diff --git a/oval/c10f1/ALT-PU-2021-2050/definitions.json b/oval/c10f1/ALT-PU-2021-2050/definitions.json index e84166c71e..77758ca44c 100644 --- a/oval/c10f1/ALT-PU-2021-2050/definitions.json +++ b/oval/c10f1/ALT-PU-2021-2050/definitions.json @@ -121,7 +121,7 @@ "CWE": "CWE-476", "Href": "https://bdu.fstec.ru/vul/2021-04859", "Impact": "Low", - "Public": "20210530" + "Public": "20210531" }, { "ID": "BDU:2022-00513", diff --git a/oval/c10f1/ALT-PU-2021-2199/definitions.json b/oval/c10f1/ALT-PU-2021-2199/definitions.json index 70268b9a94..8d679010de 100644 --- a/oval/c10f1/ALT-PU-2021-2199/definitions.json +++ b/oval/c10f1/ALT-PU-2021-2199/definitions.json @@ -140,7 +140,7 @@ "CWE": "CWE-476", "Href": "https://bdu.fstec.ru/vul/2021-04859", "Impact": "Low", - "Public": "20210530" + "Public": "20210531" }, { "ID": "BDU:2022-00513", diff --git a/oval/c10f1/ALT-PU-2021-2326/definitions.json b/oval/c10f1/ALT-PU-2021-2326/definitions.json index acde80fbf7..879be64e97 100644 --- a/oval/c10f1/ALT-PU-2021-2326/definitions.json +++ b/oval/c10f1/ALT-PU-2021-2326/definitions.json @@ -330,7 +330,7 @@ "CWE": "CWE-476", "Href": "https://bdu.fstec.ru/vul/2021-04859", "Impact": "Low", - "Public": "20210530" + "Public": "20210531" }, { "ID": "BDU:2022-00513", diff --git a/oval/c10f1/ALT-PU-2022-1421/definitions.json b/oval/c10f1/ALT-PU-2022-1421/definitions.json index ad084e24e0..bac0548a10 100644 --- a/oval/c10f1/ALT-PU-2022-1421/definitions.json +++ b/oval/c10f1/ALT-PU-2022-1421/definitions.json @@ -1889,7 +1889,7 @@ "CWE": "CWE-476", "Href": "https://bdu.fstec.ru/vul/2021-04859", "Impact": "Low", - "Public": "20210530" + "Public": "20210531" }, { "ID": "BDU:2021-04864", diff --git a/oval/c9f2/ALT-PU-2024-15739/definitions.json b/oval/c9f2/ALT-PU-2024-15739/definitions.json index 1a93f5c85e..e4adc3cdd8 100644 --- a/oval/c9f2/ALT-PU-2024-15739/definitions.json +++ b/oval/c9f2/ALT-PU-2024-15739/definitions.json @@ -807,10 +807,10 @@ { "ID": "BDU:2024-08999", "CVSS": "AV:A/AC:L/Au:N/C:C/I:C/A:C", - "CVSS3": "AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2024-08999", - "Impact": "Critical", + "Impact": "High", "Public": "20241002" }, { diff --git a/oval/c9f2/ALT-PU-2024-15774/definitions.json b/oval/c9f2/ALT-PU-2024-15774/definitions.json new file mode 100644 index 0000000000..96bae4798a --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15774/definitions.json @@ -0,0 +1,107 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202415774", + "Version": "oval:org.altlinux.errata:def:202415774", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-15774: package `python3-module-cryptography` update to version 41.0.7-alt0.c9f2.1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c9f2" + ], + "Products": [ + "ALT SPWorkstation", + "ALT SPServer" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-15774", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-15774", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-02534", + "RefURL": "https://bdu.fstec.ru/vul/2024-02534", + "Source": "BDU" + }, + { + "RefID": "CVE-2023-49083", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-49083", + "Source": "CVE" + } + ], + "Description": "This update upgrades python3-module-cryptography to version 41.0.7-alt0.c9f2.1. \nSecurity Fix(es):\n\n * BDU:2024-02534: Уязвимость функций load_pem_pkcs7_certificates() и load_der_pkcs7_certificates() пакет cryptography, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-49083: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.\n\n * #48610: Оставляет мусор", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-11-22" + }, + "Updated": { + "Date": "2024-11-22" + }, + "BDUs": [ + { + "ID": "BDU:2024-02534", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://bdu.fstec.ru/vul/2024-02534", + "Impact": "High", + "Public": "20231129" + } + ], + "CVEs": [ + { + "ID": "CVE-2023-49083", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-476", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-49083", + "Impact": "High", + "Public": "20231129" + } + ], + "Bugzilla": [ + { + "ID": "48610", + "Href": "https://bugzilla.altlinux.org/48610", + "Data": "Оставляет мусор" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:8.4", + "cpe:/o:alt:spserver:8.4" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:3001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202415774001", + "Comment": "python3-module-cryptography is earlier than 0:41.0.7-alt0.c9f2.1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15774/objects.json b/oval/c9f2/ALT-PU-2024-15774/objects.json new file mode 100644 index 0000000000..9b71a2eea8 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15774/objects.json @@ -0,0 +1,34 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:3001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202415774001", + "Version": "1", + "Comment": "python3-module-cryptography is installed", + "Name": "python3-module-cryptography" + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15774/states.json b/oval/c9f2/ALT-PU-2024-15774/states.json new file mode 100644 index 0000000000..49ffe2c604 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15774/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:3001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202415774001", + "Version": "1", + "Comment": "package EVR is earlier than 0:41.0.7-alt0.c9f2.1", + "Arch": {}, + "EVR": { + "Text": "0:41.0.7-alt0.c9f2.1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15774/tests.json b/oval/c9f2/ALT-PU-2024-15774/tests.json new file mode 100644 index 0000000000..d9b396cc72 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15774/tests.json @@ -0,0 +1,30 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:3001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c9f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:3001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:3001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202415774001", + "Version": "1", + "Check": "all", + "Comment": "python3-module-cryptography is earlier than 0:41.0.7-alt0.c9f2.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415774001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415774001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15885/definitions.json b/oval/c9f2/ALT-PU-2024-15885/definitions.json new file mode 100644 index 0000000000..cb1370412e --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15885/definitions.json @@ -0,0 +1,86 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202415885", + "Version": "oval:org.altlinux.errata:def:202415885", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-15885: package `isync` update to version 1.4.4-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c9f2" + ], + "Products": [ + "ALT SPWorkstation", + "ALT SPServer" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-15885", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-15885", + "Source": "ALTPU" + }, + { + "RefID": "CVE-2021-3657", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3657", + "Source": "CVE" + } + ], + "Description": "This update upgrades isync to version 1.4.4-alt1. \nSecurity Fix(es):\n\n * CVE-2021-3657: A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (\u003e=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Critical", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-11-22" + }, + "Updated": { + "Date": "2024-11-22" + }, + "BDUs": null, + "CVEs": [ + { + "ID": "CVE-2021-3657", + "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-119", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3657", + "Impact": "Critical", + "Public": "20220218" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:8.4", + "cpe:/o:alt:spserver:8.4" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:3001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202415885001", + "Comment": "isync is earlier than 0:1.4.4-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15885/objects.json b/oval/c9f2/ALT-PU-2024-15885/objects.json new file mode 100644 index 0000000000..7fff658bf5 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15885/objects.json @@ -0,0 +1,34 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:3001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202415885001", + "Version": "1", + "Comment": "isync is installed", + "Name": "isync" + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15885/states.json b/oval/c9f2/ALT-PU-2024-15885/states.json new file mode 100644 index 0000000000..99beef3347 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15885/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:3001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202415885001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.4.4-alt1", + "Arch": {}, + "EVR": { + "Text": "0:1.4.4-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15885/tests.json b/oval/c9f2/ALT-PU-2024-15885/tests.json new file mode 100644 index 0000000000..235a0940da --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15885/tests.json @@ -0,0 +1,30 