pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-01-26 03:02:40 +00:00
parent 97e70e19ac
commit 95576eeab0
44 changed files with 4656 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
oval/c10f2/ALT-PU-2024-1154/definitions.json Normal file
View File

@ -0,0 +1,105 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241154",
"Version": "oval:org.altlinux.errata:def:20241154",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1154: package `mate-document-viewer` update to version 1.26.1-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1154",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1154",
"Source": "ALTPU"
}
],
"Description": "This update upgrades mate-document-viewer to version 1.26.1-alt2. \nSecurity Fix(es):\n\n * #48498: mate-document-viewer-thumbnailer тянет лишние зависимости",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-01-26"
},
"Updated": {
"Date": "2024-01-26"
},
"bdu": null,
"Bugzilla": [
{
"Id": "48498",
"Href": "https://bugzilla.altlinux.org/48498",
"Data": "mate-document-viewer-thumbnailer тянет лишние зависимости"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241154001",
"Comment": "libmate-document-viewer is earlier than 1:1.26.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241154002",
"Comment": "mate-document-viewer is earlier than 1:1.26.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241154003",
"Comment": "mate-document-viewer-caja is earlier than 1:1.26.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241154004",
"Comment": "mate-document-viewer-devel is earlier than 1:1.26.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241154005",
"Comment": "mate-document-viewer-djvu is earlier than 1:1.26.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241154006",
"Comment": "mate-document-viewer-dvi is earlier than 1:1.26.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241154007",
"Comment": "mate-document-viewer-pixbuf is earlier than 1:1.26.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241154008",
"Comment": "mate-document-viewer-thumbnailer is earlier than 1:1.26.1-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241154009",
"Comment": "mate-document-viewer-xps is earlier than 1:1.26.1-alt2"
}
]
}
]
}
}
]
}

82
oval/c10f2/ALT-PU-2024-1154/objects.json Normal file
View File

@ -0,0 +1,82 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241154001",
"Version": "1",
"comment": "libmate-document-viewer is installed",
"Name": "libmate-document-viewer"
},
{
"ID": "oval:org.altlinux.errata:obj:20241154002",
"Version": "1",
"comment": "mate-document-viewer is installed",
"Name": "mate-document-viewer"
},
{
"ID": "oval:org.altlinux.errata:obj:20241154003",
"Version": "1",
"comment": "mate-document-viewer-caja is installed",
"Name": "mate-document-viewer-caja"
},
{
"ID": "oval:org.altlinux.errata:obj:20241154004",
"Version": "1",
"comment": "mate-document-viewer-devel is installed",
"Name": "mate-document-viewer-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20241154005",
"Version": "1",
"comment": "mate-document-viewer-djvu is installed",
"Name": "mate-document-viewer-djvu"
},
{
"ID": "oval:org.altlinux.errata:obj:20241154006",
"Version": "1",
"comment": "mate-document-viewer-dvi is installed",
"Name": "mate-document-viewer-dvi"
},
{
"ID": "oval:org.altlinux.errata:obj:20241154007",
"Version": "1",
"comment": "mate-document-viewer-pixbuf is installed",
"Name": "mate-document-viewer-pixbuf"
},
{
"ID": "oval:org.altlinux.errata:obj:20241154008",
"Version": "1",
"comment": "mate-document-viewer-thumbnailer is installed",
"Name": "mate-document-viewer-thumbnailer"
},
{
"ID": "oval:org.altlinux.errata:obj:20241154009",
"Version": "1",
"comment": "mate-document-viewer-xps is installed",
"Name": "mate-document-viewer-xps"
}
]
}

23
oval/c10f2/ALT-PU-2024-1154/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241154001",
"Version": "1",
"Comment": "package EVR is earlier than 1:1.26.1-alt2",
"Arch": {},
"Evr": {
"Text": "1:1.26.1-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

126
oval/c10f2/ALT-PU-2024-1154/tests.json Normal file
View File

@ -0,0 +1,126 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241154001",
"Version": "1",
"Check": "all",
"Comment": "libmate-document-viewer is earlier than 1:1.26.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241154001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241154001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241154002",
"Version": "1",
"Check": "all",
"Comment": "mate-document-viewer is earlier than 1:1.26.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241154002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241154001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241154003",
"Version": "1",
"Check": "all",
"Comment": "mate-document-viewer-caja is earlier than 1:1.26.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241154003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241154001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241154004",
"Version": "1",
"Check": "all",
"Comment": "mate-document-viewer-devel is earlier than 1:1.26.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241154004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241154001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241154005",
"Version": "1",
"Check": "all",
"Comment": "mate-document-viewer-djvu is earlier than 1:1.26.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241154005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241154001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241154006",
"Version": "1",
"Check": "all",
"Comment": "mate-document-viewer-dvi is earlier than 1:1.26.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241154006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241154001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241154007",
"Version": "1",
"Check": "all",
"Comment": "mate-document-viewer-pixbuf is earlier than 1:1.26.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241154007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241154001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241154008",
"Version": "1",
"Check": "all",
"Comment": "mate-document-viewer-thumbnailer is earlier than 1:1.26.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241154008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241154001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241154009",
"Version": "1",
"Check": "all",
"Comment": "mate-document-viewer-xps is earlier than 1:1.26.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241154009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241154001"
}
}
]
}

77
oval/c10f2/ALT-PU-2024-1155/definitions.json Normal file
View File

@ -0,0 +1,77 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241155",
"Version": "oval:org.altlinux.errata:def:20241155",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1155: package `mate-screensaver` update to version 1.26.2-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1155",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1155",
"Source": "ALTPU"
}
],
"Description": "This update upgrades mate-screensaver to version 1.26.2-alt1. \nSecurity Fix(es):\n\n * #45817: В MATE alt-customize-branding не изменяет оформление экрана блокировки",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-01-26"
},
"Updated": {
"Date": "2024-01-26"
},
"bdu": null,
"Bugzilla": [
{
"Id": "45817",
"Href": "https://bugzilla.altlinux.org/45817",
"Data": "В MATE alt-customize-branding не изменяет оформление экрана блокировки"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241155001",
"Comment": "mate-screensaver is earlier than 2:1.26.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241155002",
"Comment": "mate-screensaver-devel is earlier than 2:1.26.2-alt1"
}
]
}
]
}
}
]
}

