From a720440fa65c53dab7dbda5c980df1f4bb05711d Mon Sep 17 00:00:00 2001 From: pepelyaevip Date: Mon, 26 Aug 2024 03:04:46 +0000 Subject: [PATCH] ALT Vulnerability --- oval/p9/ALT-PU-2024-11466/definitions.json | 151 +++++++++++++++++++++ oval/p9/ALT-PU-2024-11466/objects.json | 64 +++++++++ oval/p9/ALT-PU-2024-11466/states.json | 23 ++++ oval/p9/ALT-PU-2024-11466/tests.json | 90 ++++++++++++ 4 files changed, 328 insertions(+) create mode 100644 oval/p9/ALT-PU-2024-11466/definitions.json create mode 100644 oval/p9/ALT-PU-2024-11466/objects.json create mode 100644 oval/p9/ALT-PU-2024-11466/states.json create mode 100644 oval/p9/ALT-PU-2024-11466/tests.json diff --git a/oval/p9/ALT-PU-2024-11466/definitions.json b/oval/p9/ALT-PU-2024-11466/definitions.json new file mode 100644 index 0000000000..096ebd7744 --- /dev/null +++ b/oval/p9/ALT-PU-2024-11466/definitions.json @@ -0,0 +1,151 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202411466", + "Version": "oval:org.altlinux.errata:def:202411466", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-11466: package `389-ds-base` update to version 1.4.1.18-alt5.p9.1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p9" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-11466", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-11466", + "Source": "ALTPU" + }, + { + "RefID": "CVE-2024-2199", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-2199", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-3657", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3657", + "Source": "CVE" + }, + { + "RefID": "CVE-2024-5953", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5953", + "Source": "CVE" + } + ], + "Description": "This update upgrades 389-ds-base to version 1.4.1.18-alt5.p9.1. \nSecurity Fix(es):\n\n * CVE-2024-2199: A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.\n\n * CVE-2024-3657: A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service\n\n * CVE-2024-5953: A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-08-25" + }, + "Updated": { + "Date": "2024-08-25" + }, + "BDUs": null, + "CVEs": [ + { + "ID": "CVE-2024-2199", + "CWE": "CWE-20", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-2199", + "Impact": "None", + "Public": "20240528" + }, + { + "ID": "CVE-2024-3657", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3657", + "Impact": "None", + "Public": "20240528" + }, + { + "ID": "CVE-2024-5953", + "CWE": "CWE-1288", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5953", + "Impact": "None", + "Public": "20240618" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:9", + "cpe:/o:alt:workstation:9", + "cpe:/o:alt:server:9", + "cpe:/o:alt:server-v:9", + "cpe:/o:alt:education:9", + "cpe:/o:alt:slinux:9", + "cpe:/o:alt:starterkit:p9", + "cpe:/o:alt:kworkstation:9.1", + "cpe:/o:alt:workstation:9.1", + "cpe:/o:alt:server:9.1", + "cpe:/o:alt:server-v:9.1", + "cpe:/o:alt:education:9.1", + "cpe:/o:alt:slinux:9.1", + "cpe:/o:alt:starterkit:9.1", + "cpe:/o:alt:kworkstation:9.2", + "cpe:/o:alt:workstation:9.2", + "cpe:/o:alt:server:9.2", + "cpe:/o:alt:server-v:9.2", + "cpe:/o:alt:education:9.2", + "cpe:/o:alt:slinux:9.2", + "cpe:/o:alt:starterkit:9.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:1001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202411466001", + "Comment": "389-ds-base is earlier than 0:1.4.1.18-alt5.p9.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411466002", + "Comment": "389-ds-base-devel is earlier than 0:1.4.1.18-alt5.p9.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411466003", + "Comment": "389-ds-base-legacy-tools is earlier than 0:1.4.1.18-alt5.p9.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411466004", + "Comment": "389-ds-base-libs is earlier than 0:1.4.1.18-alt5.p9.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411466005", + "Comment": "cockpit-389-ds is earlier than 0:1.4.1.18-alt5.p9.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202411466006", + "Comment": "python3-module-lib389 is earlier than 0:1.4.1.18-alt5.p9.1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p9/ALT-PU-2024-11466/objects.json b/oval/p9/ALT-PU-2024-11466/objects.json new file mode 100644 index 0000000000..9835f92f24 --- /dev/null +++ b/oval/p9/ALT-PU-2024-11466/objects.json @@ -0,0 +1,64 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:1001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202411466001", + "Version": "1", + "Comment": "389-ds-base is installed", + "Name": "389-ds-base" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411466002", + "Version": "1", + "Comment": "389-ds-base-devel is installed", + "Name": "389-ds-base-devel" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411466003", + "Version": "1", + "Comment": "389-ds-base-legacy-tools is installed", + "Name": "389-ds-base-legacy-tools" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411466004", + "Version": "1", + "Comment": "389-ds-base-libs is installed", + "Name": "389-ds-base-libs" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411466005", + "Version": "1", + "Comment": "cockpit-389-ds is installed", + "Name": "cockpit-389-ds" + }, + { + "ID": "oval:org.altlinux.errata:obj:202411466006", + "Version": "1", + "Comment": "python3-module-lib389 is installed", + "Name": "python3-module-lib389" + } + ] +} \ No newline at end of file diff --git a/oval/p9/ALT-PU-2024-11466/states.json b/oval/p9/ALT-PU-2024-11466/states.json new file mode 100644 index 0000000000..8f8d500225 --- /dev/null +++ b/oval/p9/ALT-PU-2024-11466/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:1001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202411466001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.4.1.18-alt5.p9.1", + "Arch": {}, + "EVR": { + "Text": "0:1.4.1.18-alt5.p9.1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p9/ALT-PU-2024-11466/tests.json b/oval/p9/ALT-PU-2024-11466/tests.json new file mode 100644 index 0000000000..56e186cc27 --- /dev/null +++ b/oval/p9/ALT-PU-2024-11466/tests.json @@ -0,0 +1,90 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:1001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p9' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:1001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:1001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202411466001", + "Version": "1", + "Check": "all", + "Comment": "389-ds-base is earlier than 0:1.4.1.18-alt5.p9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411466001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411466001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411466002", + "Version": "1", + "Check": "all", + "Comment": "389-ds-base-devel is earlier than 0:1.4.1.18-alt5.p9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411466002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411466001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411466003", + "Version": "1", + "Check": "all", + "Comment": "389-ds-base-legacy-tools is earlier than 0:1.4.1.18-alt5.p9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411466003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411466001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411466004", + "Version": "1", + "Check": "all", + "Comment": "389-ds-base-libs is earlier than 0:1.4.1.18-alt5.p9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411466004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411466001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411466005", + "Version": "1", + "Check": "all", + "Comment": "cockpit-389-ds is earlier than 0:1.4.1.18-alt5.p9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411466005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411466001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202411466006", + "Version": "1", + "Check": "all", + "Comment": "python3-module-lib389 is earlier than 0:1.4.1.18-alt5.p9.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202411466006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202411466001" + } + } + ] +} \ No newline at end of file