pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-11-16 03:04:45 +00:00
parent 84d8370cab
commit a294c4088d
50 changed files with 4890 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
oval/c10f1/ALT-PU-2024-15500/definitions.json Normal file
View File

@ -0,0 +1,131 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415500",
"Version": "oval:org.altlinux.errata:def:202415500",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15500: package `xorg-server` update to version 1.20.14-alt14",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15500",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15500",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-09084",
"RefURL": "https://bdu.fstec.ru/vul/2024-09084",
"Source": "BDU"
},
{
"RefID": "CVE-2024-9632",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-9632",
"Source": "CVE"
}
],
"Description": "This update upgrades xorg-server to version 1.20.14-alt14. \nSecurity Fix(es):\n\n * BDU:2024-09084: Уязвимость функции _XkbSetCompatMap реализации сервера X Window System X.Org Server, позволяющая нарушителю повысить свои привилегии\n\n * CVE-2024-9632: A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.\n\n * #50355: Падение Xorg после обновления до 1.20.14-alt12",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-15"
},
"Updated": {
"Date": "2024-11-15"
},
"BDUs": [
{
"ID": "BDU:2024-09084",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122",
"Href": "https://bdu.fstec.ru/vul/2024-09084",
"Impact": "High",
"Public": "20241008"
}
],
"CVEs": [
{
"ID": "CVE-2024-9632",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-9632",
"Impact": "High",
"Public": "20241030"
}
],
"Bugzilla": [
{
"ID": "50355",
"Href": "https://bugzilla.altlinux.org/50355",
"Data": "Падение Xorg после обновления до 1.20.14-alt12"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415500001",
"Comment": "xorg-sdk is earlier than 2:1.20.14-alt14"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415500002",
"Comment": "xorg-server is earlier than 2:1.20.14-alt14"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415500003",
"Comment": "xorg-server-common is earlier than 2:1.20.14-alt14"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415500004",
"Comment": "xorg-xdmx is earlier than 2:1.20.14-alt14"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415500005",
"Comment": "xorg-xephyr is earlier than 2:1.20.14-alt14"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415500006",
"Comment": "xorg-xnest is earlier than 2:1.20.14-alt14"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415500007",
"Comment": "xorg-xvfb is earlier than 2:1.20.14-alt14"
}
]
}
]
}
}
]
}

70
oval/c10f1/ALT-PU-2024-15500/objects.json Normal file
View File

@ -0,0 +1,70 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415500001",
"Version": "1",
"Comment": "xorg-sdk is installed",
"Name": "xorg-sdk"
},
{
"ID": "oval:org.altlinux.errata:obj:202415500002",
"Version": "1",
"Comment": "xorg-server is installed",
"Name": "xorg-server"
},
{
"ID": "oval:org.altlinux.errata:obj:202415500003",
"Version": "1",
"Comment": "xorg-server-common is installed",
"Name": "xorg-server-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202415500004",
"Version": "1",
"Comment": "xorg-xdmx is installed",
"Name": "xorg-xdmx"
},
{
"ID": "oval:org.altlinux.errata:obj:202415500005",
"Version": "1",
"Comment": "xorg-xephyr is installed",
"Name": "xorg-xephyr"
},
{
"ID": "oval:org.altlinux.errata:obj:202415500006",
"Version": "1",
"Comment": "xorg-xnest is installed",
"Name": "xorg-xnest"
},
{
"ID": "oval:org.altlinux.errata:obj:202415500007",
"Version": "1",
"Comment": "xorg-xvfb is installed",
"Name": "xorg-xvfb"
}
]
}

23
oval/c10f1/ALT-PU-2024-15500/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415500001",
"Version": "1",
"Comment": "package EVR is earlier than 2:1.20.14-alt14",
"Arch": {},
"EVR": {
"Text": "2:1.20.14-alt14",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

102
oval/c10f1/ALT-PU-2024-15500/tests.json Normal file
View File

@ -0,0 +1,102 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415500001",
"Version": "1",
"Check": "all",
"Comment": "xorg-sdk is earlier than 2:1.20.14-alt14",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415500001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415500001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415500002",
"Version": "1",
"Check": "all",
"Comment": "xorg-server is earlier than 2:1.20.14-alt14",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415500002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415500001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415500003",
"Version": "1",
"Check": "all",
"Comment": "xorg-server-common is earlier than 2:1.20.14-alt14",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415500003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415500001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415500004",
"Version": "1",
"Check": "all",
"Comment": "xorg-xdmx is earlier than 2:1.20.14-alt14",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415500004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415500001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415500005",
"Version": "1",
"Check": "all",
"Comment": "xorg-xephyr is earlier than 2:1.20.14-alt14",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415500005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415500001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415500006",
"Version": "1",
"Check": "all",
"Comment": "xorg-xnest is earlier than 2:1.20.14-alt14",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415500006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415500001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415500007",
"Version": "1",
"Check": "all",
"Comment": "xorg-xvfb is earlier than 2:1.20.14-alt14",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415500007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415500001"
}
}
]
}

104
oval/c10f1/ALT-PU-2024-15502/definitions.json Normal file
View File

@ -0,0 +1,104 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415502",
"Version": "oval:org.altlinux.errata:def:202415502",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15502: package `xorg-xwayland` update to version 23.1.1-alt6",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15502",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15502",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-09084",
"RefURL": "https://bdu.fstec.ru/vul/2024-09084",
"Source": "BDU"
},
{
"RefID": "CVE-2024-9632",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-9632",
"Source": "CVE"
}
],
"Description": "This update upgrades xorg-xwayland to version 23.1.1-alt6. \nSecurity Fix(es):\n\n * BDU:2024-09084: Уязвимость функции _XkbSetCompatMap реализации сервера X Window System X.Org Server, позволяющая нарушителю повысить свои привилегии\n\n * CVE-2024-9632: A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-15"
},
"Updated": {
"Date": "2024-11-15"
},
"BDUs": [
{
"ID": "BDU:2024-09084",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122",
"Href": "https://bdu.fstec.ru/vul/2024-09084",
"Impact": "High",
"Public": "20241008"
}
],
"CVEs": [
{
"ID": "CVE-2024-9632",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-9632",
"Impact": "High",
"Public": "20241030"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415502001",
"Comment": "xorg-xwayland is earlier than 2:23.1.1-alt6"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415502002",
"Comment": "xorg-xwayland-devel is earlier than 2:23.1.1-alt6"
}
]
}
]
}
}
]
}

40
oval/c10f1/ALT-PU-2024-15502/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415502001",
"Version": "1",
"Comment": "xorg-xwayland is installed",
"Name": "xorg-xwayland"
},
{
"ID": "oval:org.altlinux.errata:obj:202415502002",
"Version": "1",
"Comment": "xorg-xwayland-devel is installed",
"Name": "xorg-xwayland-devel"
}
]
}