40
oval/c10f2/ALT-PU-2024-1155/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241155001",
"Version": "1",
"comment": "mate-screensaver is installed",
"Name": "mate-screensaver"
},
{
"ID": "oval:org.altlinux.errata:obj:20241155002",
"Version": "1",
"comment": "mate-screensaver-devel is installed",
"Name": "mate-screensaver-devel"
}
]
}

23
oval/c10f2/ALT-PU-2024-1155/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241155001",
"Version": "1",
"Comment": "package EVR is earlier than 2:1.26.2-alt1",
"Arch": {},
"Evr": {
"Text": "2:1.26.2-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/c10f2/ALT-PU-2024-1155/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241155001",
"Version": "1",
"Check": "all",
"Comment": "mate-screensaver is earlier than 2:1.26.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241155001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241155001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241155002",
"Version": "1",
"Check": "all",
"Comment": "mate-screensaver-devel is earlier than 2:1.26.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241155002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241155001"
}
}
]
}

228
oval/c10f2/ALT-PU-2024-1191/definitions.json Normal file
View File

@ -0,0 +1,228 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241191",
"Version": "oval:org.altlinux.errata:def:20241191",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1191: package `zabbix` update to version 6.0.25-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1191",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1191",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-06803",
"RefURL": "https://bdu.fstec.ru/vul/2023-06803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-08246",
"RefURL": "https://bdu.fstec.ru/vul/2023-08246",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32721",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32721",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32722",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32722",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32724",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32724",
"Source": "CVE"
}
],
"Description": "This update upgrades zabbix to version 6.0.25-alt2. \nSecurity Fix(es):\n\n * BDU:2023-06803: Уязвимость интерфейса универсальной системы мониторинга Zabbix, позволяющая нарушителю проводить межсайтовые сценарные атаки\n\n * BDU:2023-08246: Уязвимость модуля zabbix/src/libs/zbxjson универсальной системы мониторинга Zabbix, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2023-32721: A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.\n\n * CVE-2023-32722: The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.\n\n * CVE-2023-32724: Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-01-26"
},
"Updated": {
"Date": "2024-01-26"
},
"bdu": [
{
"Cvss": "AV:N/AC:L/Au:N/C:P/I:C/A:N",
"Cvss3": "AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
"Cwe": "CWE-20, CWE-79",
"Href": "https://bdu.fstec.ru/vul/2023-06803",
"Impact": "High",
"Public": "20230511",
"CveID": "BDU:2023-06803"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"Cwe": "CWE-120, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2023-08246",
"Impact": "Critical",
"Public": "20230911",
"CveID": "BDU:2023-08246"
}
],
"Cves": [
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"Cwe": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32721",
"Impact": "Low",
"Public": "20231012",
"CveID": "CVE-2023-32721"
},
{
"Cvss3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32722",
"Impact": "High",
"Public": "20231012",
"CveID": "CVE-2023-32722"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-732",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32724",
"Impact": "High",
"Public": "20231012",
"CveID": "CVE-2023-32724"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241191001",
"Comment": "zabbix-agent is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191002",
"Comment": "zabbix-agent-sudo is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191003",
"Comment": "zabbix-agent2 is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191004",
"Comment": "zabbix-common is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191005",
"Comment": "zabbix-common-database-mysql is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191006",
"Comment": "zabbix-common-database-pgsql is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191007",
"Comment": "zabbix-common-database-sqlite3 is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191008",
"Comment": "zabbix-contrib is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191009",
"Comment": "zabbix-doc is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191010",
"Comment": "zabbix-java-gateway is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191011",
"Comment": "zabbix-phpfrontend-apache2 is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191012",
"Comment": "zabbix-phpfrontend-apache2-mod_php8.1 is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191013",
"Comment": "zabbix-phpfrontend-apache2-mod_php8.2 is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191014",
"Comment": "zabbix-phpfrontend-engine is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191015",
"Comment": "zabbix-phpfrontend-php8.1 is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191016",
"Comment": "zabbix-phpfrontend-php8.2 is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191017",
"Comment": "zabbix-proxy is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191018",
"Comment": "zabbix-proxy-common is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191019",
"Comment": "zabbix-proxy-pgsql is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191020",
"Comment": "zabbix-server-common is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191021",
"Comment": "zabbix-server-mysql is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191022",
"Comment": "zabbix-server-pgsql is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191023",
"Comment": "zabbix-source is earlier than 1:6.0.25-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241191024",
"Comment": "zabbix-web-service is earlier than 1:6.0.25-alt2"
}
]
}
]
}
}
]
}