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:3001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c9f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:3001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:3001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202415885001", + "Version": "1", + "Check": "all", + "Comment": "isync is earlier than 0:1.4.4-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415885001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415885001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15905/definitions.json b/oval/c9f2/ALT-PU-2024-15905/definitions.json new file mode 100644 index 0000000000..e964b841f1 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15905/definitions.json @@ -0,0 +1,213 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202415905", + "Version": "oval:org.altlinux.errata:def:202415905", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-15905: package `postgresql12` update to version 12.22-alt0.c9f2.1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c9f2" + ], + "Products": [ + "ALT SPWorkstation", + "ALT SPServer" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-15905", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-15905", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-09679", + "RefURL": "https://bdu.fstec.ru/vul/2024-09679", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-09681", + "RefURL": "https://bdu.fstec.ru/vul/2024-09681", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-09682", + "RefURL": "https://bdu.fstec.ru/vul/2024-09682", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-09684", + "RefURL": "https://bdu.fstec.ru/vul/2024-09684", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-10976", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-10977", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-10978", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-10979", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979", + "Source": "CVE" + } + ], + "Description": "This update upgrades postgresql12 to version 12.22-alt0.c9f2.1. \nSecurity Fix(es):\n\n * BDU:2024-09679: Уязвимость переменных среды PL/Perl системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-09681: Уязвимость команд SET ROLE, SET SESSION системы управления базами данных PostgreSQL, позволяющая нарушителю повысить свои привилегии и получить доступ к защищаемой информации\n\n * BDU:2024-09682: Уязвимость компонента libpq системы управления базами данных PostgreSQL, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить атаку типа «человек посередине»\n\n * BDU:2024-09684: Уязвимость политики безопасности таблиц с защитой строк CREATE POLICY системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные команды\n\n * CVE-2024-10976: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10977: Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10978: Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10979: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-11-22" + }, + "Updated": { + "Date": "2024-11-22" + }, + "BDUs": [ + { + "ID": "BDU:2024-09679", + "CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-15, CWE-264", + "Href": "https://bdu.fstec.ru/vul/2024-09679", + "Impact": "High", + "Public": "20241114" + }, + { + "ID": "BDU:2024-09681", + "CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N", + "CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "CWE": "CWE-264, CWE-266", + "Href": "https://bdu.fstec.ru/vul/2024-09681", + "Impact": "Low", + "Public": "20241114" + }, + { + "ID": "BDU:2024-09682", + "CVSS": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "CWE": "CWE-264, CWE-348", + "Href": "https://bdu.fstec.ru/vul/2024-09682", + "Impact": "Low", + "Public": "20241114" + }, + { + "ID": "BDU:2024-09684", + "CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N", + "CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "CWE": "CWE-264, CWE-1250", + "Href": "https://bdu.fstec.ru/vul/2024-09684", + "Impact": "Low", + "Public": "20241114" + } + ], + "CVEs": [ + { + "ID": "CVE-2024-10976", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976", + "Impact": "None", + "Public": "20241114" + }, + { + "ID": "CVE-2024-10977", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977", + "Impact": "None", + "Public": "20241114" + }, + { + "ID": "CVE-2024-10978", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978", + "Impact": "None", + "Public": "20241114" + }, + { + "ID": "CVE-2024-10979", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979", + "Impact": "None", + "Public": "20241114" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:8.4", + "cpe:/o:alt:spserver:8.4" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:3001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202415905001", + "Comment": "libecpg6 is earlier than 0:12.22-alt0.c9f2.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415905002", + "Comment": "libpq5 is earlier than 0:12.22-alt0.c9f2.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415905003", + "Comment": "postgresql-devel is earlier than 0:12.22-alt0.c9f2.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415905004", + "Comment": "postgresql-devel-static is earlier than 0:12.22-alt0.c9f2.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415905005", + "Comment": "postgresql12 is earlier than 0:12.22-alt0.c9f2.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415905006", + "Comment": "postgresql12-contrib is earlier than 0:12.22-alt0.c9f2.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415905007", + "Comment": "postgresql12-docs is earlier than 0:12.22-alt0.c9f2.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415905008", + "Comment": "postgresql12-perl is earlier than 0:12.22-alt0.c9f2.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415905009", + "Comment": "postgresql12-python is earlier than 0:12.22-alt0.c9f2.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415905010", + "Comment": "postgresql12-server is earlier than 0:12.22-alt0.c9f2.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415905011", + "Comment": "postgresql12-tcl is earlier than 0:12.22-alt0.c9f2.1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15905/objects.json b/oval/c9f2/ALT-PU-2024-15905/objects.json new file mode 100644 index 0000000000..c4301e0c4e --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15905/objects.json @@ -0,0 +1,94 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:3001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202415905001", + "Version": "1", + "Comment": "libecpg6 is installed", + "Name": "libecpg6" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415905002", + "Version": "1", + "Comment": "libpq5 is installed", + "Name": "libpq5" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415905003", + "Version": "1", + "Comment": "postgresql-devel is installed", + "Name": "postgresql-devel" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415905004", + "Version": "1", + "Comment": "postgresql-devel-static is installed", + "Name": "postgresql-devel-static" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415905005", + "Version": "1", + "Comment": "postgresql12 is installed", + "Name": "postgresql12" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415905006", + "Version": "1", + "Comment": "postgresql12-contrib is installed", + "Name": "postgresql12-contrib" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415905007", + "Version": "1", + "Comment": "postgresql12-docs is installed", + "Name": "postgresql12-docs" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415905008", + "Version": "1", + "Comment": "postgresql12-perl is installed", + "Name": "postgresql12-perl" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415905009", + "Version": "1", + "Comment": "postgresql12-python is installed", + "Name": "postgresql12-python" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415905010", + "Version": "1", + "Comment": "postgresql12-server is installed", + "Name": "postgresql12-server" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415905011", + "Version": "1", + "Comment": "postgresql12-tcl is installed", + "Name": "postgresql12-tcl" + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15905/states.json b/oval/c9f2/ALT-PU-2024-15905/states.json new file mode 100644 index 0000000000..64c5c916e0 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15905/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:3001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202415905001", + "Version": "1", + "Comment": "package EVR is earlier than 0:12.22-alt0.c9f2.1", + "Arch": {}, + "EVR": { + "Text": "0:12.22-alt0.c9f2.1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15905/tests.json b/oval/c9f2/ALT-PU-2024-15905/tests.json new file mode 100644 index 0000000000..a2feb804e5 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15905/tests.json @@ -0,0 +1,150 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:3001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c9f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:3001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:3001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202415905001", + "Version": "1", + "Check": "all", + "Comment": "libecpg6 is earlier than 0:12.22-alt0.c9f2.