23
oval/c10f1/ALT-PU-2024-15502/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415502001",
"Version": "1",
"Comment": "package EVR is earlier than 2:23.1.1-alt6",
"Arch": {},
"EVR": {
"Text": "2:23.1.1-alt6",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/c10f1/ALT-PU-2024-15502/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415502001",
"Version": "1",
"Check": "all",
"Comment": "xorg-xwayland is earlier than 2:23.1.1-alt6",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415502001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415502001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415502002",
"Version": "1",
"Check": "all",
"Comment": "xorg-xwayland-devel is earlier than 2:23.1.1-alt6",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415502002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415502001"
}
}
]
}

140
oval/c10f1/ALT-PU-2024-15571/definitions.json Normal file
View File

@ -0,0 +1,140 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415571",
"Version": "oval:org.altlinux.errata:def:202415571",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15571: package `nbd` update to version 3.25-alt3",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15571",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15571",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-01639",
"RefURL": "https://bdu.fstec.ru/vul/2022-01639",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01643",
"RefURL": "https://bdu.fstec.ru/vul/2022-01643",
"Source": "BDU"
},
{
"RefID": "CVE-2022-26495",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-26495",
"Source": "CVE"
},
{
"RefID": "CVE-2022-26496",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-26496",
"Source": "CVE"
}
],
"Description": "This update upgrades nbd to version 3.25-alt3. \nSecurity Fix(es):\n\n * BDU:2022-01639: Уязвимость реализации сетевых блочных устройств nbd, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01643: Уязвимость реализации сетевых блочных устройств nbd, связанная с переполнением буфера в стека, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2022-26495: In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.\n\n * CVE-2022-26496: In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.\n\n * #49344: Не стартует nbd-server с помощью systemd",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-15"
},
"Updated": {
"Date": "2024-11-15"
},
"BDUs": [
{
"ID": "BDU:2022-01639",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-01639",
"Impact": "Critical",
"Public": "20220322"
},
{
"ID": "BDU:2022-01643",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-121",
"Href": "https://bdu.fstec.ru/vul/2022-01643",
"Impact": "Critical",
"Public": "20220322"
}
],
"CVEs": [
{
"ID": "CVE-2022-26495",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-26495",
"Impact": "Critical",
"Public": "20220306"
},
{
"ID": "CVE-2022-26496",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-26496",
"Impact": "Critical",
"Public": "20220306"
}
],
"Bugzilla": [
{
"ID": "49344",
"Href": "https://bugzilla.altlinux.org/49344",
"Data": "Не стартует nbd-server с помощью systemd"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415571001",
"Comment": "nbd-client is earlier than 0:3.25-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415571002",
"Comment": "nbd-server is earlier than 0:3.25-alt3"
}
]
}
]
}
}
]
}

40
oval/c10f1/ALT-PU-2024-15571/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415571001",
"Version": "1",
"Comment": "nbd-client is installed",
"Name": "nbd-client"
},
{
"ID": "oval:org.altlinux.errata:obj:202415571002",
"Version": "1",
"Comment": "nbd-server is installed",
"Name": "nbd-server"
}
]
}

23
oval/c10f1/ALT-PU-2024-15571/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415571001",
"Version": "1",
"Comment": "package EVR is earlier than 0:3.25-alt3",
"Arch": {},
"EVR": {
"Text": "0:3.25-alt3",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/c10f1/ALT-PU-2024-15571/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415571001",
"Version": "1",
"Check": "all",
"Comment": "nbd-client is earlier than 0:3.25-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415571001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415571001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415571002",
"Version": "1",
"Check": "all",
"Comment": "nbd-server is earlier than 0:3.25-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415571002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415571001"
}
}
]
}

145
oval/c10f1/ALT-PU-2024-15577/definitions.json Normal file
View File

@ -0,0 +1,145 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415577",
"Version": "oval:org.altlinux.errata:def:202415577",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15577: package `poco` update to version 1.12.5p2-alt0.p10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15577",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15577",
"Source": "ALTPU"
},
{
"RefID": "CVE-2023-52389",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-52389",
"Source": "CVE"
}
],
"Description": "This update upgrades poco to version 1.12.5p2-alt0.p10.1. \nSecurity Fix(es):\n\n * CVE-2023-52389: UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-15"
},
"Updated": {
"Date": "2024-11-15"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2023-52389",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-52389",
"Impact": "Critical",
"Public": "20240127"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415577001",
"Comment": "libpoco is earlier than 0:1.12.5p2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415577002",
"Comment": "libpoco-crypto is earlier than 0:1.12.5p2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415577003",
"Comment": "libpoco-data is earlier than 0:1.12.5p2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415577004",
"Comment": "libpoco-devel is earlier than 0:1.12.5p2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415577005",
"Comment": "libpoco-jwt is earlier than 0:1.12.5p2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415577006",
"Comment": "libpoco-mongodb is earlier than 0:1.12.5p2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415577007",
"Comment": "libpoco-mysql is earlier than 0:1.12.5p2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415577008",
"Comment": "libpoco-net is earlier than 0:1.12.5p2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415577009",
"Comment": "libpoco-odbc is earlier than 0:1.12.5p2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415577010",
"Comment": "libpoco-postgresql is earlier than 0:1.12.5p2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415577011",
"Comment": "libpoco-prometheus is earlier than 0:1.12.5p2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415577012",
"Comment": "libpoco-redis is earlier than 0:1.12.5p2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415577013",
"Comment": "libpoco-sqlite is earlier than 0:1.12.5p2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415577014",
"Comment": "libpoco-ssl is earlier than 0:1.12.5p2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415577015",
"Comment": "libpoco-util is earlier than 0:1.12.5p2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415577016",
"Comment": "libpoco-zip is earlier than 0:1.12.5p2-alt0.p10.1"
}
]
}
]
}
}
]
}