172
oval/c10f2/ALT-PU-2024-1191/objects.json Normal file
View File

@ -0,0 +1,172 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241191001",
"Version": "1",
"comment": "zabbix-agent is installed",
"Name": "zabbix-agent"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191002",
"Version": "1",
"comment": "zabbix-agent-sudo is installed",
"Name": "zabbix-agent-sudo"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191003",
"Version": "1",
"comment": "zabbix-agent2 is installed",
"Name": "zabbix-agent2"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191004",
"Version": "1",
"comment": "zabbix-common is installed",
"Name": "zabbix-common"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191005",
"Version": "1",
"comment": "zabbix-common-database-mysql is installed",
"Name": "zabbix-common-database-mysql"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191006",
"Version": "1",
"comment": "zabbix-common-database-pgsql is installed",
"Name": "zabbix-common-database-pgsql"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191007",
"Version": "1",
"comment": "zabbix-common-database-sqlite3 is installed",
"Name": "zabbix-common-database-sqlite3"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191008",
"Version": "1",
"comment": "zabbix-contrib is installed",
"Name": "zabbix-contrib"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191009",
"Version": "1",
"comment": "zabbix-doc is installed",
"Name": "zabbix-doc"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191010",
"Version": "1",
"comment": "zabbix-java-gateway is installed",
"Name": "zabbix-java-gateway"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191011",
"Version": "1",
"comment": "zabbix-phpfrontend-apache2 is installed",
"Name": "zabbix-phpfrontend-apache2"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191012",
"Version": "1",
"comment": "zabbix-phpfrontend-apache2-mod_php8.1 is installed",
"Name": "zabbix-phpfrontend-apache2-mod_php8.1"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191013",
"Version": "1",
"comment": "zabbix-phpfrontend-apache2-mod_php8.2 is installed",
"Name": "zabbix-phpfrontend-apache2-mod_php8.2"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191014",
"Version": "1",
"comment": "zabbix-phpfrontend-engine is installed",
"Name": "zabbix-phpfrontend-engine"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191015",
"Version": "1",
"comment": "zabbix-phpfrontend-php8.1 is installed",
"Name": "zabbix-phpfrontend-php8.1"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191016",
"Version": "1",
"comment": "zabbix-phpfrontend-php8.2 is installed",
"Name": "zabbix-phpfrontend-php8.2"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191017",
"Version": "1",
"comment": "zabbix-proxy is installed",
"Name": "zabbix-proxy"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191018",
"Version": "1",
"comment": "zabbix-proxy-common is installed",
"Name": "zabbix-proxy-common"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191019",
"Version": "1",
"comment": "zabbix-proxy-pgsql is installed",
"Name": "zabbix-proxy-pgsql"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191020",
"Version": "1",
"comment": "zabbix-server-common is installed",
"Name": "zabbix-server-common"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191021",
"Version": "1",
"comment": "zabbix-server-mysql is installed",
"Name": "zabbix-server-mysql"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191022",
"Version": "1",
"comment": "zabbix-server-pgsql is installed",
"Name": "zabbix-server-pgsql"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191023",
"Version": "1",
"comment": "zabbix-source is installed",
"Name": "zabbix-source"
},
{
"ID": "oval:org.altlinux.errata:obj:20241191024",
"Version": "1",
"comment": "zabbix-web-service is installed",
"Name": "zabbix-web-service"
}
]
}

23
oval/c10f2/ALT-PU-2024-1191/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241191001",
"Version": "1",
"Comment": "package EVR is earlier than 1:6.0.25-alt2",
"Arch": {},
"Evr": {
"Text": "1:6.0.25-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

306
oval/c10f2/ALT-PU-2024-1191/tests.json Normal file
View File

@ -0,0 +1,306 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241191001",
"Version": "1",
"Check": "all",
"Comment": "zabbix-agent is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191002",
"Version": "1",
"Check": "all",
"Comment": "zabbix-agent-sudo is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191003",
"Version": "1",
"Check": "all",
"Comment": "zabbix-agent2 is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191004",
"Version": "1",
"Check": "all",
"Comment": "zabbix-common is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191005",
"Version": "1",
"Check": "all",
"Comment": "zabbix-common-database-mysql is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191006",
"Version": "1",
"Check": "all",
"Comment": "zabbix-common-database-pgsql is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191007",
"Version": "1",
"Check": "all",
"Comment": "zabbix-common-database-sqlite3 is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191008",
"Version": "1",
"Check": "all",
"Comment": "zabbix-contrib is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191009",
"Version": "1",
"Check": "all",
"Comment": "zabbix-doc is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191010",
"Version": "1",
"Check": "all",
"Comment": "zabbix-java-gateway is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191011",
"Version": "1",
"Check": "all",
"Comment": "zabbix-phpfrontend-apache2 is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191012",
"Version": "1",
"Check": "all",
"Comment": "zabbix-phpfrontend-apache2-mod_php8.1 is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191012"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191013",
"Version": "1",
"Check": "all",
"Comment": "zabbix-phpfrontend-apache2-mod_php8.2 is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191013"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191014",
"Version": "1",
"Check": "all",
"Comment": "zabbix-phpfrontend-engine is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191014"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191015",
"Version": "1",
"Check": "all",
"Comment": "zabbix-phpfrontend-php8.1 is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191015"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191016",
"Version": "1",
"Check": "all",
"Comment": "zabbix-phpfrontend-php8.2 is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191016"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191017",
"Version": "1",
"Check": "all",
"Comment": "zabbix-proxy is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191017"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191018",
"Version": "1",
"Check": "all",
"Comment": "zabbix-proxy-common is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191018"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191019",
"Version": "1",
"Check": "all",
"Comment": "zabbix-proxy-pgsql is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191019"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191020",
"Version": "1",
"Check": "all",
"Comment": "zabbix-server-common is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191020"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191021",
"Version": "1",
"Check": "all",
"Comment": "zabbix-server-mysql is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191021"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191022",
"Version": "1",
"Check": "all",
"Comment": "zabbix-server-pgsql is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191022"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191023",
"Version": "1",
"Check": "all",
"Comment": "zabbix-source is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191023"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241191024",
"Version": "1",
"Check": "all",
"Comment": "zabbix-web-service is earlier than 1:6.0.25-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241191024"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241191001"
}
}
]
}

816
oval/c10f2/ALT-PU-2024-1192/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

