417152003",
"Comment": "libaccounts-glib-docs is earlier than 0:1.27-alt1"
}
]
}
]
}
}
]
}

46
oval/p11/ALT-PU-2024-17152/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202417152001",
"Version": "1",
"Comment": "libaccounts-glib is installed",
"Name": "libaccounts-glib"
},
{
"ID": "oval:org.altlinux.errata:obj:202417152002",
"Version": "1",
"Comment": "libaccounts-glib-devel is installed",
"Name": "libaccounts-glib-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202417152003",
"Version": "1",
"Comment": "libaccounts-glib-docs is installed",
"Name": "libaccounts-glib-docs"
}
]
}

23
oval/p11/ALT-PU-2024-17152/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202417152001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.27-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.27-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/p11/ALT-PU-2024-17152/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p11' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202417152001",
"Version": "1",
"Check": "all",
"Comment": "libaccounts-glib is earlier than 0:1.27-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417152001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417152001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417152002",
"Version": "1",
"Check": "all",
"Comment": "libaccounts-glib-devel is earlier than 0:1.27-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417152002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417152001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417152003",
"Version": "1",
"Check": "all",
"Comment": "libaccounts-glib-docs is earlier than 0:1.27-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417152003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417152001"
}
}
]
}

87
oval/p11/ALT-PU-2024-17199/definitions.json Normal file
View File

@ -0,0 +1,87 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202417199",
"Version": "oval:org.altlinux.errata:def:202417199",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-17199: package `marble` update to version 24.11.90-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-17199",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-17199",
"Source": "ALTPU"
}
],
"Description": "This update upgrades marble to version 24.11.90-alt2. \nSecurity Fix(es):\n\n * #52455: Службы вместо приложений в /usr/share/applications",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-18"
},
"Updated": {
"Date": "2024-12-18"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "52455",
"Href": "https://bugzilla.altlinux.org/52455",
"Data": "Службы вместо приложений в /usr/share/applications"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202417199001",
"Comment": "libmarblewidget-qt6_28 is earlier than 0:24.11.90-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417199002",
"Comment": "marble is earlier than 0:24.11.90-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417199003",
"Comment": "marble-common is earlier than 0:24.11.90-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417199004",
"Comment": "marble-devel is earlier than 0:24.11.90-alt2"
}
]
}
]
}
}
]
}

52
oval/p11/ALT-PU-2024-17199/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202417199001",
"Version": "1",
"Comment": "libmarblewidget-qt6_28 is installed",
"Name": "libmarblewidget-qt6_28"
},
{
"ID": "oval:org.altlinux.errata:obj:202417199002",
"Version": "1",
"Comment": "marble is installed",
"Name": "marble"
},
{
"ID": "oval:org.altlinux.errata:obj:202417199003",
"Version": "1",
"Comment": "marble-common is installed",
"Name": "marble-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202417199004",
"Version": "1",
"Comment": "marble-devel is installed",
"Name": "marble-devel"
}
]
}

23
oval/p11/ALT-PU-2024-17199/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202417199001",
"Version": "1",
"Comment": "package EVR is earlier than 0:24.11.90-alt2",
"Arch": {},
"EVR": {
"Text": "0:24.11.90-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/p11/ALT-PU-2024-17199/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p11' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202417199001",
"Version": "1",
"Check": "all",
"Comment": "libmarblewidget-qt6_28 is earlier than 0:24.11.90-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417199001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417199001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417199002",
"Version": "1",
"Check": "all",
"Comment": "marble is earlier than 0:24.11.90-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417199002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417199001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417199003",
"Version": "1",
"Check": "all",
"Comment": "marble-common is earlier than 0:24.11.90-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417199003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417199001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417199004",
"Version": "1",
"Check": "all",
"Comment": "marble-devel is earlier than 0:24.11.90-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417199004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417199001"
}
}
]
}

4568
oval/p11/ALT-PU-2024-17211/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

46
oval/p11/ALT-PU-2024-17211/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202417211001",
"Version": "1",
"Comment": "kernel-headers-modules-pine is installed",
"Name": "kernel-headers-modules-pine"
},
{
"ID": "oval:org.altlinux.errata:obj:202417211002",
"Version": "1",
"Comment": "kernel-headers-pine is installed",
"Name": "kernel-headers-pine"
},
{
"ID": "oval:org.altlinux.errata:obj:202417211003",
"Version": "1",
"Comment": "kernel-image-pine is installed",
"Name": "kernel-image-pine"
}
]
}