124
oval/c10f1/ALT-PU-2024-15577/objects.json Normal file
View File

@ -0,0 +1,124 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415577001",
"Version": "1",
"Comment": "libpoco is installed",
"Name": "libpoco"
},
{
"ID": "oval:org.altlinux.errata:obj:202415577002",
"Version": "1",
"Comment": "libpoco-crypto is installed",
"Name": "libpoco-crypto"
},
{
"ID": "oval:org.altlinux.errata:obj:202415577003",
"Version": "1",
"Comment": "libpoco-data is installed",
"Name": "libpoco-data"
},
{
"ID": "oval:org.altlinux.errata:obj:202415577004",
"Version": "1",
"Comment": "libpoco-devel is installed",
"Name": "libpoco-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202415577005",
"Version": "1",
"Comment": "libpoco-jwt is installed",
"Name": "libpoco-jwt"
},
{
"ID": "oval:org.altlinux.errata:obj:202415577006",
"Version": "1",
"Comment": "libpoco-mongodb is installed",
"Name": "libpoco-mongodb"
},
{
"ID": "oval:org.altlinux.errata:obj:202415577007",
"Version": "1",
"Comment": "libpoco-mysql is installed",
"Name": "libpoco-mysql"
},
{
"ID": "oval:org.altlinux.errata:obj:202415577008",
"Version": "1",
"Comment": "libpoco-net is installed",
"Name": "libpoco-net"
},
{
"ID": "oval:org.altlinux.errata:obj:202415577009",
"Version": "1",
"Comment": "libpoco-odbc is installed",
"Name": "libpoco-odbc"
},
{
"ID": "oval:org.altlinux.errata:obj:202415577010",
"Version": "1",
"Comment": "libpoco-postgresql is installed",
"Name": "libpoco-postgresql"
},
{
"ID": "oval:org.altlinux.errata:obj:202415577011",
"Version": "1",
"Comment": "libpoco-prometheus is installed",
"Name": "libpoco-prometheus"
},
{
"ID": "oval:org.altlinux.errata:obj:202415577012",
"Version": "1",
"Comment": "libpoco-redis is installed",
"Name": "libpoco-redis"
},
{
"ID": "oval:org.altlinux.errata:obj:202415577013",
"Version": "1",
"Comment": "libpoco-sqlite is installed",
"Name": "libpoco-sqlite"
},
{
"ID": "oval:org.altlinux.errata:obj:202415577014",
"Version": "1",
"Comment": "libpoco-ssl is installed",
"Name": "libpoco-ssl"
},
{
"ID": "oval:org.altlinux.errata:obj:202415577015",
"Version": "1",
"Comment": "libpoco-util is installed",
"Name": "libpoco-util"
},
{
"ID": "oval:org.altlinux.errata:obj:202415577016",
"Version": "1",
"Comment": "libpoco-zip is installed",
"Name": "libpoco-zip"
}
]
}

23
oval/c10f1/ALT-PU-2024-15577/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415577001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.12.5p2-alt0.p10.1",
"Arch": {},
"EVR": {
"Text": "0:1.12.5p2-alt0.p10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

210
oval/c10f1/ALT-PU-2024-15577/tests.json Normal file
View File

@ -0,0 +1,210 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415577001",
"Version": "1",
"Check": "all",
"Comment": "libpoco is earlier than 0:1.12.5p2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415577001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415577001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415577002",
"Version": "1",
"Check": "all",
"Comment": "libpoco-crypto is earlier than 0:1.12.5p2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415577002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415577001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415577003",
"Version": "1",
"Check": "all",
"Comment": "libpoco-data is earlier than 0:1.12.5p2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415577003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415577001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415577004",
"Version": "1",
"Check": "all",
"Comment": "libpoco-devel is earlier than 0:1.12.5p2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415577004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415577001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415577005",
"Version": "1",
"Check": "all",
"Comment": "libpoco-jwt is earlier than 0:1.12.5p2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415577005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415577001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415577006",
"Version": "1",
"Check": "all",
"Comment": "libpoco-mongodb is earlier than 0:1.12.5p2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415577006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415577001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415577007",
"Version": "1",
"Check": "all",
"Comment": "libpoco-mysql is earlier than 0:1.12.5p2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415577007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415577001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415577008",
"Version": "1",
"Check": "all",
"Comment": "libpoco-net is earlier than 0:1.12.5p2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415577008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415577001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415577009",
"Version": "1",
"Check": "all",
"Comment": "libpoco-odbc is earlier than 0:1.12.5p2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415577009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415577001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415577010",
"Version": "1",
"Check": "all",
"Comment": "libpoco-postgresql is earlier than 0:1.12.5p2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415577010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415577001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415577011",
"Version": "1",
"Check": "all",
"Comment": "libpoco-prometheus is earlier than 0:1.12.5p2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415577011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415577001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415577012",
"Version": "1",
"Check": "all",
"Comment": "libpoco-redis is earlier than 0:1.12.5p2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415577012"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415577001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415577013",
"Version": "1",
"Check": "all",
"Comment": "libpoco-sqlite is earlier than 0:1.12.5p2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415577013"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415577001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415577014",
"Version": "1",
"Check": "all",
"Comment": "libpoco-ssl is earlier than 0:1.12.5p2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415577014"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415577001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415577015",
"Version": "1",
"Check": "all",
"Comment": "libpoco-util is earlier than 0:1.12.5p2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415577015"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415577001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415577016",
"Version": "1",
"Check": "all",
"Comment": "libpoco-zip is earlier than 0:1.12.5p2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415577016"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415577001"
}
}
]
}

85
oval/c10f1/ALT-PU-2024-15579/definitions.json Normal file
View File

@ -0,0 +1,85 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415579",
"Version": "oval:org.altlinux.errata:def:202415579",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15579: package `libreoffice-online` update to version 6.2.3.2-alt8",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15579",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15579",
"Source": "ALTPU"
}
],
"Description": "This update upgrades libreoffice-online to version 6.2.3.2-alt8. \nSecurity Fix(es):\n\n * #36344: Ошибка в конфигурации /etc/httpd2/conf/sites-enabled/libreoffice-online.conf",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-15"
},
"Updated": {
"Date": "2024-11-15"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "36344",
"Href": "https://bugzilla.altlinux.org/36344",
"Data": "Ошибка в конфигурации /etc/httpd2/conf/sites-enabled/libreoffice-online.conf"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415579001",
"Comment": "libreoffice-online is earlier than 0:6.2.3.2-alt8"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415579002",
"Comment": "libreoffice-online-apache2 is earlier than 0:6.2.3.2-alt8"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415579003",
"Comment": "libreoffice-online-nginx is earlier than 0:6.2.3.2-alt8"
}
]
}
]
}
}
]
}

46
oval/c10f1/ALT-PU-2024-15579/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415579001",
"Version": "1",
"Comment": "libreoffice-online is installed",
"Name": "libreoffice-online"
},
{
"ID": "oval:org.altlinux.errata:obj:202415579002",
"Version": "1",
"Comment": "libreoffice-online-apache2 is installed",
"Name": "libreoffice-online-apache2"
},
{
"ID": "oval:org.altlinux.errata:obj:202415579003",
"Version": "1",
"Comment": "libreoffice-online-nginx is installed",
"Name": "libreoffice-online-nginx"
}
]
}