88
oval/c10f2/ALT-PU-2024-1192/objects.json Normal file
View File

@ -0,0 +1,88 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241192001",
"Version": "1",
"comment": "mediawiki is installed",
"Name": "mediawiki"
},
{
"ID": "oval:org.altlinux.errata:obj:20241192002",
"Version": "1",
"comment": "mediawiki-apache2 is installed",
"Name": "mediawiki-apache2"
},
{
"ID": "oval:org.altlinux.errata:obj:20241192003",
"Version": "1",
"comment": "mediawiki-common is installed",
"Name": "mediawiki-common"
},
{
"ID": "oval:org.altlinux.errata:obj:20241192004",
"Version": "1",
"comment": "mediawiki-extensions-PdfHandler is installed",
"Name": "mediawiki-extensions-PdfHandler"
},
{
"ID": "oval:org.altlinux.errata:obj:20241192005",
"Version": "1",
"comment": "mediawiki-extensions-Scribunto is installed",
"Name": "mediawiki-extensions-Scribunto"
},
{
"ID": "oval:org.altlinux.errata:obj:20241192006",
"Version": "1",
"comment": "mediawiki-extensions-SyntaxHighlight_GeSHi is installed",
"Name": "mediawiki-extensions-SyntaxHighlight_GeSHi"
},
{
"ID": "oval:org.altlinux.errata:obj:20241192007",
"Version": "1",
"comment": "mediawiki-mysql is installed",
"Name": "mediawiki-mysql"
},
{
"ID": "oval:org.altlinux.errata:obj:20241192008",
"Version": "1",
"comment": "mediawiki-php8.1 is installed",
"Name": "mediawiki-php8.1"
},
{
"ID": "oval:org.altlinux.errata:obj:20241192009",
"Version": "1",
"comment": "mediawiki-php8.2 is installed",
"Name": "mediawiki-php8.2"
},
{
"ID": "oval:org.altlinux.errata:obj:20241192010",
"Version": "1",
"comment": "mediawiki-postgresql is installed",
"Name": "mediawiki-postgresql"
}
]
}

35
oval/c10f2/ALT-PU-2024-1192/states.json Normal file
View File

@ -0,0 +1,35 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241192001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.40.1-alt2",
"Arch": {},
"Evr": {
"Text": "0:1.40.1-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
},
{
"ID": "oval:org.altlinux.errata:ste:20241192002",
"Version": "1",
"Comment": "package EVR is earlier than 1:1.40.1-alt2",
"Arch": {},
"Evr": {
"Text": "1:1.40.1-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

138
oval/c10f2/ALT-PU-2024-1192/tests.json Normal file
View File

@ -0,0 +1,138 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241192001",
"Version": "1",
"Check": "all",
"Comment": "mediawiki is earlier than 0:1.40.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241192001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241192001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241192002",
"Version": "1",
"Check": "all",
"Comment": "mediawiki-apache2 is earlier than 0:1.40.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241192002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241192001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241192003",
"Version": "1",
"Check": "all",
"Comment": "mediawiki-common is earlier than 0:1.40.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241192003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241192001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241192004",
"Version": "1",
"Check": "all",
"Comment": "mediawiki-extensions-PdfHandler is earlier than 0:1.40.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241192004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241192001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241192005",
"Version": "1",
"Check": "all",
"Comment": "mediawiki-extensions-Scribunto is earlier than 0:1.40.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241192005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241192001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241192006",
"Version": "1",
"Check": "all",
"Comment": "mediawiki-extensions-SyntaxHighlight_GeSHi is earlier than 1:1.40.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241192006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241192002"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241192007",
"Version": "1",
"Check": "all",
"Comment": "mediawiki-mysql is earlier than 0:1.40.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241192007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241192001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241192008",
"Version": "1",
"Check": "all",
"Comment": "mediawiki-php8.1 is earlier than 0:1.40.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241192008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241192001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241192009",
"Version": "1",
"Check": "all",
"Comment": "mediawiki-php8.2 is earlier than 0:1.40.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241192009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241192001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241192010",
"Version": "1",
"Check": "all",
"Comment": "mediawiki-postgresql is earlier than 0:1.40.1-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241192010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241192001"
}
}
]
}

192
oval/c10f2/ALT-PU-2024-1193/definitions.json Normal file
View File

@ -0,0 +1,192 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241193",
"Version": "oval:org.altlinux.errata:def:20241193",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1193: package `cacti` update to version 1.2.26-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1193",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1193",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-00024",
"RefURL": "https://bdu.fstec.ru/vul/2024-00024",
"Source": "BDU"
},
{
"RefID": "BDU:2024-00089",
"RefURL": "https://bdu.fstec.ru/vul/2024-00089",
"Source": "BDU"
},
{
"RefID": "CVE-2023-46490",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-46490",
"Source": "CVE"
},
{
"RefID": "CVE-2023-49084",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-49084",
"Source": "CVE"
},
{
"RefID": "CVE-2023-49085",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-49085",
"Source": "CVE"
},
{
"RefID": "CVE-2023-49086",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-49086",
"Source": "CVE"
},
{
"RefID": "CVE-2023-50250",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-50250",
"Source": "CVE"
},
{
"RefID": "CVE-2023-50569",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-50569",
"Source": "CVE"
},
{
"RefID": "CVE-2023-51448",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-51448",
"Source": "CVE"
}
],
"Description": "This update upgrades cacti to version 1.2.26-alt1. \nSecurity Fix(es):\n\n * BDU:2024-00024: Уязвимость функции SNMP Notification Receivers сценария managers.php программного средства мониторинга сети Cacti, позволяющая нарушителю выполнить произвольный SQL-код\n\n * BDU:2024-00089: Уязвимость сценария templates_import.php программного средства мониторинга сети Cacti, позволяющая нарушителю проводить межсайтовые сценарные атаки и получить несанкционированный доступ на чтение, изменение или удаление данных\n\n * CVE-2023-46490: SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.\n\n * CVE-2023-49084: Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server. \n\n * CVE-2023-49085: Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.\n\n * CVE-2023-49086: Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack.\nExploitation of the vulnerability is possible for an authorized user. The vulnerable component is\nthe `graphs_new.php`. Impact of the vulnerability - execution of arbitrary javascript code in\nthe attacked user's browser. This issue has been patched in version 1.2.26.\n\n\n * CVE-2023-50250: Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.\n\n\n * CVE-2023-50569: Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php.\n\n * CVE-2023-51448: Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `managers.php`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `/cacti/managers.php` with an SQLi payload in the `selected_graphs_array` HTTP GET parameter. As of time of publication, no patched versions exist.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-01-26"
},
"Updated": {
"Date": "2024-01-26"
},
"bdu": [
{
"Cvss": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"Cvss3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-89",
"Href": "https://bdu.fstec.ru/vul/2024-00024",
"Impact": "High",
"Public": "20231221",
"CveID": "BDU:2024-00024"
},
{
"Cvss": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"Cvss3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"Cwe": "CWE-79",
"Href": "https://bdu.fstec.ru/vul/2024-00089",
"Impact": "Low",
"Public": "20231113",
"CveID": "BDU:2024-00089"
}
],
"Cves": [
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"Cwe": "CWE-89",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-46490",
"Impact": "Low",
"Public": "20231027",
"CveID": "CVE-2023-46490"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-98",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-49084",
"Impact": "High",
"Public": "20231221",
"CveID": "CVE-2023-49084"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-89",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-49085",
"Impact": "High",
"Public": "20231222",
"CveID": "CVE-2023-49085"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"Cwe": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-49086",
"Impact": "Low",
"Public": "20231222",
"CveID": "CVE-2023-49086"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"Cwe": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-50250",
"Impact": "Low",
"Public": "20231222",
"CveID": "CVE-2023-50250"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"Cwe": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-50569",
"Impact": "Low",
"Public": "20231222",
"CveID": "CVE-2023-50569"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-89",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-51448",
"Impact": "High",
"Public": "20231222",
"CveID": "CVE-2023-51448"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241193001",
"Comment": "cacti is earlier than 0:1.2.26-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241193002",
"Comment": "cacti-setup is earlier than 0:1.2.26-alt1"
}
]
}
]
}
}
]
}