23
oval/p11/ALT-PU-2024-17211/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202417211001",
"Version": "1",
"Comment": "package EVR is earlier than 1:6.12.5-alt1",
"Arch": {},
"EVR": {
"Text": "1:6.12.5-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/p11/ALT-PU-2024-17211/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p11' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202417211001",
"Version": "1",
"Check": "all",
"Comment": "kernel-headers-modules-pine is earlier than 1:6.12.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417211001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417211001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417211002",
"Version": "1",
"Check": "all",
"Comment": "kernel-headers-pine is earlier than 1:6.12.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417211002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417211001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417211003",
"Version": "1",
"Check": "all",
"Comment": "kernel-image-pine is earlier than 1:6.12.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417211003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417211001"
}
}
]
}

110
oval/p11/ALT-PU-2024-17260/definitions.json Normal file
View File

@ -0,0 +1,110 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202417260",
"Version": "oval:org.altlinux.errata:def:202417260",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-17260: package `moodle` update to version 4.5.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-17260",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-17260",
"Source": "ALTPU"
},
{
"RefID": "CVE-2024-55643",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-55643",
"Source": "CVE"
},
{
"RefID": "CVE-2024-55644",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-55644",
"Source": "CVE"
},
{
"RefID": "CVE-2024-55645",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-55645",
"Source": "CVE"
},
{
"RefID": "CVE-2024-55646",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-55646",
"Source": "CVE"
},
{
"RefID": "CVE-2024-55647",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-55647",
"Source": "CVE"
},
{
"RefID": "CVE-2024-55648",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-55648",
"Source": "CVE"
}
],
"Description": "This update upgrades moodle to version 4.5.1-alt1. \nSecurity Fix(es):\n\n * CVE-2024-55643: description unavailable\n\n * CVE-2024-55644: description unavailable\n\n * CVE-2024-55645: description unavailable\n\n * CVE-2024-55646: description unavailable\n\n * CVE-2024-55647: description unavailable\n\n * CVE-2024-55648: description unavailable",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-18"
},
"Updated": {
"Date": "2024-12-18"
},
"BDUs": null,
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202417260001",
"Comment": "moodle is earlier than 0:4.5.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417260002",
"Comment": "moodle-apache2 is earlier than 0:4.5.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417260003",
"Comment": "moodle-base is earlier than 0:4.5.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417260004",
"Comment": "moodle-local-mysql is earlier than 0:4.5.1-alt1"
}
]
}
]
}
}
]
}

52
oval/p11/ALT-PU-2024-17260/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202417260001",
"Version": "1",
"Comment": "moodle is installed",
"Name": "moodle"
},
{
"ID": "oval:org.altlinux.errata:obj:202417260002",
"Version": "1",
"Comment": "moodle-apache2 is installed",
"Name": "moodle-apache2"
},
{
"ID": "oval:org.altlinux.errata:obj:202417260003",
"Version": "1",
"Comment": "moodle-base is installed",
"Name": "moodle-base"
},
{
"ID": "oval:org.altlinux.errata:obj:202417260004",
"Version": "1",
"Comment": "moodle-local-mysql is installed",
"Name": "moodle-local-mysql"
}
]
}

23
oval/p11/ALT-PU-2024-17260/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202417260001",
"Version": "1",
"Comment": "package EVR is earlier than 0:4.5.1-alt1",
"Arch": {},
"EVR": {
"Text": "0:4.5.1-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/p11/ALT-PU-2024-17260/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p11' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202417260001",
"Version": "1",
"Check": "all",
"Comment": "moodle is earlier than 0:4.5.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417260001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417260001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417260002",
"Version": "1",
"Check": "all",
"Comment": "moodle-apache2 is earlier than 0:4.5.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417260002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417260001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417260003",
"Version": "1",
"Check": "all",
"Comment": "moodle-base is earlier than 0:4.5.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417260003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417260001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202417260004",
"Version": "1",
"Check": "all",
"Comment": "moodle-local-mysql is earlier than 0:4.5.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417260004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417260001"
}
}
]
}