23
oval/c10f1/ALT-PU-2024-15579/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415579001",
"Version": "1",
"Comment": "package EVR is earlier than 0:6.2.3.2-alt8",
"Arch": {},
"EVR": {
"Text": "0:6.2.3.2-alt8",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/c10f1/ALT-PU-2024-15579/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415579001",
"Version": "1",
"Check": "all",
"Comment": "libreoffice-online is earlier than 0:6.2.3.2-alt8",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415579001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415579001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415579002",
"Version": "1",
"Check": "all",
"Comment": "libreoffice-online-apache2 is earlier than 0:6.2.3.2-alt8",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415579002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415579001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415579003",
"Version": "1",
"Check": "all",
"Comment": "libreoffice-online-nginx is earlier than 0:6.2.3.2-alt8",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415579003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415579001"
}
}
]
}

172
oval/c10f1/ALT-PU-2024-15601/definitions.json Normal file
View File

@ -0,0 +1,172 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415601",
"Version": "oval:org.altlinux.errata:def:202415601",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15601: package `golang` update to version 1.23.2-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15601",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15601",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-07020",
"RefURL": "https://bdu.fstec.ru/vul/2024-07020",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07025",
"RefURL": "https://bdu.fstec.ru/vul/2024-07025",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07026",
"RefURL": "https://bdu.fstec.ru/vul/2024-07026",
"Source": "BDU"
},
{
"RefID": "CVE-2024-34155",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155",
"Source": "CVE"
},
{
"RefID": "CVE-2024-34156",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"Source": "CVE"
},
{
"RefID": "CVE-2024-34158",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-34158",
"Source": "CVE"
}
],
"Description": "This update upgrades golang to version 1.23.2-alt1. \nSecurity Fix(es):\n\n * BDU:2024-07020: Уязвимость функции Parse языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-07025: Уязвимость функции Decoder.Decode языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-07026: Уязвимость функции Parse языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2024-34155: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.\n\n * CVE-2024-34156: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.\n\n * CVE-2024-34158: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-15"
},
"Updated": {
"Date": "2024-11-15"
},
"BDUs": [
{
"ID": "BDU:2024-07020",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404, CWE-674",
"Href": "https://bdu.fstec.ru/vul/2024-07020",
"Impact": "High",
"Public": "20240829"
},
{
"ID": "BDU:2024-07025",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://bdu.fstec.ru/vul/2024-07025",
"Impact": "High",
"Public": "20240905"
},
{
"ID": "BDU:2024-07026",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://bdu.fstec.ru/vul/2024-07026",
"Impact": "High",
"Public": "20240829"
}
],
"CVEs": [
{
"ID": "CVE-2024-34155",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155",
"Impact": "None",
"Public": "20240906"
},
{
"ID": "CVE-2024-34156",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"Impact": "None",
"Public": "20240906"
},
{
"ID": "CVE-2024-34158",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-34158",
"Impact": "None",
"Public": "20240906"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415601001",
"Comment": "golang is earlier than 0:1.23.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415601002",
"Comment": "golang-docs is earlier than 0:1.23.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415601003",
"Comment": "golang-gdb is earlier than 0:1.23.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415601004",
"Comment": "golang-misc is earlier than 0:1.23.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415601005",
"Comment": "golang-shared is earlier than 0:1.23.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415601006",
"Comment": "golang-src is earlier than 0:1.23.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415601007",
"Comment": "golang-tests is earlier than 0:1.23.2-alt1"
}
]
}
]
}
}
]
}

70
oval/c10f1/ALT-PU-2024-15601/objects.json Normal file
View File

@ -0,0 +1,70 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415601001",
"Version": "1",
"Comment": "golang is installed",
"Name": "golang"
},
{
"ID": "oval:org.altlinux.errata:obj:202415601002",
"Version": "1",
"Comment": "golang-docs is installed",
"Name": "golang-docs"
},
{
"ID": "oval:org.altlinux.errata:obj:202415601003",
"Version": "1",
"Comment": "golang-gdb is installed",
"Name": "golang-gdb"
},
{
"ID": "oval:org.altlinux.errata:obj:202415601004",
"Version": "1",
"Comment": "golang-misc is installed",
"Name": "golang-misc"
},
{
"ID": "oval:org.altlinux.errata:obj:202415601005",
"Version": "1",
"Comment": "golang-shared is installed",
"Name": "golang-shared"
},
{
"ID": "oval:org.altlinux.errata:obj:202415601006",
"Version": "1",
"Comment": "golang-src is installed",
"Name": "golang-src"
},
{
"ID": "oval:org.altlinux.errata:obj:202415601007",
"Version": "1",
"Comment": "golang-tests is installed",
"Name": "golang-tests"
}
]
}

23
oval/c10f1/ALT-PU-2024-15601/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415601001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.23.2-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.23.2-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

102
oval/c10f1/ALT-PU-2024-15601/tests.json Normal file
View File

@ -0,0 +1,102 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415601001",
"Version": "1",
"Check": "all",
"Comment": "golang is earlier than 0:1.23.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415601001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415601001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415601002",
"Version": "1",
"Check": "all",
"Comment": "golang-docs is earlier than 0:1.23.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415601002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415601001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415601003",
"Version": "1",
"Check": "all",
"Comment": "golang-gdb is earlier than 0:1.23.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415601003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415601001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415601004",
"Version": "1",
"Check": "all",
"Comment": "golang-misc is earlier than 0:1.23.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415601004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415601001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415601005",
"Version": "1",
"Check": "all",
"Comment": "golang-shared is earlier than 0:1.23.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415601005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415601001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415601006",
"Version": "1",
"Check": "all",
"Comment": "golang-src is earlier than 0:1.23.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415601006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415601001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415601007",
"Version": "1",
"Check": "all",
"Comment": "golang-tests is earlier than 0:1.23.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415601007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415601001"
}
}
]
}

8
oval/c10f1/ALT-PU-2024-9806/definitions.json
View File

@ -55,7 +55,7 @@
"Source": "CVE"
}
],
"Description": "This update upgrades qemu to version 8.2.4-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2024-03304: Уязвимость эмулятора аппаратного обеспечения QEMU, связанная с ошибкой повторного освобождения памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-03819: Уязвимость функции sdhci_write_dataport эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-04887: Уязвимость функции update_sctp_checksum() эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2024-3446: A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.\n\n * CVE-2024-3447: description unavailable\n\n * CVE-2024-3567: A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.",
"Description": "This update upgrades qemu to version 8.2.4-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2024-03304: Уязвимость эмулятора аппаратного обеспечения QEMU, связанная с ошибкой повторного освобождения памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-03819: Уязвимость функции sdhci_write_dataport эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-04887: Уязвимость функции update_sctp_checksum() эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2024-3446: A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.\n\n * CVE-2024-3447: A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s-\u003edata_count` and the size of `s-\u003efifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.\n\n * CVE-2024-3567: A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
@ -103,6 +103,12 @@
"Impact": "None",
"Public": "20240409"
},
{
"ID": "CVE-2024-3447",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3447",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-3567",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",