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415905001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415905001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415905002", + "Version": "1", + "Check": "all", + "Comment": "libpq5 is earlier than 0:12.22-alt0.c9f2.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415905002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415905001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415905003", + "Version": "1", + "Check": "all", + "Comment": "postgresql-devel is earlier than 0:12.22-alt0.c9f2.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415905003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415905001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415905004", + "Version": "1", + "Check": "all", + "Comment": "postgresql-devel-static is earlier than 0:12.22-alt0.c9f2.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415905004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415905001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415905005", + "Version": "1", + "Check": "all", + "Comment": "postgresql12 is earlier than 0:12.22-alt0.c9f2.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415905005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415905001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415905006", + "Version": "1", + "Check": "all", + "Comment": "postgresql12-contrib is earlier than 0:12.22-alt0.c9f2.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415905006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415905001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415905007", + "Version": "1", + "Check": "all", + "Comment": "postgresql12-docs is earlier than 0:12.22-alt0.c9f2.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415905007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415905001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415905008", + "Version": "1", + "Check": "all", + "Comment": "postgresql12-perl is earlier than 0:12.22-alt0.c9f2.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415905008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415905001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415905009", + "Version": "1", + "Check": "all", + "Comment": "postgresql12-python is earlier than 0:12.22-alt0.c9f2.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415905009" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415905001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415905010", + "Version": "1", + "Check": "all", + "Comment": "postgresql12-server is earlier than 0:12.22-alt0.c9f2.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415905010" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415905001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415905011", + "Version": "1", + "Check": "all", + "Comment": "postgresql12-tcl is earlier than 0:12.22-alt0.c9f2.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415905011" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415905001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15907/definitions.json b/oval/c9f2/ALT-PU-2024-15907/definitions.json new file mode 100644 index 0000000000..c23e51581b --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15907/definitions.json @@ -0,0 +1,197 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202415907", + "Version": "oval:org.altlinux.errata:def:202415907", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-15907: package `postgresql12-1C` update to version 12.20-alt0.c9f2.3", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c9f2" + ], + "Products": [ + "ALT SPWorkstation", + "ALT SPServer" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-15907", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-15907", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-09679", + "RefURL": "https://bdu.fstec.ru/vul/2024-09679", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-09681", + "RefURL": "https://bdu.fstec.ru/vul/2024-09681", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-09682", + "RefURL": "https://bdu.fstec.ru/vul/2024-09682", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-09684", + "RefURL": "https://bdu.fstec.ru/vul/2024-09684", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-10976", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-10977", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-10978", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-10979", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979", + "Source": "CVE" + } + ], + "Description": "This update upgrades postgresql12-1C to version 12.20-alt0.c9f2.3. \nSecurity Fix(es):\n\n * BDU:2024-09679: Уязвимость переменных среды PL/Perl системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-09681: Уязвимость команд SET ROLE, SET SESSION системы управления базами данных PostgreSQL, позволяющая нарушителю повысить свои привилегии и получить доступ к защищаемой информации\n\n * BDU:2024-09682: Уязвимость компонента libpq системы управления базами данных PostgreSQL, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить атаку типа «человек посередине»\n\n * BDU:2024-09684: Уязвимость политики безопасности таблиц с защитой строк CREATE POLICY системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные команды\n\n * CVE-2024-10976: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10977: Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10978: Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10979: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-11-22" + }, + "Updated": { + "Date": "2024-11-22" + }, + "BDUs": [ + { + "ID": "BDU:2024-09679", + "CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-15, CWE-264", + "Href": "https://bdu.fstec.ru/vul/2024-09679", + "Impact": "High", + "Public": "20241114" + }, + { + "ID": "BDU:2024-09681", + "CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N", + "CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "CWE": "CWE-264, CWE-266", + "Href": "https://bdu.fstec.ru/vul/2024-09681", + "Impact": "Low", + "Public": "20241114" + }, + { + "ID": "BDU:2024-09682", + "CVSS": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "CWE": "CWE-264, CWE-348", + "Href": "https://bdu.fstec.ru/vul/2024-09682", + "Impact": "Low", + "Public": "20241114" + }, + { + "ID": "BDU:2024-09684", + "CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N", + "CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "CWE": "CWE-264, CWE-1250", + "Href": "https://bdu.fstec.ru/vul/2024-09684", + "Impact": "Low", + "Public": "20241114" + } + ], + "CVEs": [ + { + "ID": "CVE-2024-10976", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976", + "Impact": "None", + "Public": "20241114" + }, + { + "ID": "CVE-2024-10977", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977", + "Impact": "None", + "Public": "20241114" + }, + { + "ID": "CVE-2024-10978", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978", + "Impact": "None", + "Public": "20241114" + }, + { + "ID": "CVE-2024-10979", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979", + "Impact": "None", + "Public": "20241114" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:8.4", + "cpe:/o:alt:spserver:8.4" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:3001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202415907001", + "Comment": "postgresql12-1C is earlier than 0:12.20-alt0.c9f2.3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415907002", + "Comment": "postgresql12-1C-contrib is earlier than 0:12.20-alt0.c9f2.3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415907003", + "Comment": "postgresql12-1C-docs is earlier than 0:12.20-alt0.c9f2.3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415907004", + "Comment": "postgresql12-1C-perl is earlier than 0:12.20-alt0.c9f2.3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415907005", + "Comment": "postgresql12-1C-python is earlier than 0:12.20-alt0.c9f2.3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415907006", + "Comment": "postgresql12-1C-server is earlier than 0:12.20-alt0.c9f2.3" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415907007", + "Comment": "postgresql12-1C-tcl is earlier than 0:12.20-alt0.c9f2.3" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15907/objects.json b/oval/c9f2/ALT-PU-2024-15907/objects.json new file mode 100644 index 0000000000..96ae5c8d6f --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15907/objects.json @@ -0,0 +1,70 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:3001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202415907001", + "Version": "1", + "Comment": "postgresql12-1C is installed", + "Name": "postgresql12-1C" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415907002", + "Version": "1", + "Comment": "postgresql12-1C-contrib is installed", + "Name": "postgresql12-1C-contrib" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415907003", + "Version": "1", + "Comment": "postgresql12-1C-docs