40
oval/c10f2/ALT-PU-2024-1193/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241193001",
"Version": "1",
"comment": "cacti is installed",
"Name": "cacti"
},
{
"ID": "oval:org.altlinux.errata:obj:20241193002",
"Version": "1",
"comment": "cacti-setup is installed",
"Name": "cacti-setup"
}
]
}

23
oval/c10f2/ALT-PU-2024-1193/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241193001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.2.26-alt1",
"Arch": {},
"Evr": {
"Text": "0:1.2.26-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/c10f2/ALT-PU-2024-1193/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241193001",
"Version": "1",
"Check": "all",
"Comment": "cacti is earlier than 0:1.2.26-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241193001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241193001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241193002",
"Version": "1",
"Check": "all",
"Comment": "cacti-setup is earlier than 0:1.2.26-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241193002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241193001"
}
}
]
}

89
oval/c10f2/ALT-PU-2024-1194/definitions.json Normal file
View File

@ -0,0 +1,89 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241194",
"Version": "oval:org.altlinux.errata:def:20241194",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1194: package `jobe` update to version 1.9.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1194",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1194",
"Source": "ALTPU"
},
{
"RefID": "CVE-2020-36642",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-36642",
"Source": "CVE"
}
],
"Description": "This update upgrades jobe to version 1.9.0-alt1. \nSecurity Fix(es):\n\n * CVE-2020-36642: A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affects the function run_in_sandbox of the file application/libraries/LanguageTask.php. The manipulation leads to command injection. Upgrading to version 1.7.0 is able to address this issue. The identifier of the patch is 8f43daf50c943b98eaf0c542da901a4a16e85b02. It is recommended to upgrade the affected component. The identifier VDB-217553 was assigned to this vulnerability.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-01-26"
},
"Updated": {
"Date": "2024-01-26"
},
"bdu": null,
"Cves": [
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-77",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-36642",
"Impact": "Critical",
"Public": "20230106",
"CveID": "CVE-2020-36642"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241194001",
"Comment": "jobe is earlier than 0:1.9.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241194002",
"Comment": "jobe-apache2 is earlier than 0:1.9.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241194003",
"Comment": "jobe-mysql is earlier than 0:1.9.0-alt1"
}
]
}
]
}
}
]
}

46
oval/c10f2/ALT-PU-2024-1194/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241194001",
"Version": "1",
"comment": "jobe is installed",
"Name": "jobe"
},
{
"ID": "oval:org.altlinux.errata:obj:20241194002",
"Version": "1",
"comment": "jobe-apache2 is installed",
"Name": "jobe-apache2"
},
{
"ID": "oval:org.altlinux.errata:obj:20241194003",
"Version": "1",
"comment": "jobe-mysql is installed",
"Name": "jobe-mysql"
}
]
}

23
oval/c10f2/ALT-PU-2024-1194/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241194001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.9.0-alt1",
"Arch": {},
"Evr": {
"Text": "0:1.9.0-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/c10f2/ALT-PU-2024-1194/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241194001",
"Version": "1",
"Check": "all",
"Comment": "jobe is earlier than 0:1.9.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241194001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241194001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241194002",
"Version": "1",
"Check": "all",
"Comment": "jobe-apache2 is earlier than 0:1.9.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241194002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241194001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241194003",
"Version": "1",
"Check": "all",
"Comment": "jobe-mysql is earlier than 0:1.9.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241194003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241194001"
}
}
]
}