958
oval/c9f2/ALT-PU-2024-14683/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

238
oval/c9f2/ALT-PU-2024-14683/objects.json Normal file
View File

@ -0,0 +1,238 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414683001",
"Version": "1",
"Comment": "admx-samba is installed",
"Name": "admx-samba"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683002",
"Version": "1",
"Comment": "libldb-modules-dc is installed",
"Name": "libldb-modules-dc"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683003",
"Version": "1",
"Comment": "libsmbclient is installed",
"Name": "libsmbclient"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683004",
"Version": "1",
"Comment": "libsmbclient-devel is installed",
"Name": "libsmbclient-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683005",
"Version": "1",
"Comment": "libwbclient is installed",
"Name": "libwbclient"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683006",
"Version": "1",
"Comment": "libwbclient-devel is installed",
"Name": "libwbclient-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683007",
"Version": "1",
"Comment": "python3-module-samba is installed",
"Name": "python3-module-samba"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683008",
"Version": "1",
"Comment": "python3-module-samba-devel is installed",
"Name": "python3-module-samba-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683009",
"Version": "1",
"Comment": "samba is installed",
"Name": "samba"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683010",
"Version": "1",
"Comment": "samba-client is installed",
"Name": "samba-client"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683011",
"Version": "1",
"Comment": "samba-common is installed",
"Name": "samba-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683012",
"Version": "1",
"Comment": "samba-common-client is installed",
"Name": "samba-common-client"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683013",
"Version": "1",
"Comment": "samba-common-libs is installed",
"Name": "samba-common-libs"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683014",
"Version": "1",
"Comment": "samba-common-tools is installed",
"Name": "samba-common-tools"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683015",
"Version": "1",
"Comment": "samba-ctdb is installed",
"Name": "samba-ctdb"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683016",
"Version": "1",
"Comment": "samba-dc is installed",
"Name": "samba-dc"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683017",
"Version": "1",
"Comment": "samba-dc-client is installed",
"Name": "samba-dc-client"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683018",
"Version": "1",
"Comment": "samba-dc-common is installed",
"Name": "samba-dc-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683019",
"Version": "1",
"Comment": "samba-devel is installed",
"Name": "samba-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683020",
"Version": "1",
"Comment": "samba-doc is installed",
"Name": "samba-doc"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683021",
"Version": "1",
"Comment": "samba-krb5-printing is installed",
"Name": "samba-krb5-printing"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683022",
"Version": "1",
"Comment": "samba-libs is installed",
"Name": "samba-libs"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683023",
"Version": "1",
"Comment": "samba-pidl is installed",
"Name": "samba-pidl"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683024",
"Version": "1",
"Comment": "samba-test is installed",
"Name": "samba-test"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683025",
"Version": "1",
"Comment": "samba-usershares is installed",
"Name": "samba-usershares"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683026",
"Version": "1",
"Comment": "samba-util-private-headers is installed",
"Name": "samba-util-private-headers"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683027",
"Version": "1",
"Comment": "samba-vfs-cephfs is installed",
"Name": "samba-vfs-cephfs"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683028",
"Version": "1",
"Comment": "samba-vfs-glusterfs is installed",
"Name": "samba-vfs-glusterfs"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683029",
"Version": "1",
"Comment": "samba-vfs-snapper is installed",
"Name": "samba-vfs-snapper"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683030",
"Version": "1",
"Comment": "samba-winbind is installed",
"Name": "samba-winbind"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683031",
"Version": "1",
"Comment": "samba-winbind-clients is installed",
"Name": "samba-winbind-clients"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683032",
"Version": "1",
"Comment": "samba-winbind-common is installed",
"Name": "samba-winbind-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683033",
"Version": "1",
"Comment": "samba-winbind-krb5-localauth is installed",
"Name": "samba-winbind-krb5-localauth"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683034",
"Version": "1",
"Comment": "samba-winbind-krb5-locator is installed",
"Name": "samba-winbind-krb5-locator"
},
{
"ID": "oval:org.altlinux.errata:obj:202414683035",
"Version": "1",
"Comment": "task-samba-dc is installed",
"Name": "task-samba-dc"
}
]
}

23
oval/c9f2/ALT-PU-2024-14683/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414683001",
"Version": "1",
"Comment": "package EVR is earlier than 0:4.16.11-alt0.c9.2",
"Arch": {},
"EVR": {
"Text": "0:4.16.11-alt0.c9.2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

438
oval/c9f2/ALT-PU-2024-14683/tests.json Normal file
View File

@ -0,0 +1,438 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414683001",
"Version": "1",
"Check": "all",
"Comment": "admx-samba is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683002",
"Version": "1",
"Check": "all",
"Comment": "libldb-modules-dc is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683003",
"Version": "1",
"Check": "all",
"Comment": "libsmbclient is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683004",
"Version": "1",
"Check": "all",
"Comment": "libsmbclient-devel is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683005",
"Version": "1",
"Check": "all",
"Comment": "libwbclient is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683006",
"Version": "1",
"Check": "all",
"Comment": "libwbclient-devel is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683007",
"Version": "1",
"Check": "all",
"Comment": "python3-module-samba is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683008",
"Version": "1",
"Check": "all",
"Comment": "python3-module-samba-devel is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683009",
"Version": "1",
"Check": "all",
"Comment": "samba is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683010",
"Version": "1",
"Check": "all",
"Comment": "samba-client is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683011",
"Version": "1",
"Check": "all",
"Comment": "samba-common is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683012",
"Version": "1",
"Check": "all",
"Comment": "samba-common-client is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683012"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683013",
"Version": "1",
"Check": "all",
"Comment": "samba-common-libs is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683013"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683014",
"Version": "1",
"Check": "all",
"Comment": "samba-common-tools is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683014"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683015",
"Version": "1",
"Check": "all",
"Comment": "samba-ctdb is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683015"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683016",
"Version": "1",
"Check": "all",
"Comment": "samba-dc is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683016"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683017",
"Version": "1",
"Check": "all",
"Comment": "samba-dc-client is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683017"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683018",
"Version": "1",
"Check": "all",
"Comment": "samba-dc-common is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683018"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683019",
"Version": "1",
"Check": "all",
"Comment": "samba-devel is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683019"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683020",
"Version": "1",
"Check": "all",
"Comment": "samba-doc is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683020"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683021",
"Version": "1",
"Check": "all",
"Comment": "samba-krb5-printing is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683021"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683022",
"Version": "1",
"Check": "all",
"Comment": "samba-libs is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683022"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683023",
"Version": "1",
"Check": "all",
"Comment": "samba-pidl is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683023"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683024",
"Version": "1",
"Check": "all",
"Comment": "samba-test is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683024"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683025",
"Version": "1",
"Check": "all",
"Comment": "samba-usershares is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683025"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683026",
"Version": "1",
"Check": "all",
"Comment": "samba-util-private-headers is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683026"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683027",
"Version": "1",
"Check": "all",
"Comment": "samba-vfs-cephfs is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683027"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683028",
"Version": "1",
"Check": "all",
"Comment": "samba-vfs-glusterfs is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683028"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683029",
"Version": "1",
"Check": "all",
"Comment": "samba-vfs-snapper is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683029"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683030",
"Version": "1",
"Check": "all",
"Comment": "samba-winbind is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683030"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683031",
"Version": "1",
"Check": "all",
"Comment": "samba-winbind-clients is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683031"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683032",
"Version": "1",
"Check": "all",
"Comment": "samba-winbind-common is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683032"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683033",
"Version": "1",
"Check": "all",
"Comment": "samba-winbind-krb5-localauth is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683033"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683034",
"Version": "1",
"Check": "all",
"Comment": "samba-winbind-krb5-locator is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683034"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414683035",
"Version": "1",
"Check": "all",
"Comment": "task-samba-dc is earlier than 0:4.16.11-alt0.c9.2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414683035"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414683001"
}
}
]
}