is installed", + "Name": "postgresql12-1C-docs" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415907004", + "Version": "1", + "Comment": "postgresql12-1C-perl is installed", + "Name": "postgresql12-1C-perl" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415907005", + "Version": "1", + "Comment": "postgresql12-1C-python is installed", + "Name": "postgresql12-1C-python" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415907006", + "Version": "1", + "Comment": "postgresql12-1C-server is installed", + "Name": "postgresql12-1C-server" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415907007", + "Version": "1", + "Comment": "postgresql12-1C-tcl is installed", + "Name": "postgresql12-1C-tcl" + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15907/states.json b/oval/c9f2/ALT-PU-2024-15907/states.json new file mode 100644 index 0000000000..688e6eeae0 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15907/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:3001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202415907001", + "Version": "1", + "Comment": "package EVR is earlier than 0:12.20-alt0.c9f2.3", + "Arch": {}, + "EVR": { + "Text": "0:12.20-alt0.c9f2.3", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15907/tests.json b/oval/c9f2/ALT-PU-2024-15907/tests.json new file mode 100644 index 0000000000..4db17ab27b --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15907/tests.json @@ -0,0 +1,102 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:3001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c9f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:3001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:3001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202415907001", + "Version": "1", + "Check": "all", + "Comment": "postgresql12-1C is earlier than 0:12.20-alt0.c9f2.3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415907001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415907001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415907002", + "Version": "1", + "Check": "all", + "Comment": "postgresql12-1C-contrib is earlier than 0:12.20-alt0.c9f2.3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415907002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415907001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415907003", + "Version": "1", + "Check": "all", + "Comment": "postgresql12-1C-docs is earlier than 0:12.20-alt0.c9f2.3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415907003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415907001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415907004", + "Version": "1", + "Check": "all", + "Comment": "postgresql12-1C-perl is earlier than 0:12.20-alt0.c9f2.3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415907004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415907001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415907005", + "Version": "1", + "Check": "all", + "Comment": "postgresql12-1C-python is earlier than 0:12.20-alt0.c9f2.3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415907005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415907001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415907006", + "Version": "1", + "Check": "all", + "Comment": "postgresql12-1C-server is earlier than 0:12.20-alt0.c9f2.3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415907006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415907001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415907007", + "Version": "1", + "Check": "all", + "Comment": "postgresql12-1C-tcl is earlier than 0:12.20-alt0.c9f2.3", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415907007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415907001" + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15954/definitions.json b/oval/c9f2/ALT-PU-2024-15954/definitions.json new file mode 100644 index 0000000000..b8d65a3ecb --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15954/definitions.json @@ -0,0 +1,578 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202415954", + "Version": "oval:org.altlinux.errata:def:202415954", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-15954: package `libpjsip` update to version 2.14.1-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c9f2" + ], + "Products": [ + "ALT SPWorkstation", + "ALT SPServer" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-15954", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-15954", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2022-01086", + "RefURL": "https://bdu.fstec.ru/vul/2022-01086", + "Source": "BDU" + }, + { + "RefID": "BDU:2022-01087", + "RefURL": "https://bdu.fstec.ru/vul/2022-01087", + "Source": "BDU" + }, + { + "RefID": "BDU:2022-01449", + "RefURL": "https://bdu.fstec.ru/vul/2022-01449", + "Source": "BDU" + }, + { + "RefID": "BDU:2022-01450", + "RefURL": "https://bdu.fstec.ru/vul/2022-01450", + "Source": "BDU" + }, + { + "RefID": "BDU:2022-01451", + "RefURL": "https://bdu.fstec.ru/vul/2022-01451", + "Source": "BDU" + }, + { + "RefID": "BDU:2022-01452", + "RefURL": "https://bdu.fstec.ru/vul/2022-01452", + "Source": "BDU" + }, + { + "RefID": "BDU:2022-01458", + "RefURL": "https://bdu.fstec.ru/vul/2022-01458", + "Source": "BDU" + }, + { + "RefID": "BDU:2022-02055", + "RefURL": "https://bdu.fstec.ru/vul/2022-02055", + "Source": "BDU" + }, + { + "RefID": "BDU:2022-02185", + "RefURL": "https://bdu.fstec.ru/vul/2022-02185", + "Source": "BDU" + }, + { + "RefID": "BDU:2022-02186", + "RefURL": "https://bdu.fstec.ru/vul/2022-02186", + "Source": "BDU" + }, + { + "RefID": "BDU:2022-02207", + "RefURL": "https://bdu.fstec.ru/vul/2022-02207", + "Source": "BDU" + }, + { + "RefID": "BDU:2022-02209", + "RefURL": "https://bdu.fstec.ru/vul/2022-02209", + "Source": "BDU" + }, + { + "RefID": "BDU:2022-03168", + "RefURL": "https://bdu.fstec.ru/vul/2022-03168", + "Source": "BDU" + }, + { + "RefID": "BDU:2022-03169", + "RefURL": "https://bdu.fstec.ru/vul/2022-03169", + "Source": "BDU" + }, + { + "RefID": "BDU:2022-03171", + "RefURL": "https://bdu.fstec.ru/vul/2022-03171", + "Source": "BDU" + }, + { + "RefID": "BDU:2022-07479", + "RefURL": "https://bdu.fstec.ru/vul/2022-07479", + "Source": "BDU" + }, + { + "RefID": "CVE-2021-32686", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32686", + "Source": "CVE" + }, + { + "RefID": "CVE-2021-37706", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37706", + "Source": "CVE" + }, + { + "RefID": "CVE-2021-41141", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-41141", + "Source": "CVE" + }, + { + "RefID": "CVE-2021-43299", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-43299", + "Source": "CVE" + }, + { + "RefID": "CVE-2021-43300", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-43300", + "Source": "CVE" + }, + { + "RefID": "CVE-2021-43301", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-43301", + "Source": "CVE" + }, + { + "RefID": "CVE-2021-43302", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-43302", + "Source": "CVE" + }, + { + "RefID": "CVE-2021-43303", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-43303", + "Source": "CVE" + }, + { + "RefID": "CVE-2021-43804", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-43804", + "Source": "CVE" + }, + { + "RefID": "CVE-2021-43845", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-43845", + "Source": "CVE" + }, + { + "RefID": "CVE-2022-21722", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-21722", + "Source": "CVE" + }, + { + "RefID": "CVE-2022-21723", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-21723", + "Source": "CVE" + }, + { + "RefID": "CVE-2022-23537", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23537", + "Source": "CVE" + }, + { + "RefID": "CVE-2022-23608", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23608", + "Source": "CVE" + }, + { + "RefID": "CVE-2022-24754", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-24754", + "Source": "CVE" + }, + { + "RefID": "CVE-2022-24764", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-24764", + "Source": "CVE" + }, + { + "RefID": "CVE-2022-24792", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-24792", + "Source": "CVE" + }, + { + "RefID": "CVE-2022-31031", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-31031", + "Source": "CVE" + }, + { + "RefID": "CVE-2023-27585", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-27585", + "Source": "CVE" + }, + { + "RefID": "CVE-2023-38703", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38703", + "Source": "CVE" + } + ], + "Description": "This update upgrades libpjsip to version 2.14.1-alt1. \nSecurity Fix(es):\n\n * BDU:2022-01086: Уязвимость мультимедийной коммуникационной библиотеки PJSIP, связанная с целочисленной потерей значимости, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01087: Уязвимость мультимедийной коммуникационной библиотеки PJSIP, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01449: Уязвимость функции pjsua_playlist_create мультимедийной коммуникационной библиотеки PJSIP, связанная с переполнением буфера в