138
oval/c10f2/ALT-PU-2024-1195/definitions.json Normal file
View File

@ -0,0 +1,138 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241195",
"Version": "oval:org.altlinux.errata:def:20241195",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1195: package `moodle` update to version 4.3.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1195",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1195",
"Source": "ALTPU"
},
{
"RefID": "CVE-2022-39369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-39369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-40316",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-40316",
"Source": "CVE"
},
{
"RefID": "CVE-2023-40317",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-40317",
"Source": "CVE"
},
{
"RefID": "CVE-2023-40318",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-40318",
"Source": "CVE"
},
{
"RefID": "CVE-2023-40319",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-40319",
"Source": "CVE"
},
{
"RefID": "CVE-2023-40320",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-40320",
"Source": "CVE"
},
{
"RefID": "CVE-2023-40322",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-40322",
"Source": "CVE"
},
{
"RefID": "CVE-2023-40323",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-40323",
"Source": "CVE"
},
{
"RefID": "CVE-2023-40324",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-40324",
"Source": "CVE"
},
{
"RefID": "CVE-2023-40325",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-40325",
"Source": "CVE"
}
],
"Description": "This update upgrades moodle to version 4.3.0-alt1. \nSecurity Fix(es):\n\n * CVE-2022-39369: phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm (CAS server) to authenticate to the service protected by phpCAS. Depending on the settings of the CAS server service registry in worst case this may be any other service URL (if the allowed URLs are configured to \"^(https)://.*\") or may be strictly limited to known and authorized services in the same SSO federation if proper URL service validation is applied. This vulnerability may allow an attacker to gain access to a victim's account on a vulnerable CASified service without victim's knowledge, when the victim visits attacker's website while being logged in to the same CAS server. phpCAS 1.6.0 is a major version upgrade that starts enforcing service URL discovery validation, because there is unfortunately no 100% safe default config to use in PHP. Starting this version, it is required to pass in an additional service base URL argument when constructing the client class. For more information, please refer to the upgrading doc. This vulnerability only impacts the CAS client that the phpCAS library protects against. The problematic service URL discovery behavior in phpCAS \u003c 1.6.0 will only be disabled, and thus you are not impacted from it, if the phpCAS configuration has the following setup: 1. `phpCAS::setUrl()` is called (a reminder that you have to pass in the full URL of the current page, rather than your service base URL), and 2. `phpCAS::setCallbackURL()` is called, only when the proxy mode is enabled. 3. If your PHP's HTTP header input `X-Forwarded-Host`, `X-Forwarded-Server`, `Host`, `X-Forwarded-Proto`, `X-Forwarded-Protocol` is sanitized before reaching PHP (by a reverse proxy, for example), you will not be impacted by this vulnerability either. If your CAS server service registry is configured to only allow known and trusted service URLs the severity of the vulnerability is reduced substantially in its severity since an attacker must be in control of another authorized service. Otherwise, you should upgrade the library to get the safe service discovery behavior.\n\n * CVE-2023-40316: description unavailable\n\n * CVE-2023-40317: description unavailable\n\n * CVE-2023-40318: description unavailable\n\n * CVE-2023-40319: description unavailable\n\n * CVE-2023-40320: description unavailable\n\n * CVE-2023-40322: description unavailable\n\n * CVE-2023-40323: description unavailable\n\n * CVE-2023-40324: description unavailable\n\n * CVE-2023-40325: description unavailable",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-01-26"
},
"Updated": {
"Date": "2024-01-26"
},
"bdu": null,
"Cves": [
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-99",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-39369",
"Impact": "High",
"Public": "20221101",
"CveID": "CVE-2022-39369"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241195001",
"Comment": "moodle is earlier than 0:4.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241195002",
"Comment": "moodle-apache2 is earlier than 0:4.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241195003",
"Comment": "moodle-base is earlier than 0:4.3.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241195004",
"Comment": "moodle-local-mysql is earlier than 0:4.3.0-alt1"
}
]
}
]
}
}
]
}

52
oval/c10f2/ALT-PU-2024-1195/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241195001",
"Version": "1",
"comment": "moodle is installed",
"Name": "moodle"
},
{
"ID": "oval:org.altlinux.errata:obj:20241195002",
"Version": "1",
"comment": "moodle-apache2 is installed",
"Name": "moodle-apache2"
},
{
"ID": "oval:org.altlinux.errata:obj:20241195003",
"Version": "1",
"comment": "moodle-base is installed",
"Name": "moodle-base"
},
{
"ID": "oval:org.altlinux.errata:obj:20241195004",
"Version": "1",
"comment": "moodle-local-mysql is installed",
"Name": "moodle-local-mysql"
}
]
}

23
oval/c10f2/ALT-PU-2024-1195/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241195001",
"Version": "1",
"Comment": "package EVR is earlier than 0:4.3.0-alt1",
"Arch": {},
"Evr": {
"Text": "0:4.3.0-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/c10f2/ALT-PU-2024-1195/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241195001",
"Version": "1",
"Check": "all",
"Comment": "moodle is earlier than 0:4.3.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241195001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241195001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241195002",
"Version": "1",
"Check": "all",
"Comment": "moodle-apache2 is earlier than 0:4.3.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241195002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241195001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241195003",
"Version": "1",
"Check": "all",
"Comment": "moodle-base is earlier than 0:4.3.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241195003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241195001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241195004",
"Version": "1",
"Check": "all",
"Comment": "moodle-local-mysql is earlier than 0:4.3.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241195004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241195001"
}
}
]
}

529
oval/c10f2/ALT-PU-2024-1196/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

46
oval/c10f2/ALT-PU-2024-1196/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241196001",
"Version": "1",
"comment": "nextcloud is installed",
"Name": "nextcloud"
},
{
"ID": "oval:org.altlinux.errata:obj:20241196002",
"Version": "1",
"comment": "nextcloud-apache2 is installed",
"Name": "nextcloud-apache2"
},
{
"ID": "oval:org.altlinux.errata:obj:20241196003",
"Version": "1",
"comment": "nextcloud-nginx is installed",
"Name": "nextcloud-nginx"
}
]
}

23
oval/c10f2/ALT-PU-2024-1196/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241196001",
"Version": "1",
"Comment": "package EVR is earlier than 0:27.1.4-alt1",
"Arch": {},
"Evr": {
"Text": "0:27.1.4-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/c10f2/ALT-PU-2024-1196/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241196001",
"Version": "1",
"Check": "all",
"Comment": "nextcloud is earlier than 0:27.1.4-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241196001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241196001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241196002",
"Version": "1",
"Check": "all",
"Comment": "nextcloud-apache2 is earlier than 0:27.1.4-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241196002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241196001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241196003",
"Version": "1",
"Check": "all",
"Comment": "nextcloud-nginx is earlier than 0:27.1.4-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241196003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241196001"
}
}
]
}