180
oval/c9f2/ALT-PU-2024-14741/definitions.json Normal file
View File

@ -0,0 +1,180 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414741",
"Version": "oval:org.altlinux.errata:def:202414741",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14741: package `freeipa` update to version 4.8.9-alt4.c9f2.8",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14741",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14741",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-05702",
"RefURL": "https://bdu.fstec.ru/vul/2022-05702",
"Source": "BDU"
},
{
"RefID": "BDU:2024-02540",
"RefURL": "https://bdu.fstec.ru/vul/2024-02540",
"Source": "BDU"
},
{
"RefID": "CVE-2020-25721",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25721",
"Source": "CVE"
},
{
"RefID": "CVE-2023-5455",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-5455",
"Source": "CVE"
}
],
"Description": "This update upgrades freeipa to version 4.8.9-alt4.c9f2.8. \nSecurity Fix(es):\n\n * BDU:2022-05702: Уязвимость пакета программ сетевого взаимодействия Samba, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2024-02540: Уязвимость компонента login_password сервера FreeIpa, позволяющая нарушителю осуществить CSRF-атаку\n\n * CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.\n\n * CVE-2023-5455: A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-15"
},
"Updated": {
"Date": "2024-11-15"
},
"BDUs": [
{
"ID": "BDU:2022-05702",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2022-05702",
"Impact": "High",
"Public": "20201029"
},
{
"ID": "BDU:2024-02540",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"CWE": "CWE-352",
"Href": "https://bdu.fstec.ru/vul/2024-02540",
"Impact": "Low",
"Public": "20240110"
}
],
"CVEs": [
{
"ID": "CVE-2020-25721",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25721",
"Impact": "High",
"Public": "20220316"
},
{
"ID": "CVE-2023-5455",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"CWE": "CWE-352",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-5455",
"Impact": "Low",
"Public": "20240110"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414741001",
"Comment": "freeipa-client is earlier than 0:4.8.9-alt4.c9f2.8"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414741002",
"Comment": "freeipa-client-automount is earlier than 0:4.8.9-alt4.c9f2.8"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414741003",
"Comment": "freeipa-client-common is earlier than 0:4.8.9-alt4.c9f2.8"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414741004",
"Comment": "freeipa-client-epn is earlier than 0:4.8.9-alt4.c9f2.8"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414741005",
"Comment": "freeipa-client-samba is earlier than 0:4.8.9-alt4.c9f2.8"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414741006",
"Comment": "freeipa-common is earlier than 0:4.8.9-alt4.c9f2.8"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414741007",
"Comment": "freeipa-server is earlier than 0:4.8.9-alt4.c9f2.8"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414741008",
"Comment": "freeipa-server-common is earlier than 0:4.8.9-alt4.c9f2.8"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414741009",
"Comment": "freeipa-server-dns is earlier than 0:4.8.9-alt4.c9f2.8"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414741010",
"Comment": "freeipa-server-trust-ad is earlier than 0:4.8.9-alt4.c9f2.8"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414741011",
"Comment": "python3-module-freeipa is earlier than 0:4.8.9-alt4.c9f2.8"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414741012",
"Comment": "python3-module-ipaclient is earlier than 0:4.8.9-alt4.c9f2.8"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414741013",
"Comment": "python3-module-ipaserver is earlier than 0:4.8.9-alt4.c9f2.8"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414741014",
"Comment": "python3-module-ipatests is earlier than 0:4.8.9-alt4.c9f2.8"
}
]
}
]
}
}
]
}

112
oval/c9f2/ALT-PU-2024-14741/objects.json Normal file
View File

@ -0,0 +1,112 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414741001",
"Version": "1",
"Comment": "freeipa-client is installed",
"Name": "freeipa-client"
},
{
"ID": "oval:org.altlinux.errata:obj:202414741002",
"Version": "1",
"Comment": "freeipa-client-automount is installed",
"Name": "freeipa-client-automount"
},
{
"ID": "oval:org.altlinux.errata:obj:202414741003",
"Version": "1",
"Comment": "freeipa-client-common is installed",
"Name": "freeipa-client-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414741004",
"Version": "1",
"Comment": "freeipa-client-epn is installed",
"Name": "freeipa-client-epn"
},
{
"ID": "oval:org.altlinux.errata:obj:202414741005",
"Version": "1",
"Comment": "freeipa-client-samba is installed",
"Name": "freeipa-client-samba"
},
{
"ID": "oval:org.altlinux.errata:obj:202414741006",
"Version": "1",
"Comment": "freeipa-common is installed",
"Name": "freeipa-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414741007",
"Version": "1",
"Comment": "freeipa-server is installed",
"Name": "freeipa-server"
},
{
"ID": "oval:org.altlinux.errata:obj:202414741008",
"Version": "1",
"Comment": "freeipa-server-common is installed",
"Name": "freeipa-server-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414741009",
"Version": "1",
"Comment": "freeipa-server-dns is installed",
"Name": "freeipa-server-dns"
},
{
"ID": "oval:org.altlinux.errata:obj:202414741010",
"Version": "1",
"Comment": "freeipa-server-trust-ad is installed",
"Name": "freeipa-server-trust-ad"
},
{
"ID": "oval:org.altlinux.errata:obj:202414741011",
"Version": "1",
"Comment": "python3-module-freeipa is installed",
"Name": "python3-module-freeipa"
},
{
"ID": "oval:org.altlinux.errata:obj:202414741012",
"Version": "1",
"Comment": "python3-module-ipaclient is installed",
"Name": "python3-module-ipaclient"
},
{
"ID": "oval:org.altlinux.errata:obj:202414741013",
"Version": "1",
"Comment": "python3-module-ipaserver is installed",
"Name": "python3-module-ipaserver"
},
{
"ID": "oval:org.altlinux.errata:obj:202414741014",
"Version": "1",
"Comment": "python3-module-ipatests is installed",
"Name": "python3-module-ipatests"
}
]
}