стека, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01450: Уязвимость функции pjsua_call_dump мультимедийной коммуникационной библиотеки PJSIP, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный кодд\n\n * BDU:2022-01451: Уязвимость функции pjsua_recorder_create мультимедийной коммуникационной библиотеки PJSIP, связанная с переполнением буфера в стека, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01452: Уязвимость мультимедийной коммуникационной библиотеки PJSIP, связанная с переполнением буфера в стеке, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01458: Уязвимость функции pjsua_recorder_create мультимедийной коммуникационной библиотеки PJSIP, связанная с чтением за границами буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02055: Уязвимость SSL-сокета системы управления IP-телефонией Asterisk, реализации протокола SIP PJSIP, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02185: Уязвимость мультимедийной коммуникационной библиотеки PJSIP, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02186: Уязвимость мультимедийной коммуникационной библиотеки PJSIP, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02207: Уязвимость мультимедийной коммуникационной библиотеки PJSIP, связанная с ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02209: Уязвимость мультимедийной коммуникационной библиотеки PJSIP, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03168: Уязвимость реализации функции pjsip_auth_create_digest() мультимедийной коммуникационной библиотеки PJSIP, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * BDU:2022-03169: Уязвимость мультимедийной коммуникационной библиотеки PJSIP, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-03171: Уязвимость реализации функций pjmedia_sdp_print() и pjmedia_sdp_media_print() интерфейса PJSUA2 API мультимедийной коммуникационной библиотеки PJSI, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2022-07479: Уязвимость мультимедиа библиотеки PJSIP, связанная с переполнением буфера в динамической памяти, позволяющая нарушителю выполнить произвольный код в целевой системе\n\n * CVE-2021-32686: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service. These are fixed in version 2.11.1.\n\n * CVE-2021-37706: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.\n\n * CVE-2021-41141: PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch.\n\n * CVE-2021-43299: Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.\n\n * CVE-2021-43300: Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.\n\n * CVE-2021-43301: Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.\n\n * CVE-2021-43302: Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters.\n\n * CVE-2021-43303: Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied\n\n * CVE-2021-43804: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access. This issue affects all users that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an invalid reason length. Users are advised to upgrade as soon as possible. There are no known workarounds.\n\n * CVE-2021-43845: PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.\n\n * CVE-2022-21722: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds.\n\n * CVE-2022-21723: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds.\n\n * CVE-2022-23537: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).\n\n * CVE-2022-23608: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.\n\n * CVE-2022-24754: PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP.\n\n * CVE-2022-24764: PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.\n\n * CVE-2022-24792: PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first.\n\n * CVE-2022-31031: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue.\n\n * CVE-2023-27585: PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead.\n\n * CVE-2023-38703: PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch.\n", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Critical", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-11-22" + }, + "Updated": { + "Date": "2024-11-22" + }, + "BDUs": [ + { + "ID": "BDU:2022-01086", + "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "CWE": "CWE-191", + "Href": "https://bdu.fstec.ru/vul/2022-01086", + "Impact": "High", + "Public": "20210810" + }, + { + "ID": "BDU:2022-01087", + "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "CWE": "CWE-125", + "Href": "https://bdu.fstec.ru/vul/2022-01087", + "Impact": "High", + "Public": "20211222" + }, + { + "ID": "BDU:2022-01449", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-121", + "Href": "https://bdu.fstec.ru/vul/2022-01449", + "Impact": "Critical", + "Public": "20220302" + }, + { + "ID": "BDU:2022-01450", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-119", + "Href": "https://bdu.fstec.ru/vul/2022-01450", + "Impact": "Critical", + "Public": "20220302" + }, + { + "ID": "BDU:2022-01451", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-121", + "Href": "https://bdu.fstec.ru/vul/2022-01451", + "Impact": "Critical", + "Public": "20220302" + }, + { + "ID": "BDU:2022-01452", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-121", + "Href": "https://bdu.fstec.ru/vul/2022-01452", + "Impact": "Critical", + "Public": "20220302" + }, + { + "ID": "BDU:2022-01458", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-125", + "Href": "https://bdu.fstec.ru/vul/2022-01458", + "Impact": "High", + "Public": "20220302" + }, + { + "ID": "BDU:2022-02055", + "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-362", + "Href": "https://bdu.fstec.ru/vul/2022-02055", + "Impact": "Low", + "Public": "20210723" + }, + { + "ID": "BDU:2022-02185", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "CWE": "CWE-125", + "Href": "https://bdu.fstec.ru/vul/2022-02185", + "Impact": "Critical", + "Public": "20220126" + }, + { + "ID": "BDU:2022-02186", + "CVSS": "AV:N/AC:H/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-416", + "Href": "https://bdu.fstec.ru/vul/2022-02186", + "Impact": "Low", + "Public": "20220221" + }, + { + "ID": "BDU:2022-02207", + "CVSS": "AV:N/AC:H/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-667", + "Href": "https://bdu.fstec.ru/vul/2022-02207", + "Impact": "Low", + "Public": "20220104" + }, + { + "ID": "BDU:2022-02209", + "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "CWE": "CWE-125", + "Href": "https://bdu.fstec.ru/vul/2022-02209", + "Impact": "Critical", + "Public": "20220126" + }, + { + "ID": "BDU:2022-03168", + "CVSS": "AV:N/AC:H/Au:S/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "CWE": "CWE-119, CWE-120, CWE-787", + "Href": "https://bdu.fstec.ru/vul/2022-03168", + "Impact": "High", + "Public": "20220308" + }, + { + "ID": "BDU:2022-03169", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-835", + "Href": "https://bdu.fstec.ru/vul/2022-03169", + "Impact": "High", + "Public": "20220425" + }, + { + "ID": "BDU:2022-03171", + "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:C", + "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "CWE": "CWE-120, CWE-121", + "Href": "https://bdu.fstec.ru/vul/2022-03171", + "Impact": "High", + "Public": "20220322" + }, + { + "ID": "BDU:2022-07479", + "CVSS": "AV:N/AC:H/Au:N/C:P/I:N/A:C", + "CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "CWE": "CWE-122", + "Href": "https://bdu.fstec.ru/vul/2022-07479", + "Impact": "Low", + "Public": "20221220" + } + ], + "CVEs": [ + { + "ID": "CVE-2021-32686", + "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-362", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32686", + "Impact": "Low", + "Public": "20210723" + }, + { + "ID": "CVE-2021-37706", + "CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-191", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37706", + "Impact": "Critical", + "Public": "20211222" + }, + { + "ID": "CVE-2021-41141", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-667", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-41141", + "Impact": "High", + "Public": "20220104" + }, + { + "ID": "CVE-2021-43299", + "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-121", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-43299", + "Impact": "Critical", + "Public": "20220216" + }, + { + "ID": "CVE-2021-43300", + "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-121", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-43300", + "Impact": "Critical", + "Public": "20220216" + }, + { + "ID": "CVE-2021-43301", + "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-121", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-43301", + "Impact": "Critical", + "Public": "20220216" + }, + { + "ID": "CVE-2021-43302", + "CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-43302", + "Impact": "Critical", + "Public": "20220216" + }, + { + "ID": "CVE-2021-43303", + "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-120", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-43303", + "Impact": "Critical", + "Public": "20220216" + }, + { + "ID": "CVE-2021-43804", + "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-43804", + "Impact": "High", + "Public": "20211222" + }, + { + "ID": "CVE