125
oval/c10f2/ALT-PU-2024-1329/definitions.json Normal file
View File

@ -0,0 +1,125 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241329",
"Version": "oval:org.altlinux.errata:def:20241329",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1329: package `sogo` update to version 5.9.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1329",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1329",
"Source": "ALTPU"
},
{
"RefID": "CVE-2023-48104",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-48104",
"Source": "CVE"
}
],
"Description": "This update upgrades sogo to version 5.9.1-alt1. \nSecurity Fix(es):\n\n * CVE-2023-48104: Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-01-26"
},
"Updated": {
"Date": "2024-01-26"
},
"bdu": null,
"Cves": [
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"Cwe": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-48104",
"Impact": "Low",
"Public": "20240116",
"CveID": "CVE-2023-48104"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241329001",
"Comment": "sogo is earlier than 0:5.9.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241329002",
"Comment": "sogo-activesync is earlier than 0:5.9.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241329003",
"Comment": "sogo-apache2 is earlier than 0:5.9.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241329004",
"Comment": "sogo-devel is earlier than 0:5.9.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241329005",
"Comment": "sogo-ealarms-notify is earlier than 0:5.9.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241329006",
"Comment": "sogo-slapd-sockd is earlier than 0:5.9.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241329007",
"Comment": "sogo-tool is earlier than 0:5.9.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241329008",
"Comment": "sope-cards is earlier than 0:5.9.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241329009",
"Comment": "sope-cards-devel is earlier than 0:5.9.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241329010",
"Comment": "sope-gdl1-contentstore is earlier than 0:5.9.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241329011",
"Comment": "sope-gdl1-contentstore-devel is earlier than 0:5.9.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241329012",
"Comment": "task-sogo is earlier than 0:5.9.1-alt1"
}
]
}
]
}
}
]
}

100
oval/c10f2/ALT-PU-2024-1329/objects.json Normal file
View File

@ -0,0 +1,100 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241329001",
"Version": "1",
"comment": "sogo is installed",
"Name": "sogo"
},
{
"ID": "oval:org.altlinux.errata:obj:20241329002",
"Version": "1",
"comment": "sogo-activesync is installed",
"Name": "sogo-activesync"
},
{
"ID": "oval:org.altlinux.errata:obj:20241329003",
"Version": "1",
"comment": "sogo-apache2 is installed",
"Name": "sogo-apache2"
},
{
"ID": "oval:org.altlinux.errata:obj:20241329004",
"Version": "1",
"comment": "sogo-devel is installed",
"Name": "sogo-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20241329005",
"Version": "1",
"comment": "sogo-ealarms-notify is installed",
"Name": "sogo-ealarms-notify"
},
{
"ID": "oval:org.altlinux.errata:obj:20241329006",
"Version": "1",
"comment": "sogo-slapd-sockd is installed",
"Name": "sogo-slapd-sockd"
},
{
"ID": "oval:org.altlinux.errata:obj:20241329007",
"Version": "1",
"comment": "sogo-tool is installed",
"Name": "sogo-tool"
},
{
"ID": "oval:org.altlinux.errata:obj:20241329008",
"Version": "1",
"comment": "sope-cards is installed",
"Name": "sope-cards"
},
{
"ID": "oval:org.altlinux.errata:obj:20241329009",
"Version": "1",
"comment": "sope-cards-devel is installed",
"Name": "sope-cards-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20241329010",
"Version": "1",
"comment": "sope-gdl1-contentstore is installed",
"Name": "sope-gdl1-contentstore"
},
{
"ID": "oval:org.altlinux.errata:obj:20241329011",
"Version": "1",
"comment": "sope-gdl1-contentstore-devel is installed",
"Name": "sope-gdl1-contentstore-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20241329012",
"Version": "1",
"comment": "task-sogo is installed",
"Name": "task-sogo"
}
]
}

23
oval/c10f2/ALT-PU-2024-1329/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241329001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.9.1-alt1",
"Arch": {},
"Evr": {
"Text": "0:5.9.1-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

162
oval/c10f2/ALT-PU-2024-1329/tests.json Normal file
View File

@ -0,0 +1,162 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241329001",
"Version": "1",
"Check": "all",
"Comment": "sogo is earlier than 0:5.9.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241329001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241329001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241329002",
"Version": "1",
"Check": "all",
"Comment": "sogo-activesync is earlier than 0:5.9.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241329002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241329001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241329003",
"Version": "1",
"Check": "all",
"Comment": "sogo-apache2 is earlier than 0:5.9.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241329003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241329001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241329004",
"Version": "1",
"Check": "all",
"Comment": "sogo-devel is earlier than 0:5.9.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241329004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241329001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241329005",
"Version": "1",
"Check": "all",
"Comment": "sogo-ealarms-notify is earlier than 0:5.9.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241329005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241329001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241329006",
"Version": "1",
"Check": "all",
"Comment": "sogo-slapd-sockd is earlier than 0:5.9.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241329006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241329001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241329007",
"Version": "1",
"Check": "all",
"Comment": "sogo-tool is earlier than 0:5.9.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241329007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241329001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241329008",
"Version": "1",
"Check": "all",
"Comment": "sope-cards is earlier than 0:5.9.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241329008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241329001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241329009",
"Version": "1",
"Check": "all",
"Comment": "sope-cards-devel is earlier than 0:5.9.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241329009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241329001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241329010",
"Version": "1",
"Check": "all",
"Comment": "sope-gdl1-contentstore is earlier than 0:5.9.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241329010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241329001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241329011",
"Version": "1",
"Check": "all",
"Comment": "sope-gdl1-contentstore-devel is earlier than 0:5.9.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241329011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241329001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241329012",
"Version": "1",
"Check": "all",
"Comment": "task-sogo is earlier than 0:5.9.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241329012"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241329001"
}
}
]
}