23
oval/c9f2/ALT-PU-2024-14741/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414741001",
"Version": "1",
"Comment": "package EVR is earlier than 0:4.8.9-alt4.c9f2.8",
"Arch": {},
"EVR": {
"Text": "0:4.8.9-alt4.c9f2.8",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

186
oval/c9f2/ALT-PU-2024-14741/tests.json Normal file
View File

@ -0,0 +1,186 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414741001",
"Version": "1",
"Check": "all",
"Comment": "freeipa-client is earlier than 0:4.8.9-alt4.c9f2.8",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414741001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414741001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414741002",
"Version": "1",
"Check": "all",
"Comment": "freeipa-client-automount is earlier than 0:4.8.9-alt4.c9f2.8",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414741002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414741001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414741003",
"Version": "1",
"Check": "all",
"Comment": "freeipa-client-common is earlier than 0:4.8.9-alt4.c9f2.8",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414741003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414741001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414741004",
"Version": "1",
"Check": "all",
"Comment": "freeipa-client-epn is earlier than 0:4.8.9-alt4.c9f2.8",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414741004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414741001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414741005",
"Version": "1",
"Check": "all",
"Comment": "freeipa-client-samba is earlier than 0:4.8.9-alt4.c9f2.8",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414741005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414741001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414741006",
"Version": "1",
"Check": "all",
"Comment": "freeipa-common is earlier than 0:4.8.9-alt4.c9f2.8",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414741006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414741001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414741007",
"Version": "1",
"Check": "all",
"Comment": "freeipa-server is earlier than 0:4.8.9-alt4.c9f2.8",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414741007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414741001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414741008",
"Version": "1",
"Check": "all",
"Comment": "freeipa-server-common is earlier than 0:4.8.9-alt4.c9f2.8",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414741008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414741001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414741009",
"Version": "1",
"Check": "all",
"Comment": "freeipa-server-dns is earlier than 0:4.8.9-alt4.c9f2.8",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414741009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414741001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414741010",
"Version": "1",
"Check": "all",
"Comment": "freeipa-server-trust-ad is earlier than 0:4.8.9-alt4.c9f2.8",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414741010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414741001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414741011",
"Version": "1",
"Check": "all",
"Comment": "python3-module-freeipa is earlier than 0:4.8.9-alt4.c9f2.8",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414741011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414741001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414741012",
"Version": "1",
"Check": "all",
"Comment": "python3-module-ipaclient is earlier than 0:4.8.9-alt4.c9f2.8",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414741012"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414741001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414741013",
"Version": "1",
"Check": "all",
"Comment": "python3-module-ipaserver is earlier than 0:4.8.9-alt4.c9f2.8",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414741013"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414741001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414741014",
"Version": "1",
"Check": "all",
"Comment": "python3-module-ipatests is earlier than 0:4.8.9-alt4.c9f2.8",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414741014"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414741001"
}
}
]
}

192
oval/c9f2/ALT-PU-2024-15569/definitions.json Normal file
View File

@ -0,0 +1,192 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415569",
"Version": "oval:org.altlinux.errata:def:202415569",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15569: package `nbd` update to version 3.25-alt3",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15569",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15569",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-01947",
"RefURL": "https://bdu.fstec.ru/vul/2015-01947",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01639",
"RefURL": "https://bdu.fstec.ru/vul/2022-01639",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01643",
"RefURL": "https://bdu.fstec.ru/vul/2022-01643",
"Source": "BDU"
},
{
"RefID": "CVE-2013-6410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6410",
"Source": "CVE"
},
{
"RefID": "CVE-2013-7441",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-7441",
"Source": "CVE"
},
{
"RefID": "CVE-2015-0847",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-0847",
"Source": "CVE"
},
{
"RefID": "CVE-2022-26495",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-26495",
"Source": "CVE"
},
{
"RefID": "CVE-2022-26496",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-26496",
"Source": "CVE"
}
],
"Description": "This update upgrades nbd to version 3.25-alt3. \nSecurity Fix(es):\n\n * BDU:2015-01947: Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2022-01639: Уязвимость реализации сетевых блочных устройств nbd, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01643: Уязвимость реализации сетевых блочных устройств nbd, связанная с переполнением буфера в стека, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2013-6410: nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.\n\n * CVE-2013-7441: The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export.\n\n * CVE-2015-0847: nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors.\n\n * CVE-2022-26495: In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.\n\n * CVE-2022-26496: In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.\n\n * #49344: Не стартует nbd-server с помощью systemd",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-15"
},
"Updated": {
"Date": "2024-11-15"
},
"BDUs": [
{
"ID": "BDU:2015-01947",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2015-01947",
"Impact": "High",
"Public": "20131207"
},
{
"ID": "BDU:2022-01639",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-01639",
"Impact": "Critical",
"Public": "20220322"
},
{
"ID": "BDU:2022-01643",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-121",
"Href": "https://bdu.fstec.ru/vul/2022-01643",
"Impact": "Critical",
"Public": "20220322"
}
],
"CVEs": [
{
"ID": "CVE-2013-6410",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6410",
"Impact": "High",
"Public": "20131207"
},
{
"ID": "CVE-2013-7441",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-7441",
"Impact": "High",
"Public": "20150529"
},
{
"ID": "CVE-2015-0847",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CWE": "CWE-17",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-0847",
"Impact": "High",
"Public": "20150529"
},
{
"ID": "CVE-2022-26495",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-26495",
"Impact": "Critical",
"Public": "20220306"
},
{
"ID": "CVE-2022-26496",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-26496",
"Impact": "Critical",
"Public": "20220306"
}
],
"Bugzilla": [
{
"ID": "49344",
"Href": "https://bugzilla.altlinux.org/49344",
"Data": "Не стартует nbd-server с помощью systemd"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415569001",
"Comment": "nbd-client is earlier than 0:3.25-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415569002",
"Comment": "nbd-server is earlier than 0:3.25-alt3"
}
]
}
]
}
}
]
}