-2021-43845", + "CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-43845", + "Impact": "Critical", + "Public": "20211227" + }, + { + "ID": "CVE-2022-21722", + "CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-21722", + "Impact": "Critical", + "Public": "20220127" + }, + { + "ID": "CVE-2022-21723", + "CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-21723", + "Impact": "Critical", + "Public": "20220127" + }, + { + "ID": "CVE-2022-23537", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-122", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23537", + "Impact": "Critical", + "Public": "20221220" + }, + { + "ID": "CVE-2022-23608", + "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23608", + "Impact": "Critical", + "Public": "20220222" + }, + { + "ID": "CVE-2022-24754", + "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-120", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-24754", + "Impact": "Critical", + "Public": "20220311" + }, + { + "ID": "CVE-2022-24764", + "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-120", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-24764", + "Impact": "High", + "Public": "20220322" + }, + { + "ID": "CVE-2022-24792", + "CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-835", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-24792", + "Impact": "High", + "Public": "20220425" + }, + { + "ID": "CVE-2022-31031", + "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-120", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-31031", + "Impact": "Critical", + "Public": "20220609" + }, + { + "ID": "CVE-2023-27585", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "CWE": "CWE-120", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-27585", + "Impact": "High", + "Public": "20230314" + }, + { + "ID": "CVE-2023-38703", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-416", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38703", + "Impact": "Critical", + "Public": "20231006" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:8.4", + "cpe:/o:alt:spserver:8.4" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:3001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202415954001", + "Comment": "libpjsip is earlier than 0:2.14.1-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415954002", + "Comment": "libpjsip-devel is earlier than 0:2.14.1-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15954/objects.json b/oval/c9f2/ALT-PU-2024-15954/objects.json new file mode 100644 index 0000000000..6e630396a2 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15954/objects.json @@ -0,0 +1,40 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:3001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202415954001", + "Version": "1", + "Comment": "libpjsip is installed", + "Name": "libpjsip" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415954002", + "Version": "1", + "Comment": "libpjsip-devel is installed", + "Name": "libpjsip-devel" + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15954/states.json b/oval/c9f2/ALT-PU-2024-15954/states.json new file mode 100644 index 0000000000..002479926f --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15954/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:3001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202415954001", + "Version": "1", + "Comment": "package EVR is earlier than 0:2.14.1-alt1", + "Arch": {}, + "EVR": { + "Text": "0:2.14.1-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-15954/tests.json b/oval/c9f2/ALT-PU-2024-15954/tests.json new file mode 100644 index 0000000000..af7c321f3c --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-15954/tests.json @@ -0,0 +1,42 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:3001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c9f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:3001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:3001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202415954001", + "Version": "1", + "Check": "all", + "Comment": "libpjsip is earlier than 0:2.14.1-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415954001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415954001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415954002", + "Version": "1", + "Check": "all", + "Comment": "libpjsip-devel is earlier than 0:2.14.1-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415954002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415954001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2021-2050/definitions.json b/oval/p10/ALT-PU-2021-2050/definitions.json index 0837c2510b..574086ea3b 100644 --- a/oval/p10/ALT-PU-2021-2050/definitions.json +++ b/oval/p10/ALT-PU-2021-2050/definitions.json @@ -126,7 +126,7 @@ "CWE": "CWE-476", "Href": "https://bdu.fstec.ru/vul/2021-04859", "Impact": "Low", - "Public": "20210530" + "Public": "20210531" }, { "ID": "BDU:2022-00513", diff --git a/oval/p10/ALT-PU-2021-2199/definitions.json b/oval/p10/ALT-PU-2021-2199/definitions.json index 884c9b143e..00761c58bc 100644 --- a/oval/p10/ALT-PU-2021-2199/definitions.json +++ b/oval/p10/ALT-PU-2021-2199/definitions.json @@ -145,7 +145,7 @@ "CWE": "CWE-476", "Href": "https://bdu.fstec.ru/vul/2021-04859", "Impact": "Low", - "Public": "20210530" + "Public": "20210531" }, { "ID": "BDU:2022-00513", diff --git a/oval/p10/ALT-PU-2021-2326/definitions.json b/oval/p10/ALT-PU-2021-2326/definitions.json index b7d6c0f8bc..0e0b759200 100644 --- a/oval/p10/ALT-PU-2021-2326/definitions.json +++ b/oval/p10/ALT-PU-2021-2326/definitions.json @@ -335,7 +335,7 @@ "CWE": "CWE-476", "Href": "https://bdu.fstec.ru/vul/2021-04859", "Impact": "Low", - "Public": "20210530" + "Public": "20210531" }, { "ID": "BDU:2022-00513", diff --git a/oval/p10/ALT-PU-2022-1421/definitions.json b/oval/p10/ALT-PU-2022-1421/definitions.json index 239e701986..8d1c5cf89d 100644 --- a/oval/p10/ALT-PU-2022-1421/definitions.json +++ b/oval/p10/ALT-PU-2022-1421/definitions.json @@ -1894,7 +1894,7 @@ "CWE": "CWE-476", "Href": "https://bdu.fstec.ru/vul/2021-04859", "Impact": "Low", - "Public": "20210530" + "Public": "20210531" }, { "ID": "BDU:2021-04864", diff --git a/oval/p10/ALT-PU-2024-15832/definitions.json b/oval/p10/ALT-PU-2024-15832/definitions.json new file mode 100644 index 0000000000..8eb51286cb --- /dev/null +++ b/oval/p10/ALT-PU-2024-15832/definitions.json @@ -0,0 +1,366 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202415832", + "Version": "oval:org.altlinux.errata:def:202415832", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-15832: package `zabbix` update to version 6.0.36-alt0.p10.1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-15832", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-15832", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2024-03942", + "RefURL": "https://bdu.fstec.ru/vul/2024-03942", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-06995", + "RefURL": "https://bdu.fstec.ru/vul/2024-06995", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-07007", + "RefURL": "https://bdu.fstec.ru/vul/2024-07007", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-07008", + "RefURL": "https://bdu.fstec.ru/vul/2024-07008", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-07009", + "RefURL": "https://bdu.fstec.ru/vul/2024-07009", + "Source": "BDU" + }, + { + "RefID": "BDU:2024-07010", + "RefURL": "https://bdu.fstec.ru/vul/2024-07010", + "Source": "BDU" + }, + { + "RefID": "CVE-2024-22114", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-22114", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-22120", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-22120", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-22121", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-22121", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-22122", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-22122", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-22123", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-22123", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-36460", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-36460", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-36461", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-36461", + "Source": "CVE" + } + ], + "Description": "This update upgrades zabbix to version 6.0.36-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2024-03942: Уязвимость сервера универсальной системы мониторинга Zabbix Workstation, связанная с ошибками при обработке входных данных, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-06995: Уязвимость универсальной системы мониторинга Zabbix, связанная с ненадлежащим сохранением разрешений, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2024-07007: Уязвимость универсальной системы мониторинга Zabbix, связанная с неправильной нейтрализацией специальных элементов, используемых в команде, позволяющая нарушителю выполнить дополнительные AT-команды на модеме\n\n * BDU:2024-07008: Уязвимость универсальной системы мониторинга Zabbix, связанная с хранением пароля в открытом виде, позволяющая нарушителю получить доступ к конфиденциальной информации\n\n * BDU:2024-07009: Уязвимость универсальной системы мониторинга Zabbix, связанная с неправильным контролем генерации кода, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-07010: Уязвимость универсальной системы мониторинга Zabbix, связанная с разыменованием ненадежного указателя, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2024-22114: User with no permission to any of the Hosts can access and view host count \u0026 other statistics through System Information Widget in Global View Dashboard.