127
oval/c10f2/ALT-PU-2024-1333/definitions.json Normal file
View File

@ -0,0 +1,127 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241333",
"Version": "oval:org.altlinux.errata:def:20241333",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1333: package `openssh` update to version 7.9p1-alt4.p10.4",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1333",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1333",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-08853",
"RefURL": "https://bdu.fstec.ru/vul/2023-08853",
"Source": "BDU"
},
{
"RefID": "CVE-2023-48795",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"Source": "CVE"
}
],
"Description": "This update upgrades openssh to version 7.9p1-alt4.p10.4. \nSecurity Fix(es):\n\n * BDU:2023-08853: Уязвимость реализации протокола SSH, связанная с возможностью откорректировать порядковые номера пакетов в процессе согласования соединения и добиться удаления произвольного числа служебных SSH-сообщений, позволяющая нарушителю обойти проверки целостности, отключить существующие функции безопасности, получить несанкционированный доступ к защищаемой информации\n\n * CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.\n\n * #45029: Неверный код возврата при запуске ssh-agent",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-01-26"
},
"Updated": {
"Date": "2024-01-26"
},
"bdu": [
{
"Cvss": "AV:N/AC:H/Au:N/C:C/I:C/A:N",
"Cvss3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"Cwe": "CWE-222",
"Href": "https://bdu.fstec.ru/vul/2023-08853",
"Impact": "High",
"Public": "20231218",
"CveID": "BDU:2023-08853"
}
],
"Cves": [
{
"Cvss3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"Cwe": "CWE-354",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"Impact": "Low",
"Public": "20231218",
"CveID": "CVE-2023-48795"
}
],
"Bugzilla": [
{
"Id": "45029",
"Href": "https://bugzilla.altlinux.org/45029",
"Data": "Неверный код возврата при запуске ssh-agent"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241333001",
"Comment": "openssh is earlier than 0:7.9p1-alt4.p10.4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241333002",
"Comment": "openssh-askpass-common is earlier than 0:7.9p1-alt4.p10.4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241333003",
"Comment": "openssh-clients is earlier than 0:7.9p1-alt4.p10.4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241333004",
"Comment": "openssh-common is earlier than 0:7.9p1-alt4.p10.4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241333005",
"Comment": "openssh-keysign is earlier than 0:7.9p1-alt4.p10.4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241333006",
"Comment": "openssh-server is earlier than 0:7.9p1-alt4.p10.4"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20241333007",
"Comment": "openssh-server-control is earlier than 0:7.9p1-alt4.p10.4"
}
]
}
]
}
}
]
}

70
oval/c10f2/ALT-PU-2024-1333/objects.json Normal file
View File

@ -0,0 +1,70 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241333001",
"Version": "1",
"comment": "openssh is installed",
"Name": "openssh"
},
{
"ID": "oval:org.altlinux.errata:obj:20241333002",
"Version": "1",
"comment": "openssh-askpass-common is installed",
"Name": "openssh-askpass-common"
},
{
"ID": "oval:org.altlinux.errata:obj:20241333003",
"Version": "1",
"comment": "openssh-clients is installed",
"Name": "openssh-clients"
},
{
"ID": "oval:org.altlinux.errata:obj:20241333004",
"Version": "1",
"comment": "openssh-common is installed",
"Name": "openssh-common"
},
{
"ID": "oval:org.altlinux.errata:obj:20241333005",
"Version": "1",
"comment": "openssh-keysign is installed",
"Name": "openssh-keysign"
},
{
"ID": "oval:org.altlinux.errata:obj:20241333006",
"Version": "1",
"comment": "openssh-server is installed",
"Name": "openssh-server"
},
{
"ID": "oval:org.altlinux.errata:obj:20241333007",
"Version": "1",
"comment": "openssh-server-control is installed",
"Name": "openssh-server-control"
}
]
}

23
oval/c10f2/ALT-PU-2024-1333/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241333001",
"Version": "1",
"Comment": "package EVR is earlier than 0:7.9p1-alt4.p10.4",
"Arch": {},
"Evr": {
"Text": "0:7.9p1-alt4.p10.4",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

102
oval/c10f2/ALT-PU-2024-1333/tests.json Normal file
View File

@ -0,0 +1,102 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241333001",
"Version": "1",
"Check": "all",
"Comment": "openssh is earlier than 0:7.9p1-alt4.p10.4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241333001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241333001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241333002",
"Version": "1",
"Check": "all",
"Comment": "openssh-askpass-common is earlier than 0:7.9p1-alt4.p10.4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241333002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241333001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241333003",
"Version": "1",
"Check": "all",
"Comment": "openssh-clients is earlier than 0:7.9p1-alt4.p10.4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241333003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241333001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241333004",
"Version": "1",
"Check": "all",
"Comment": "openssh-common is earlier than 0:7.9p1-alt4.p10.4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241333004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241333001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241333005",
"Version": "1",
"Check": "all",
"Comment": "openssh-keysign is earlier than 0:7.9p1-alt4.p10.4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241333005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241333001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241333006",
"Version": "1",
"Check": "all",
"Comment": "openssh-server is earlier than 0:7.9p1-alt4.p10.4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241333006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241333001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20241333007",
"Version": "1",
"Check": "all",
"Comment": "openssh-server-control is earlier than 0:7.9p1-alt4.p10.4",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241333007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241333001"
}
}
]
}

73
oval/c10f2/ALT-PU-2024-1370/definitions.json Normal file
View File

@ -0,0 +1,73 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20241370",
"Version": "oval:org.altlinux.errata:def:20241370",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-1370: package `mediawiki-extensions-Math` update to version 3.0.0.1.40-alt1.4cf19b0",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-1370",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-1370",
"Source": "ALTPU"
}
],
"Description": "This update upgrades mediawiki-extensions-Math to version 3.0.0.1.40-alt1.4cf19b0. \nSecurity Fix(es):\n\n * #46923: Собрать с php8",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2024-01-26"
},
"Updated": {
"Date": "2024-01-26"
},
"bdu": null,
"Bugzilla": [
{
"Id": "46923",
"Href": "https://bugzilla.altlinux.org/46923",
"Data": "Собрать с php8"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20241370001",
"Comment": "mediawiki-extensions-Math is earlier than 0:3.0.0.1.40-alt1.4cf19b0"
}
]
}
]
}
}
]
}

34
oval/c10f2/ALT-PU-2024-1370/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20241370001",
"Version": "1",
"comment": "mediawiki-extensions-Math is installed",
"Name": "mediawiki-extensions-Math"
}
]
}

23
oval/c10f2/ALT-PU-2024-1370/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20241370001",
"Version": "1",
"Comment": "package EVR is earlier than 0:3.0.0.1.40-alt1.4cf19b0",
"Arch": {},
"Evr": {
"Text": "0:3.0.0.1.40-alt1.4cf19b0",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c10f2/ALT-PU-2024-1370/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20241370001",
"Version": "1",
"Check": "all",
"Comment": "mediawiki-extensions-Math is earlier than 0:3.0.0.1.40-alt1.4cf19b0",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20241370001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20241370001"
}
}
]
}