40
oval/c9f2/ALT-PU-2024-15569/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415569001",
"Version": "1",
"Comment": "nbd-client is installed",
"Name": "nbd-client"
},
{
"ID": "oval:org.altlinux.errata:obj:202415569002",
"Version": "1",
"Comment": "nbd-server is installed",
"Name": "nbd-server"
}
]
}

23
oval/c9f2/ALT-PU-2024-15569/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415569001",
"Version": "1",
"Comment": "package EVR is earlier than 0:3.25-alt3",
"Arch": {},
"EVR": {
"Text": "0:3.25-alt3",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/c9f2/ALT-PU-2024-15569/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415569001",
"Version": "1",
"Check": "all",
"Comment": "nbd-client is earlier than 0:3.25-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415569001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415569001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415569002",
"Version": "1",
"Check": "all",
"Comment": "nbd-server is earlier than 0:3.25-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415569002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415569001"
}
}
]
}

101
oval/p10/ALT-PU-2024-15198/definitions.json Normal file
View File

@ -0,0 +1,101 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415198",
"Version": "oval:org.altlinux.errata:def:202415198",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15198: package `plasma5-kscreen` update to version 5.27.11-alt3",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15198",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15198",
"Source": "ALTPU"
}
],
"Description": "This update upgrades plasma5-kscreen to version 5.27.11-alt3. \nSecurity Fix(es):\n\n * #45247: Некорректное отображение виджета \"Настройка экранов\"",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-15"
},
"Updated": {
"Date": "2024-11-15"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "45247",
"Href": "https://bugzilla.altlinux.org/45247",
"Data": "Некорректное отображение виджета \"Настройка экранов\""
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415198001",
"Comment": "plasma5-kscreen is earlier than 1:5.27.11-alt3"
}
]
}
]
}
}
]
}

34
oval/p10/ALT-PU-2024-15198/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415198001",
"Version": "1",
"Comment": "plasma5-kscreen is installed",
"Name": "plasma5-kscreen"
}
]
}

23
oval/p10/ALT-PU-2024-15198/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415198001",
"Version": "1",
"Comment": "package EVR is earlier than 1:5.27.11-alt3",
"Arch": {},
"EVR": {
"Text": "1:5.27.11-alt3",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p10/ALT-PU-2024-15198/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415198001",
"Version": "1",
"Check": "all",
"Comment": "plasma5-kscreen is earlier than 1:5.27.11-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415198001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415198001"
}
}
]
}

101
oval/p10/ALT-PU-2024-15485/definitions.json Normal file
View File

@ -0,0 +1,101 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415485",
"Version": "oval:org.altlinux.errata:def:202415485",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15485: package `krb5-ticket-watcher` update to version 1.0.3-alt30",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15485",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15485",
"Source": "ALTPU"
}
],
"Description": "This update upgrades krb5-ticket-watcher to version 1.0.3-alt30. \nSecurity Fix(es):\n\n * #52014: Лишние символы при неудачной смене пароля",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-15"
},
"Updated": {
"Date": "2024-11-15"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "52014",
"Href": "https://bugzilla.altlinux.org/52014",
"Data": "Лишние символы при неудачной смене пароля"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415485001",
"Comment": "krb5-ticket-watcher is earlier than 0:1.0.3-alt30"
}
]
}
]
}
}
]
}

34
oval/p10/ALT-PU-2024-15485/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415485001",
"Version": "1",
"Comment": "krb5-ticket-watcher is installed",
"Name": "krb5-ticket-watcher"
}
]
}

23
oval/p10/ALT-PU-2024-15485/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415485001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.0.3-alt30",
"Arch": {},
"EVR": {
"Text": "0:1.0.3-alt30",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p10/ALT-PU-2024-15485/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415485001",
"Version": "1",
"Check": "all",
"Comment": "krb5-ticket-watcher is earlier than 0:1.0.3-alt30",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415485001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415485001"
}
}
]
}

101
oval/p10/ALT-PU-2024-15671/definitions.json Normal file
View File

@ -0,0 +1,101 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415671",
"Version": "oval:org.altlinux.errata:def:202415671",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15671: package `1c-preinstall` update to version 8.3-alt20",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15671",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15671",
"Source": "ALTPU"
}
],
"Description": "This update upgrades 1c-preinstall to version 8.3-alt20. \nSecurity Fix(es):\n\n * #52026: Костыль уменьшил всем шрифты",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-15"
},
"Updated": {
"Date": "2024-11-15"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "52026",
"Href": "https://bugzilla.altlinux.org/52026",
"Data": "Костыль уменьшил всем шрифты"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415671001",
"Comment": "1c-preinstall is earlier than 0:8.3-alt20"
}
]
}
]
}
}
]
}

34
oval/p10/ALT-PU-2024-15671/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415671001",
"Version": "1",
"Comment": "1c-preinstall is installed",
"Name": "1c-preinstall"
}
]
}

23
oval/p10/ALT-PU-2024-15671/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415671001",
"Version": "1",
"Comment": "package EVR is earlier than 0:8.3-alt20",
"Arch": {},
"EVR": {
"Text": "0:8.3-alt20",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p10/ALT-PU-2024-15671/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415671001",
"Version": "1",
"Check": "all",
"Comment": "1c-preinstall is earlier than 0:8.3-alt20",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415671001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415671001"
}
}
]
}

8
oval/p10/ALT-PU-2024-9452/definitions.json
View File

@ -60,7 +60,7 @@
"Source": "CVE"
}
],
"Description": "This update upgrades qemu to version 8.2.4-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2024-03304: Уязвимость эмулятора аппаратного обеспечения QEMU, связанная с ошибкой повторного освобождения памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-03819: Уязвимость функции sdhci_write_dataport эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-04887: Уязвимость функции update_sctp_checksum() эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2024-3446: A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.\n\n * CVE-2024-3447: description unavailable\n\n * CVE-2024-3567: A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.",
"Description": "This update upgrades qemu to version 8.2.4-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2024-03304: Уязвимость эмулятора аппаратного обеспечения QEMU, связанная с ошибкой повторного освобождения памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-03819: Уязвимость функции sdhci_write_dataport эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-04887: Уязвимость функции update_sctp_checksum() эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2024-3446: A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.\n\n * CVE-2024-3447: A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s-\u003edata_count` and the size of `s-\u003efifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.\n\n * CVE-2024-3567: A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
@ -108,6 +108,12 @@
"Impact": "None",
"Public": "20240409"
},
{
"ID": "CVE-2024-3447",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3447",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-3567",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",