\n\n * CVE-2024-22120: Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to \"Audit Log\". Due to \"clientip\" field is not sanitized, it is possible to injection SQL into \"clientip\" and exploit time based blind SQL injection.\n\n * CVE-2024-22121: A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.\n\n * CVE-2024-22122: Zabbix allows to configure SMS notifications. AT command injection occurs on \"Zabbix Server\" because there is no validation of \"Number\" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.\n\n * CVE-2024-22123: Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI.\n\n * CVE-2024-36460: The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.\n\n * CVE-2024-36461: Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Critical", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-11-22" + }, + "Updated": { + "Date": "2024-11-22" + }, + "BDUs": [ + { + "ID": "BDU:2024-03942", + "CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "CVSS3": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "CWE": "CWE-20", + "Href": "https://bdu.fstec.ru/vul/2024-03942", + "Impact": "Critical", + "Public": "20240517" + }, + { + "ID": "BDU:2024-06995", + "CVSS": "AV:L/AC:L/Au:S/C:N/I:C/A:P", + "CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", + "CWE": "CWE-281", + "Href": "https://bdu.fstec.ru/vul/2024-06995", + "Impact": "Low", + "Public": "20240812" + }, + { + "ID": "BDU:2024-07007", + "CVSS": "AV:N/AC:H/Au:M/C:N/I:P/A:N", + "CVSS3": "AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N", + "CWE": "CWE-77", + "Href": "https://bdu.fstec.ru/vul/2024-07007", + "Impact": "Low", + "Public": "20240812" + }, + { + "ID": "BDU:2024-07008", + "CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:N", + "CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "CWE": "CWE-256", + "Href": "https://bdu.fstec.ru/vul/2024-07008", + "Impact": "High", + "Public": "20240812" + }, + { + "ID": "BDU:2024-07009", + "CVSS": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", + "CWE": "CWE-94", + "Href": "https://bdu.fstec.ru/vul/2024-07009", + "Impact": "Low", + "Public": "20240812" + }, + { + "ID": "BDU:2024-07010", + "CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:C", + "CVSS3": "AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H", + "CWE": "CWE-822", + "Href": "https://bdu.fstec.ru/vul/2024-07010", + "Impact": "Critical", + "Public": "20240812" + } + ], + "CVEs": [ + { + "ID": "CVE-2024-22114", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-22114", + "Impact": "None", + "Public": "20240812" + }, + { + "ID": "CVE-2024-22120", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-22120", + "Impact": "None", + "Public": "20240517" + }, + { + "ID": "CVE-2024-22121", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-22121", + "Impact": "None", + "Public": "20240812" + }, + { + "ID": "CVE-2024-22122", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-22122", + "Impact": "None", + "Public": "20240812" + }, + { + "ID": "CVE-2024-22123", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-22123", + "Impact": "None", + "Public": "20240812" + }, + { + "ID": "CVE-2024-36460", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-36460", + "Impact": "None", + "Public": "20240812" + }, + { + "ID": "CVE-2024-36461", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-36461", + "Impact": "None", + "Public": "20240812" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202415832001", + "Comment": "zabbix-agent is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832002", + "Comment": "zabbix-agent-sudo is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832003", + "Comment": "zabbix-agent2 is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832004", + "Comment": "zabbix-common is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832005", + "Comment": "zabbix-common-database-mysql is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832006", + "Comment": "zabbix-common-database-pgsql is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832007", + "Comment": "zabbix-common-database-sqlite3 is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832008", + "Comment": "zabbix-contrib is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832009", + "Comment": "zabbix-doc is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832010", + "Comment": "zabbix-java-gateway is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832011", + "Comment": "zabbix-phpfrontend-apache2 is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832012", + "Comment": "zabbix-phpfrontend-apache2-mod_php7 is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832013", + "Comment": "zabbix-phpfrontend-apache2-mod_php8.0 is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832014", + "Comment": "zabbix-phpfrontend-apache2-mod_php8.1 is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832015", + "Comment": "zabbix-phpfrontend-apache2-mod_php8.2 is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832016", + "Comment": "zabbix-phpfrontend-engine is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832017", + "Comment": "zabbix-phpfrontend-php7 is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832018", + "Comment": "zabbix-phpfrontend-php8.0 is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832019", + "Comment": "zabbix-phpfrontend-php8.1 is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832020", + "Comment": "zabbix-phpfrontend-php8.2 is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832021", + "Comment": "zabbix-proxy is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832022", + "Comment": "zabbix-proxy-common is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832023", + "Comment": "zabbix-proxy-pgsql is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832024", + "Comment": "zabbix-server-common is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832025", + "Comment": "zabbix-server-mysql is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832026", + "Comment": "zabbix-server-pgsql is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832027", + "Comment": "zabbix-source is earlier than 1:6.0.36-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202415832028", + "Comment": "zabbix-web-service is earlier than 1:6.0.36-alt0.p10.1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-15832/objects.json b/oval/p10/ALT-PU-2024-15832/objects.json new file mode 100644 index 0000000000..e69fdc80f3 --- /dev/null +++ b/oval/p10/ALT-PU-2024-15832/objects.json @@ -0,0 +1,196 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202415832001", + "Version": "1", + "Comment": "zabbix-agent is installed", + "Name": "zabbix-agent" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832002", + "Version": "1", + "Comment": "zabbix-agent-sudo is installed", + "Name": "zabbix-agent-sudo" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832003", + "Version": "1", + "Comment": "zabbix-agent2 is installed", + "Name": "zabbix-agent2" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832004", + "Version": "1", + "Comment": "zabbix-common is installed", + "Name": "zabbix-common" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832005", + "Version": "1", + "Comment": "zabbix-common-database-mysql is installed", + "Name": "zabbix-common-database-mysql" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832006", + "Version": "1", + "Comment": "zabbix-common-database-pgsql is installed", + "Name": "zabbix-common-database-pgsql" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832007", + "Version": "1", + "Comment": "zabbix-common-database-sqlite3 is installed", + "Name": "zabbix-common-database-sqlite3" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832008", + "Version": "1", + "Comment": "zabbix-contrib is installed", + "Name": "zabbix-contrib" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832009", + "Version": "1", + "Comment": "zabbix-doc is installed", + "Name": "zabbix-doc" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832010", + "Version": "1", + "Comment": "zabbix-java-gateway is installed", + "Name": "zabbix-java-gateway" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832011", + "Version": "1", + "Comment": "zabbix-phpfrontend-apache2 is installed", + "Name": "zabbix-phpfrontend-apache2" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832012", + "Version": "1", + "Comment": "zabbix-phpfrontend-apache2-mod_php7 is installed", + "Name": "zabbix-phpfrontend-apache2-mod_php7" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832013", + "Version": "1", + "Comment": "zabbix-phpfrontend-apache2-mod_php8.0 