151
oval/p9/ALT-PU-2024-15763/definitions.json Normal file
View File

@ -0,0 +1,151 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415763",
"Version": "oval:org.altlinux.errata:def:202415763",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15763: package `sendmail` update to version 8.18.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15763",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15763",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-02339",
"RefURL": "https://bdu.fstec.ru/vul/2024-02339",
"Source": "BDU"
},
{
"RefID": "CVE-2021-3618",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3618",
"Source": "CVE"
},
{
"RefID": "CVE-2023-51765",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-51765",
"Source": "CVE"
}
],
"Description": "This update upgrades sendmail to version 8.18.1-alt1. \nSecurity Fix(es):\n\n * BDU:2024-02339: Уязвимость программного обеспечения SendMail SMTP Server , связанная с недостаточной проверкой подлинности данных, позволяющая нарушителю обойти механизм защиты и внедрить сообщения электронной почты с поддельным адресом MAIL FROM\n\n * CVE-2021-3618: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.\n\n * CVE-2023-51765: sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports \u003cLF\u003e.\u003cCR\u003e\u003cLF\u003e but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-18"
},
"Updated": {
"Date": "2024-12-18"
},
"BDUs": [
{
"ID": "BDU:2024-02339",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-345",
"Href": "https://bdu.fstec.ru/vul/2024-02339",
"Impact": "Low",
"Public": "20231224"
}
],
"CVEs": [
{
"ID": "CVE-2021-3618",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3618",
"Impact": "High",
"Public": "20220323"
},
{
"ID": "CVE-2023-51765",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-345",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-51765",
"Impact": "Low",
"Public": "20231224"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415763001",
"Comment": "libmilter is earlier than 0:8.18.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415763002",
"Comment": "makemap is earlier than 0:8.18.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415763003",
"Comment": "sendmail is earlier than 0:8.18.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415763004",
"Comment": "sendmail-cf is earlier than 0:8.18.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415763005",
"Comment": "sendmail-devel is earlier than 0:8.18.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415763006",
"Comment": "sendmail-doc is earlier than 0:8.18.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415763007",
"Comment": "sendmail-submit is earlier than 0:8.18.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415763008",
"Comment": "vacation is earlier than 0:8.18.1-alt1"
}
]
}
]
}
}
]
}

76
oval/p9/ALT-PU-2024-15763/objects.json Normal file
View File

@ -0,0 +1,76 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:1001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415763001",
"Version": "1",
"Comment": "libmilter is installed",
"Name": "libmilter"
},
{
"ID": "oval:org.altlinux.errata:obj:202415763002",
"Version": "1",
"Comment": "makemap is installed",
"Name": "makemap"
},
{
"ID": "oval:org.altlinux.errata:obj:202415763003",
"Version": "1",
"Comment": "sendmail is installed",
"Name": "sendmail"
},
{
"ID": "oval:org.altlinux.errata:obj:202415763004",
"Version": "1",
"Comment": "sendmail-cf is installed",
"Name": "sendmail-cf"
},
{
"ID": "oval:org.altlinux.errata:obj:202415763005",
"Version": "1",
"Comment": "sendmail-devel is installed",
"Name": "sendmail-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202415763006",
"Version": "1",
"Comment": "sendmail-doc is installed",
"Name": "sendmail-doc"
},
{
"ID": "oval:org.altlinux.errata:obj:202415763007",
"Version": "1",
"Comment": "sendmail-submit is installed",
"Name": "sendmail-submit"
},
{
"ID": "oval:org.altlinux.errata:obj:202415763008",
"Version": "1",
"Comment": "vacation is installed",
"Name": "vacation"
}
]
}

23
oval/p9/ALT-PU-2024-15763/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:1001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415763001",
"Version": "1",
"Comment": "package EVR is earlier than 0:8.18.1-alt1",
"Arch": {},
"EVR": {
"Text": "0:8.18.1-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

114
oval/p9/ALT-PU-2024-15763/tests.json Normal file
View File

@ -0,0 +1,114 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:1001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p9' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:1001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:1001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415763001",
"Version": "1",
"Check": "all",
"Comment": "libmilter is earlier than 0:8.18.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415763001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415763001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415763002",
"Version": "1",
"Check": "all",
"Comment": "makemap is earlier than 0:8.18.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415763002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415763001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415763003",
"Version": "1",
"Check": "all",
"Comment": "sendmail is earlier than 0:8.18.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415763003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415763001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415763004",
"Version": "1",
"Check": "all",
"Comment": "sendmail-cf is earlier than 0:8.18.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415763004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415763001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415763005",
"Version": "1",
"Check": "all",
"Comment": "sendmail-devel is earlier than 0:8.18.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415763005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415763001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415763006",
"Version": "1",
"Check": "all",
"Comment": "sendmail-doc is earlier than 0:8.18.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415763006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415763001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415763007",
"Version": "1",
"Check": "all",
"Comment": "sendmail-submit is earlier than 0:8.18.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415763007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415763001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415763008",
"Version": "1",
"Check": "all",
"Comment": "vacation is earlier than 0:8.18.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415763008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415763001"
}
}
]
}