is installed", + "Name": "zabbix-phpfrontend-apache2-mod_php8.0" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832014", + "Version": "1", + "Comment": "zabbix-phpfrontend-apache2-mod_php8.1 is installed", + "Name": "zabbix-phpfrontend-apache2-mod_php8.1" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832015", + "Version": "1", + "Comment": "zabbix-phpfrontend-apache2-mod_php8.2 is installed", + "Name": "zabbix-phpfrontend-apache2-mod_php8.2" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832016", + "Version": "1", + "Comment": "zabbix-phpfrontend-engine is installed", + "Name": "zabbix-phpfrontend-engine" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832017", + "Version": "1", + "Comment": "zabbix-phpfrontend-php7 is installed", + "Name": "zabbix-phpfrontend-php7" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832018", + "Version": "1", + "Comment": "zabbix-phpfrontend-php8.0 is installed", + "Name": "zabbix-phpfrontend-php8.0" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832019", + "Version": "1", + "Comment": "zabbix-phpfrontend-php8.1 is installed", + "Name": "zabbix-phpfrontend-php8.1" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832020", + "Version": "1", + "Comment": "zabbix-phpfrontend-php8.2 is installed", + "Name": "zabbix-phpfrontend-php8.2" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832021", + "Version": "1", + "Comment": "zabbix-proxy is installed", + "Name": "zabbix-proxy" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832022", + "Version": "1", + "Comment": "zabbix-proxy-common is installed", + "Name": "zabbix-proxy-common" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832023", + "Version": "1", + "Comment": "zabbix-proxy-pgsql is installed", + "Name": "zabbix-proxy-pgsql" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832024", + "Version": "1", + "Comment": "zabbix-server-common is installed", + "Name": "zabbix-server-common" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832025", + "Version": "1", + "Comment": "zabbix-server-mysql is installed", + "Name": "zabbix-server-mysql" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832026", + "Version": "1", + "Comment": "zabbix-server-pgsql is installed", + "Name": "zabbix-server-pgsql" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832027", + "Version": "1", + "Comment": "zabbix-source is installed", + "Name": "zabbix-source" + }, + { + "ID": "oval:org.altlinux.errata:obj:202415832028", + "Version": "1", + "Comment": "zabbix-web-service is installed", + "Name": "zabbix-web-service" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-15832/states.json b/oval/p10/ALT-PU-2024-15832/states.json new file mode 100644 index 0000000000..344c4a8bf5 --- /dev/null +++ b/oval/p10/ALT-PU-2024-15832/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202415832001", + "Version": "1", + "Comment": "package EVR is earlier than 1:6.0.36-alt0.p10.1", + "Arch": {}, + "EVR": { + "Text": "1:6.0.36-alt0.p10.1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-15832/tests.json b/oval/p10/ALT-PU-2024-15832/tests.json new file mode 100644 index 0000000000..a7fc998847 --- /dev/null +++ b/oval/p10/ALT-PU-2024-15832/tests.json @@ -0,0 +1,354 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202415832001", + "Version": "1", + "Check": "all", + "Comment": "zabbix-agent is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832002", + "Version": "1", + "Check": "all", + "Comment": "zabbix-agent-sudo is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832003", + "Version": "1", + "Check": "all", + "Comment": "zabbix-agent2 is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832004", + "Version": "1", + "Check": "all", + "Comment": "zabbix-common is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832005", + "Version": "1", + "Check": "all", + "Comment": "zabbix-common-database-mysql is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832006", + "Version": "1", + "Check": "all", + "Comment": "zabbix-common-database-pgsql is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832007", + "Version": "1", + "Check": "all", + "Comment": "zabbix-common-database-sqlite3 is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832008", + "Version": "1", + "Check": "all", + "Comment": "zabbix-contrib is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832009", + "Version": "1", + "Check": "all", + "Comment": "zabbix-doc is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832009" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832010", + "Version": "1", + "Check": "all", + "Comment": "zabbix-java-gateway is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832010" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832011", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-apache2 is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832011" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832012", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-apache2-mod_php7 is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832012" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832013", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-apache2-mod_php8.0 is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832013" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832014", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-apache2-mod_php8.1 is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832014" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832015", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-apache2-mod_php8.2 is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832015" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832016", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-engine is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832016" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832017", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-php7 is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832017" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832018", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-php8.0 is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832018" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832019", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-php8.1 is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832019" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832020", + "Version": "1", + "Check": "all", + "Comment": "zabbix-phpfrontend-php8.2 is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832020" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832021", + "Version": "1", + "Check": "all", + "Comment": "zabbix-proxy is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832021" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832022", + "Version": "1", + "Check": "all", + "Comment": "zabbix-proxy-common is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832022" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832023", + "Version": "1", + "Check": "all", + "Comment": "zabbix-proxy-pgsql is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832023" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832024", + "Version": "1", + "Check": "all", + "Comment": "zabbix-server-common is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832024" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832025", + "Version": "1", + "Check": "all", + "Comment": "zabbix-server-mysql is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832025" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832026", + "Version": "1", + "Check": "all", + "Comment": "zabbix-server-pgsql is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832026" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832027", + "Version": "1", + "Check": "all", + "Comment": "zabbix-source is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832027" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202415832028", + "Version": "1", + "Check": "all", + "Comment": "zabbix-web-service is earlier than 1:6.0.36-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202415832028" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202415832001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p9/ALT-PU-2021-2330/definitions.json b/oval/p9/ALT-PU-2021-2330/definitions.json index aca2fbc446..e5f580fa31 100644 --- a/oval/p9/ALT-PU-2021-2330/definitions.json +++ b/oval/p9/ALT-PU-2021-2330/definitions.json @@ -335,7 +335,7 @@ "CWE": "CWE-476", "Href": "https://bdu.fstec.ru/vul/2021-04859", "Impact": "Low", - "Public": "20210530" + "Public": "20210531" }, { "ID": "BDU:2022-00513", diff --git a/oval/p9/ALT-PU-2021-3481/definitions.json b/oval/p9/ALT-PU-2021-3481/definitions.json index 8717f324bb..609483ae56 100644 --- a/oval/p9/ALT-PU-2021-3481/definitions.json +++ b/oval/p9/ALT-PU-2021-3481/definitions.json @@ -571,7 +571,7 @@ "CWE": "CWE-476", "Href": "https://bdu.fstec.ru/vul/2021-04859", "Impact": "Low", - "Public": "20210530" + "Public": "20210531" }, { "ID": "BDU:2021-04867",